delta/gitlab/gitlab-ce.git/lib/api, branch api-version

API: Version information

2016-10-12T14:47:35+00:00

Merge branch 'user-events-api' into 'master'

2016-10-12T11:33:19+00:00


API: New /users/:id/events endpoint

## What does this MR do?

If add a new `/users/:id/events` endpoint to retrieve a user's contribution events. The events returned are filtered so that only the events for projects that the current user can see are returned (similarly to what we do at the controller level).

## Why was this MR needed?

Because it's a nice feature to calculate leaderboards, for instance for #17815.

## What are the relevant issue numbers?

Closes #20866.

See merge request !6771

Merge branch 'api-fix-project-group-sharing' into 'security'

2016-10-11T18:36:26+00:00

API: Share projects only with groups current_user can access

Aims to address the issues here: https://gitlab.com/gitlab-org/gitlab-ce/issues/23004

* Projects can be shared with non-existent groups
* Projects can be shared with groups that the current user does not have access to read

Concerns:

The new implementation of the API endpoint allows projects to be shared with a larger range of groups than can be done via the web UI.

The form for sharing a project with a group uses the following API endpoint to index the available groups: https://gitlab.com/gitlab-org/gitlab-ce/blob/494269fc92f61098ee6bd635a0426129ce2c5456/lib/api/groups.rb#L17. The groups indexed in the web form will only be those groups that the user is currently a member of.

The new implementation allows projects to be shared with any group that the authenticated user has access to view. This widens the range of groups to those that are public and internal.

See merge request !2005

Signed-off-by: Rémy Coutable

Replace undefined Grape routing code from 400 to 404

2016-10-10T13:32:32+00:00

Signed-off-by: Dmitriy Zaporozhets

Catch any undefined API routing and return 400 Bad Request

2016-10-10T13:32:32+00:00

Signed-off-by: Dmitriy Zaporozhets

API: New /users/:id/events endpoint

2016-10-10T11:35:53+00:00

Signed-off-by: Rémy Coutable

Merge branch 'memoize_shell_secret_token' into 'master'

2016-10-07T10:35:03+00:00


Memoize Github::Shell's secret token

## What does this MR do?

`API::Helpers#secret_token` was reading the secret file on every invocation. This MR reads the file in the `gitlab_shell_secret_token.rb` initializer and saves it as a class variable at `Gitlab::Shell.secret_token`

## Are there points in the code the reviewer needs to double check?

 - I'm not sure if the use of `cattr_accessor` is the best approach, or if should be moved into the `class << self` block?
 - Should `API::Helpers#secret_token` be removed in favor of using `Gitlab::Shell.secret_token`?

## Why was this MR needed?

Performance optimization.

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/22510

See merge request !6599

Merge branch 'ben.boeckel/gitlab-ce-api-visible-projects' into 'master'

2016-10-07T09:54:44+00:00


Add visible projects API

## What does this MR do?

Add a new `/projects/visible` API endpoint. Originally created by @ben.boeckel in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5970.

## Are there points in the code the reviewer needs to double check?

Does the API make sense?

## Why was this MR needed?

The `/projects` endpoint only returned projects the user was explicitly a member of.

Closes #19361, #3119.

See merge request !6681

Load Github::Shell's secret token from file on initialization instead of every request.

2016-10-06T15:22:37+00:00

Switch from request to env in ::API::Helpers

2016-10-06T14:07:25+00:00

Per https://gitlab.com/gitlab-org/gitlab-ce/issues/22820, this helper is mixed
in to classes that lack a `request` method. They do include `env`, so use it
instead.