Work towards replacing recursive namespace queries with linear queries.
This commit tracks the path to each namespace, and future work will
replace recursive queries with queries that utilize this new column.

Inspired by project level scoped variables, store an environment
scope for each group variable and use existing matching logic to
select only those that are relevant when passing variables to a
build.

Because the default scope is '*' (all environments) and there is
not yet a way to modify the scope, these changes alone don't
cause a change in behaviour.

https://gitlab.com/gitlab-org/gitlab/-/merge_requests/55256

This change adds validation to check the nature
of parent for Group & Namespace records

Iterations are an EE only feature, but for some reason most of the
iteration model code was in FOSS codebase.

This change considers only distinct user ids
for project authorizations refresh jobs for
group members

This change limits the project authorizations
refresh jobs only to direct members of the group
being shared with.

This commit introduces a new finder to agregate our daily coverage
data at the group level. This is premium feature so all the code
is included in ee.

See #5835

Kev authored 4 years ago and Heinrich Lee Yu committed 4 years ago

This adds the .webp file extension to the list of safe image extensions
in the file type detection. It allows webp-images to be uploaded to
issues and comments which then get embeded as images instead of
attachments (see [gitlab-org/gitlab#296600](3)). It also allows uploading
of designs in the webp format. WebP is supported in all browsers that
GitLab supports except Safari <= macOS 10
(see [caniuse][1], [suppported browsers][2]).

[1]: https://caniuse.com/webp
[2]: https://docs.gitlab.com/ee/install/requirements.html#supported-web-browsers
[3]: https://gitlab.com/gitlab-org/gitlab/-/issues/296600

Because we search for permissioned labels which all have the same
top-level group, we can preset root_ancestor for them before permission
check. This optimization saves us extra query to fetch root ancestor
(called from group policy).

See #5835

Steve Abrams authored 4 years ago and Mayra Cabrera committed 4 years ago

Create dependency_proxy_manifests
Add group associations and fixtures

mksionek authored 4 years ago and Mayra Cabrera committed 4 years ago

Rake task now is tested and described.

Move the dependency proxy feature from
premium to core.

Allow to apply group labels using quick actions
on service desk templates

Aishwarya authored 4 years ago and Bob Van Landuyt :neckbeard: committed 4 years ago

Displays the total number of authorized groups
for individual users in the admin dashboard.

mksionek authored 4 years ago and Peter Leitzen committed 4 years ago

Add specs for new validation

Add validation in group

Add specs for new requires_two_factor_validation

WIP

Update validations for namespace setting

Add namespace settings to groups factory

Add code review remarks

Add cr remarks

Add cr remarks

Add cr remarks

Add validations that respect new allow_mfa_for_subgroups setting

Add specs for new validation

Add validation in group

Add specs for new requires_two_factor_validation

WIP

Update validations for namespace setting

Add serving new namespace setting field

WIP

Add new method to update group service

WIP

Add specs for workers

Add new workers to queues

Fix

Add cr remarks

Add cr remarks

Add cr remarks

Add validations that respect new allow_mfa_for_subgroups setting

Add specs for new validation

Add validation in group

Add specs for new requires_two_factor_validation

WIP

Update validations for namespace setting

Add serving new namespace setting field

WIP

Add specs for workers

Add new workers to queues

Fix

Add specs for workers

Add new workers to queues

Add first methods to views

Add new param to controller

Add changelog entry

Add docs about new setting

Add strings to translations file

Remove unused file

Fix problems with files

Update files that was merged in a wrong way

Add specs for new method

Add cr remarks

Add regenerated string file

Add cr remarks

Add deleting new param

Add cr remarks

Add cr remarks

Add cr remarks

mksionek authored 4 years ago and Nick Thomas committed 4 years ago

Add specs for new validation

Add validation in group

Add specs for new requires_two_factor_validation

WIP

Update validations for namespace setting

Add specs for new validation

Add validation in group

Add specs for new requires_two_factor_validation

WIP

Update validations for namespace setting

Change code and add validations according to code review
Regactor helper methods

This is an important change in the architecture to propagate
integrations. We can now propagate instance-level integrations and
templates using batching and Sidekiq queues.

