The current state of group issue boards does not show the "Add issues"
button on the UI for users that are reporters of group child projects.

so that we can use API::Internal namespace.

Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/61927.

It performs an expensive operation, but isn't required in
most of tests

rails_helper.rb's only logic was to require
spec_helper.rb.

There was some confusion over whether `code` or `content` is the right
parameter for snippets. Internally, the database stores
`content`. However:

1. Project snippets use `code`. `code` gets remapped in `content` in
`lib/api/project_snippets.rb`.

2. Personal snippets use `content`.

To unify these APIs, allow an alias of `content` to work for project
snippets.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66673

When a restricted visibility level of `private` is set in the instance,
creating a snippet with the `visibility` level would always fail.
This happened because:

1. `params[:visibility]` was a string (e.g. "public")
2. `CreateSnippetService` and `UpdateSnippetService` only looked
   at `params[:visibility_level]`, which was `nil`.

To fix this, we:

1. Make `CreateSnippetService` look at the newly-built
   `snippet.visibility_level`, since the right value is assigned by the
   `VisibilityLevel#visibility=` method.
2. Modify `UpdateSnippetService` to handle both `visibility_level` and
`visibility` parameters.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66050

Instead of sending varied data to Gitaly, and making Gitaly construct
various messages, build the messages first and have Gitaly print
either basic messages or alert messages, in the order they come.

Depends on https://gitlab.com/gitlab-org/gitaly/merge_requests/1410

Brett Walker authored 5 years ago and Mayra Cabrera committed 5 years ago

The `GraphQL::Function` has been deprecated in
favor of resolvers.

User images and videos will get proxied through
the Camo server in order to keep malicious
sites from collecting the IP address of users.

This is a follow-up from
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/31938.

In GitLab 9.0,
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9661 removed the
`subscribed` flag from the API when the user requested a list of issues
or merge requests since calculating this value triggers extensive
Markdown processing.

In GitLab 12.0 via a4fbf39e, we accidentally reintroduced this
performance regression by changing `IssueBasic` to `Issue` in
`entities.rb`. This showed up as a Gitaly N+1 issue since the Markdown
processing would attempt to extract a commit if it detected a regex that
matched a commit.

We restore the prior behavior by once again removing the `subscribed`
flag for the bulk list of issues and merge requests and add a test to
ensure they aren't reintroduced.

Relates to https://gitlab.com/gitlab-org/gitlab-ce/issues/66202

Marius Bobin authored 5 years ago and Mayra Cabrera committed 5 years ago

Allow users to read pipelines for public projects
with public builds enabled without providing an access token.

Add specs for new parameter and updated documentation as well.

Increase sort options for issues list from updated_at and create_at,
to include more options close to what is required in actual issue list
UI.

This helps us to use REST API for issues list with sorting capabilities

https://gitlab.com/gitlab-org/gitlab-ce/issues/57402

Similar to https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/31834,
we see that in https://gitlab.com/gitlab-org/gitlab-ce/issues/65957
there can be hundreds, even thousands, of Gitaly requests in the
`/api/:version/projects/:id/merge_requests/:noteable_id/notes` endpoint.

Previously, the API to retrieve notes generated hundreds of Gitaly calls
to determine whether a system note should be shown to the user. It did
this by:

1. Rendering the Markdown
2. Extracting cross-references from the Markdown
3. Issuing a Gitaly `FindCommit` RPC for every reference to validate
that the commit exists.

The last step is unnecessary because we don't need to display a commit
if the user doesn't have access to the project in the first place.
`RendersNotes#prepare_notes_for_rendering` is already used in
`MergeRequestsController`, which is why we don't see N+1 Gitaly calls
there. We use it here to optimize the note redaction process.

Alessio Caiazza authored 5 years ago and Mayra Cabrera committed 5 years ago

Root namespaces have storage statistics.
This commit allows namespace owners to get those stats via GraphQL
queries like the following one

{
  namespace(fullPath: "a_namespace_path") {
    rootStorageStatistics {
      storageSize
      repositorySize
      lfsObjectsSize
      buildArtifactsSize
      packagesSize
      wikiSize
    }
  }
}

This adds test that Todos are completed.

https://gitlab.com/gitlab-org/gitlab-ce/issues/63372

https://gitlab.com/gitlab-org/gitlab-ce/issues/63372

Nick Thomas authored 5 years ago and Himanshu Kapoor committed 5 years ago

This functionality is available in the /autocomplete users pseudo-API.
We're attempting to replace that with the canonical API, so it needs
support for this parameter too.

In GitLab 9.0,
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9661 removed the
`subscribed` flag from the API when the user requested a list of issues
or merge requests since calculating this value triggers extensive
Markdown processing.

In GitLab 12.0 via a4fbf39e, we accidentally reintroduced this
performance regression by changing `IssueBasic` to `Issue` in
`entities.rb`. This showed up as a Gitaly N+1 issue since the Markdown
processing would attempt to extract a commit if it detected a regex that
matched a commit.

We restore the prior behavior by once again removing the `subscribed`
flag for the bulk list of issues and merge requests and add a test to
ensure they aren't reintroduced.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66202

This test was failing in EE because the API helper `get()` creates a
personal access token each time it's run. We can avoid that by
pre-creating a personal access token and passing it each time.

Previously, the API to retrieve discussions from merge requests often
generated hundreds of Gitaly calls to determine whether a system note
should be shown to the user. It did this by:

1. Rendering the Markdown
2. Extracting cross-references from the Markdown
3. For cross-references that were commits, a Gitaly FindCommit RPC
   would be issued to validate that the commit exists.

The last step is unnecessary because we don't need to display a commit
if the user doesn't have access to the project in the first place.

`RendersNotes#prepare_notes_for_rendering` is already used in
`MergeRequestsController`, which is why we don't see N+1 Gitaly calls
there. We use it here to optimize the note redaction process.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/65957

Jeremy Jackson authored 5 years ago and Mayra Cabrera committed 5 years ago

This introduces several changes, but these are all just ported from the
EE project.

Winnie Hellmann authored 5 years ago and Bob Van Landuyt :neckbeard: committed 5 years ago

This reverts merge request !30613

As decided in https://gitlab.com/gitlab-org/gitlab-ce/issues/53593

These counts significantly increase the load time for these
requests. Users can now opt in to receiving the counts by setting
`with_counts=true` in requests. This is a breaking change, but hopefully
a fairly minor one.

Creating new records has been disabled, and all
existing records been migrated to clusters as of
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/28534

Tiger Watson authored 5 years ago and Thong Kuah committed 5 years ago

Kubernetes deployments on new clusters will now have
a separate namespace per project environment, instead
of sharing a single namespace for the project.

Behaviour of existing clusters is unchanged.

All new functionality is controlled by the
:kubernetes_namespace_per_environment feature flag,
which is safe to enable/disable at any time.

Steve Abrams authored 5 years ago and Mayra Cabrera committed 5 years ago

API endpoints for requesting container repositories
and container repositories with their tag information
are enabled for users that want to specify the group
containing the repository rather than the specific project.

`allow_local_requests_for_hooks_and_services` was renamed to
`allow_local_requests_for_web_hooks_and_services`.

Concurrent calls to UserMergeToRef RPC updating a single ref
can lead to an opaque fail that is being rescued at Gitaly.

So this commit adds an exclusive lease to the mergeability
check process with the key as the current MR ID.