delta/gitlab/gitlab-ce.git/app/controllers/projects/todos_controller.rb, branch replace_explore_projects.feature gitlab.com: gitlab-org/gitlab-ce.git Merge branch 'jej-23867-use-mr-finder-instead-of-access-check' into 'security' 2016-12-09T00:42:07+00:00 Douwe Maan douwe@gitlab.com 2016-11-29T13:47:43+00:00 f23b1cb453deea2659c0cb9e9047c72d859bbf9d Replace MR access checks with use of MergeRequestsFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 :warning: - Potentially untested :bomb: - No test coverage :traffic_light: - Test coverage of some sort exists (a test failed when error raised) :vertical_traffic_light: - Test coverage of return value (a test failed when nil used) :white_check_mark: - Permissions check tested - [x] :bomb: app/finders/notes_finder.rb:17 - [x] :warning: app/views/layouts/nav/_project.html.haml:80 [`.count`] - [x] :bomb: app/controllers/concerns/creates_commit.rb:84 - [x] :traffic_light: app/controllers/projects/commits_controller.rb:24 - [x] :traffic_light: app/controllers/projects/compare_controller.rb:56 - [x] :vertical_traffic_light: app/controllers/projects/discussions_controller.rb:29 - [x] :white_check_mark: app/controllers/projects/todos_controller.rb:27 - [x] :vertical_traffic_light: app/models/commit.rb:268 - [x] :white_check_mark: lib/gitlab/search_results.rb:71 - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_267_266 Memoize ` merged_merge_request(current_user)` - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_248_247 Expected side effect for `merged_merge_request!`, consider `skip_authorization: true`. - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_269_269 Scary use of unchecked `merged_merge_request?` See merge request !2033 
Replace MR access checks with use of MergeRequestsFinder

Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867

:warning: - Potentially untested
:bomb: - No test coverage
:traffic_light: - Test coverage of some sort exists (a test failed when error raised)
:vertical_traffic_light: - Test coverage of return value (a test failed when nil used)
:white_check_mark: - Permissions check tested

- [x] :bomb:  app/finders/notes_finder.rb:17
- [x] :warning:  app/views/layouts/nav/_project.html.haml:80 [`.count`]
- [x] :bomb:  app/controllers/concerns/creates_commit.rb:84
- [x] :traffic_light:  app/controllers/projects/commits_controller.rb:24
- [x] :traffic_light:  app/controllers/projects/compare_controller.rb:56
- [x] :vertical_traffic_light:  app/controllers/projects/discussions_controller.rb:29
- [x] :white_check_mark:  app/controllers/projects/todos_controller.rb:27
- [x] :vertical_traffic_light:  app/models/commit.rb:268
- [x] :white_check_mark: lib/gitlab/search_results.rb:71

- [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_267_266 Memoize ` merged_merge_request(current_user)`
- [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_248_247 Expected side effect for `merged_merge_request!`, consider `skip_authorization: true`.
- [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_269_269 Scary use  of unchecked `merged_merge_request?`

See merge request !2033
Merge branch 'jej-fix-missing-access-check-on-issues' into 'security' 2016-11-29T00:25:46+00:00 Douwe Maan douwe@gitlab.com 2016-11-18T13:51:52+00:00 6d37fe952b5679d7586eaa569d0488dbb92032fe Fix missing access checks on issue lookup using IssuableFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 :warning: - Potentially untested :bomb: - No test coverage :traffic_light: - Test coverage of some sort exists (a test failed when error raised) :vertical_traffic_light: - Test coverage of return value (a test failed when nil used) :white_check_mark: - Permissions check tested - [x] :white_check_mark: app/controllers/projects/branches_controller.rb:39 - `before_action :authorize_push_code!` helpes limit/prevent exploitation. Always checks for reporter access so fine with confidential issues, issues only visible to team, etc. - [x] :traffic_light: app/models/cycle_analytics/summary.rb:9 [`.count`] - [x] :white_check_mark: app/controllers/projects/todos_controller.rb:19 - [x] Potential double render in app/controllers/projects/todos_controller.rb - https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#cedccb227af9bfdf88802767cb58d43c2b977439_24_24 See merge request !2030 
Fix missing access checks on issue lookup using IssuableFinder

Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867

:warning: - Potentially untested
:bomb: - No test coverage
:traffic_light: - Test coverage of some sort exists (a test failed when error raised)
:vertical_traffic_light: - Test coverage of return value (a test failed when nil used)
:white_check_mark: - Permissions check tested

- [x] :white_check_mark: app/controllers/projects/branches_controller.rb:39
  - `before_action :authorize_push_code!` helpes limit/prevent exploitation. Always checks for reporter access so fine with
    confidential issues, issues only visible to team, etc.
- [x] :traffic_light: app/models/cycle_analytics/summary.rb:9 [`.count`]
- [x] :white_check_mark: app/controllers/projects/todos_controller.rb:19

- [x] Potential double render in app/controllers/projects/todos_controller.rb

- https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#cedccb227af9bfdf88802767cb58d43c2b977439_24_24

See merge request !2030
Cache todos pending/done dashboard query counts 2016-07-12T16:57:52+00:00 Paco Guzman pacoguzmanp@gmail.com 2016-07-11T06:10:04+00:00 244134f9c33dea0003dc2403dceace4b94a87d2e 






Merge branch 'issuable-todo-improvements'
2016-06-17T22:42:36+00:00

Douwe Maan
douwe@selenight.nl

2016-06-17T22:42:36+00:00

b218e82b5c8dca6bdf84e160f47145fdc458a40c

# Conflicts:
#	app/controllers/projects/todos_controller.rb





# Conflicts:
#	app/controllers/projects/todos_controller.rb







Cache todo counters (pending/done)
2016-06-17T17:04:36+00:00

Paco Guzman
pacoguzmanp@gmail.com

2016-06-02T13:46:58+00:00

f6bfa46daae3a00ca6f74abb6e6eddc9eac96197

- As todos are created/updated inside the TodoService
we repopulate the cache just there for both pending/done todos
- Todos as mark as done from the TodosController we update cache
there too
- All the added methods are kept in the User class for cohesion




- As todos are created/updated inside the TodoService
we repopulate the cache just there for both pending/done todos
- Todos as mark as done from the TodosController we update cache
there too
- All the added methods are kept in the User class for cohesion






Removed todo from JSON response
2016-06-17T08:17:09+00:00

Phil Hughes
me@iamphill.com

2016-06-17T08:17:09+00:00

851a08836591c35a1442c23d9fcad91e505b1c3f

Frontend doesnt use it





Frontend doesnt use it







Correctly checks if user is logged in when adding todo
2016-06-17T08:06:00+00:00

Phil Hughes
me@iamphill.com

2016-06-17T08:06:00+00:00

b56965c5bb6a92b7bf4a7158c5f9555b7c1a9e2b












Improved manual todos
2016-06-17T08:01:03+00:00

Phil Hughes
me@iamphill.com

2016-06-17T08:01:03+00:00

85fab13ebaf10982c0957daca0afd1ea145e64df

Based on feedback from !4502





Based on feedback from !4502







Returns created todos to control rather than re-query
2016-06-14T07:36:07+00:00

Phil Hughes
me@iamphill.com

2016-06-09T15:12:59+00:00

16970d07e84f5967eccd928c9f9d9d7b027e91ac












Uses update URL to update the status of a todo
2016-06-14T07:36:07+00:00

Phil Hughes
me@iamphill.com

2016-06-09T07:50:18+00:00

330e91368195e182cbfa9b41a1d5304f67d07334