Notes related to branch creation should not be shown in an issue's
activity feed when the user doesn't have access to :download_code.

This method, #route_not_found, is executed as the final fallback for
unrecognized routes (as the name might imply.) We want to avoid
`#authenticate_user!` when calling `#route_not_found`;
`#authenticate_user!` can, depending on the request format, return a 401
instead of redirecting to a login page. This opens a subtle security
exploit where anonymous users will receive a 401 response when
attempting to access a private repo, while a recognized user will
receive a 404, exposing the existence of the private, hidden repo.

We had similar code in a few places to redirect to the last page if
the given page number is out of range. This unifies the handling in a
new controller concern and adds usage of it in all snippet listings.

Previously submitting a DELETE request to an issuable URL would be
enough to destroy it, but this should require human confirmation.  We
now require that the `destroy_confirm` parameter is set to a truthy
value before this can complete.

In addition, we log a Sentry error if a deletion arrived without
confirmation.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/62387

This adds test that Todos are completed.

https://gitlab.com/gitlab-org/gitlab-ce/issues/63372

This spec needs to run as a request-style spec in order to invoke the
Rails router.

A controller-style spec matches the wrong route, and
`session['user_return_to']` becomes incorrect.

Remove project from NotesFinder constructor

Add project parameter to specs

Also look for methods in private scope

Fix specs to match new NotesFinder constructor

This reverts merge request !29733

Add spec for concern IssuableActions

Add shared samples for discussions endpoint

Add schema validations for discussions

Fix rubocop style issue

Make target assignable

Use new possibility to provide target

Peter Leitzen authored 5 years ago and Grzegorz Bizon committed 5 years ago

Prefer `json_response` where applicable.

Accept a `confidential_issue_project_id` param which will
be used for the system note target.

This also includes some refactoring on the spec to use
shared examples.

to support manual sorting on the frontend

- adding a "Manual" option to the dropdown
- show 100 issues list when manually sorting

Adds frozen string to the following:

* spec/bin/**/*.rb
* spec/config/**/*.rb
* spec/controllers/**/*.rb

xref https://gitlab.com/gitlab-org/gitlab-ce/issues/59758

Imre (Admin) authored 5 years ago and Andreas Brandl committed 5 years ago

Move Contribution Analytics related spec in spec/features/groups/group_page_with_external_authorization_service_spec to EE

This reverts merge request !26823

Imre (Admin) authored 5 years ago and Andreas Brandl committed 5 years ago

Move Contribution Analytics related spec in spec/features/groups/group_page_with_external_authorization_service_spec to EE

Removes special error message when creating new issues

Re-enables and autocorrects all instances of the
Style/MethodCallWithoutArgsParentheses rule

In order to let users' sorting preferences transfer between devices, we
save the preference for issues and MRs (one preference for issues, one
for MRs) in the backend inside the UserPreference object