1. 07 Mar, 2017 1 commit
  2. 24 Feb, 2017 1 commit
    • Timothy Andrew's avatar
      Don't allow deleting a ghost user. · 6fdb17cb
      Timothy Andrew authored
      - Add a `destroy_user` ability. This didn't exist before, and was implicit in
        other abilities (only admins could access the admin area, so only they could
        destroy all users; a user can only access their own account page, and so can
        destroy only themselves).
      
      - Grant this ability to admins, and when the current user is trying to destroy
        themselves. Disallow destroying ghost users in all cases.
      
      - Modify the `Users::DestroyService` to check this ability. Also check it in
        views to decide whether or not to show the "Delete User" button.
      
      - Add a short summary of the Ghost User to the bio.
      6fdb17cb
  3. 23 Feb, 2017 2 commits
  4. 07 Feb, 2017 1 commit
  5. 23 Jan, 2017 1 commit
  6. 18 Jan, 2017 2 commits
  7. 26 Dec, 2016 1 commit
  8. 15 Dec, 2016 1 commit
  9. 04 Dec, 2016 2 commits
  10. 30 Nov, 2016 1 commit
  11. 07 Nov, 2016 1 commit
  12. 01 Nov, 2016 1 commit
  13. 28 Oct, 2016 2 commits
    • Sean McGivern's avatar
      Add specs for a user from a group link · af6cf695
      Sean McGivern authored
      af6cf695
    • Sean McGivern's avatar
      Fix project member access for group links · db9979bc
      Sean McGivern authored
      `ProjectTeam#find_member` doesn't take group links into account. It was
      used in two places:
      
      1. An admin view - it can stay here.
      2. `ProjectTeam#member?`, which is often used to decide if a user has
         access to view something.
      
      This second part broke confidential issues viewing. `IssuesFinder` ends
      up delegating to `Project#authorized_for_user?`, which does consider
      group links, so users with access to the project via a group link could
      see confidential issues on the index page. However, `IssuesPolicy` used
      `ProjectTeam#member?`, so the same user couldn't view the issue when
      going to it directly.
      db9979bc
  14. 11 Oct, 2016 1 commit
  15. 06 Oct, 2016 1 commit
  16. 20 Sep, 2016 1 commit
  17. 30 Aug, 2016 1 commit