- May 30, 2016
-
-
Connor Shea authored
attr_encrypted (1.3.4 => 3.0.1) Changelog: https://github.com/attr-encrypted/attr_encrypted/blob/master/CHANGELOG.m d attr_encrypted 2.x included a vulnerability, so that major version is skipped. 3.x requires that the algorithm and mode used by each encrypted attribute is specified explicitly. `nil` is no longer a valid value for the encrypted_value_iv field, so it’s changed to a randomly generated string.
-
Connor Shea authored
Devise (3.5.4 => 4.1.1) Changelog: https://github.com/plataformatec/devise/blob/master/CHANGELOG.md devise-two-factor (2.0.1 => 3.0.0) Changelog: https://github.com/tinfoil/devise-two-factor/blob/master/CHANGELOG.md These are reliant on each other, so they have to be upgraded together. devise-async is no longer necessary as Devise 4.1 fixes a bug with the ActiveJob integration.
-
- May 20, 2016
-
-
Felipe Artur authored
-
- May 19, 2016
-
-
Stan Hu authored
This reverts merge request !3647
-
- May 18, 2016
-
-
Rémy Coutable authored
These methods seems to be unused. Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Felipe Artur authored
-
Felipe Artur authored
-
Felipe Artur authored
-
- May 16, 2016
-
-
Felipe Artur authored
-
Felipe Artur authored
-
Felipe Artur authored
-
- May 11, 2016
-
-
Sean McGivern authored
-
- May 10, 2016
-
-
Sean McGivern authored
`User#starred_projects` doesn't perform any visibility checks. This has a couple of problems: 1. It assumes a user can always view all of their starred projects in perpetuity (project not changed to private, access revoked, etc.). 2. It assumes that we'll only ever allow a user to star a project they can view. This is currently the case, but bugs happen. Add `User#viewable_starred_projects` to filter the starred projects by those the user either has explicit access to, or are public or internal. Then use that in all places where we list the user's starred projects.
-
- May 09, 2016
-
-
Jeroen van Baarsen authored
In 8278b763 the default behaviour of annotation has changes, which was causing a lot of noise in diffs. We decided in #17382 that it is better to get rid of the whole annotate gem, and instead let people look at schema.rb for the columns in a table. Fixes: #17382
-
- May 06, 2016
-
-
Zeger-Jan van de Weg authored
-
- May 04, 2016
-
-
Jakub Jirutka authored
Variable `Gitlab::Application.config.secret_key_base` is set in config/initializers/secret_token.rb. It's very bad practice to use hard-coded paths inside an application and really unnecessary in this case.
-
- May 03, 2016
-
-
Connor Shea authored
This reverts commit 1cc614f2. It was causing the ActiveJob integration to fail, so unfortunately we'll have to add the gem again.
-
- Apr 26, 2016
-
-
Connor Shea authored
The extra gem isn’t necessary anymore since Rails 4.2 has ActiveJob integration. Resolves #15575.
-
- Apr 19, 2016
-
-
Rémy Coutable authored
Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- Apr 18, 2016
-
-
Felipe Artur authored
-
Felipe Artur authored
-
- Apr 11, 2016
-
-
P.S.V.R authored
send_devise_notification pre-maturely enqueued the task when the user instance has not yet been committed into the database, causing a record-not-found in the other sidekiq process. devise-async has already been taking care of asynchronous mail sending, we just need to run it inside queue `mailers` instead of `mailer` to enable it.
-
- Apr 08, 2016
-
-
Douglas Barbosa Alexandre authored
-
- Mar 31, 2016
-
-
Zeger-Jan van de Weg authored
-
- Mar 30, 2016
-
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
Dmitriy Zaporozhets authored
* visiting project will create notification setting if missing * change notification setting per project even without membership * use notification settings instead of membership on profile page Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
- Mar 24, 2016
-
-
Elias Werberich authored
Fixes #14585.
-
- Mar 19, 2016
-
-
Zeger-Jan van de Weg authored
-
Zeger-Jan van de Weg authored
-
- Mar 17, 2016
-
-
Grzegorz Bizon authored
This also refactores ProjectSelect adding some decorator-like functions.
-
- Mar 15, 2016
-
-
Rémy Coutable authored
This reverts commit 01160fc0, reversing changes made to 4bff9daf.
-
- Mar 13, 2016
-
-
Zeger-Jan van de Weg authored
Also incorporates the review into this, mainly spec changes.
-
Zeger-Jan van de Weg authored
The user has the rights of a public user execpt it can never create a project, group, or team. Also it cant view internal projects.
-
- Mar 12, 2016
-
-
Yorick Peterse authored
GitLab EE adds an extra relation that selects a "project_id" column instead of an "id" column, making it very hard for this method to be re-used in EE. Since using User#authorized_groups in ProjectsFinder#all_groups apparently has no performance impact we can just use it and keep everything compatible with EE.
-
- Mar 11, 2016
-
-
Yorick Peterse authored
We can just use "arel_table" in these cases instead of "SomeClass.arel_table".
-
Yorick Peterse authored
We don't need the extra layer of nesting of UNION queries here (as User#authorized_projects already returns a UNION'd query).
-
Yorick Peterse authored
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
- Mar 10, 2016
-
-
Jacob Vosmaer authored
-