The problem before is the performance of the worst-case scenario, where
if there are no matching records and the anti-join. With the new
approach, each job in the new queues handles a batch of projects/groups;
rather than having a single job for all of them.

This is what we do right now in the complex case of propagating an
instance-level integration:
- Update inherited integrations,
- Create integration for all projects without integration.
- Create integration for all groups without integration.

BEFORE:

                 Save integration
                        ↓
            ┌┬───────────────────────┬┐
            │| Propagate integration |│
            └┴───────────────────────┴┘
                        ↓
           Update inherited integrations
  Create integration for all projects without integration
  Create integration for all groups without integration

AFTER:

                 Save integration
                        ↓
            ┌┬───────────────────────┬┐
            │| Propagate integration |│
            └┴───────────────────────┴┘
               ↓                   ↓
  ┌┬─────────────────────┬┐ ┌┬───────────────────────┬┐
  │| Propagate to groups |│ │| Propagate to projects |│
  └┴─────────────────────┴┘ └┴───────────────────────┴┘
            Update inherited integrations

...when creating project authorization, instead of adding them as OWNER.

Arturo Herrero authored 4 years ago and Mayra Cabrera committed 4 years ago

After adding the group_id column to the services table
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/38499, we can now
save integrations that belongs to a group
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/39959.

Integrations can inherit the admin integration from the UI selector.
Now, having group-level integration we need to find the right
integration to inherit the values from.

We have to find the closest group integration or instance-level
integration.

mksionek authored 4 years ago and Jan Provaznik committed 4 years ago

From unassigned, in all related files

fix

Add cr remarks

Start with new concept

Update scope per maintainer recommendation

mksionek authored 4 years ago and Jan Provaznik committed 4 years ago

Add validation that differ between tiers

Remove unused method

Remove unassigned groups from user.rb in ce

Fix groups spec

Add unassigned member to specs

Modify specs to new settings

Fix spec for presenter

Fix specs problems

Fix specs

mksionek authored 4 years ago and Jan Provaznik committed 4 years ago

Add comment to mark one line
as proof of concept

Change validation call

Filter limited access users for project members finder

In some finders, we want to limit users to
active ones.

Add specs for creating project authorizations

As we create authorizations in different places,
we need to add specs in different places to cover
all the cases.

Change scope definition

Fix the spec naming

Big rename to unassigned

Change all limited_access naming to unassigned

Fix rubocop error

Fix naming

Filter out unassigned from groupmembers finder

Modify spec to reflect changes made in group members finder

Add new option to member associations in UI

And stop displaying unassigned members on group page

Fix project presenter problem

This adds a concept of `default_actor` that `HasWiki` instances must
implement. This is implemented differently for projects and groups.
The contract is that `default_actor` must return a User with ownership
privileges over the object.

Wiki Owner differs from Owner of these models as wiki_owner must have
the type `User`, but `Project#owner` can be a `Group` for instance.
Groups can have many owners, so we select the first one, before
ascending the chain of parent groups.

This is vital since otherwise `HasWiki#wiki` will return wikis that
cannot save their own pages.

Added GroupDeployKeysGroup model.
Added serializer for GroupDeployKeysGroup.
Added two related policies.
Added relevant rspecs.

The plan for RSpec 4.0 is to disable monkey patching, reference:
https://rspec.info/blog/2013/07/the-plan-for-rspec-3/#zero-monkey-patching-mode
https://relishapp.com/rspec/rspec-core/docs/configuration/zero-monkey-patching-mode

This commit stops using RSpec monkey patching in several specs.

When a shared group creates a new project, that should be visible to
members of the shared with group too. We need to include those members
in Group#user_ids_for_project_authorizations.

Validate confirmation of emails for user

Add validation to notification settings

Add different condition to validation

Add possibility to pick only email in dropdown

Fix user specs file

Remove unused method

Add changelog entry

Add cr remarks

Add cr remarks

The name of the feature changed, so let's change the model/etc to avoid
confusion in the future.

Specialized worker can bulk insert only the necessary records, instead
of the current approach which recalculates every project authorizations
for members.