- Feb 13, 2018
-
-
Andreas Brandl authored
Whenever we already deal with a User object, let's use the more specific method avatar_icon_for_user.
-
- Feb 08, 2018
-
-
Shah El-Rahman authored
-
- Dec 15, 2017
-
-
Cesar Apodaca authored
fix issue #39843 Incorrect guidance stating blocked users will be removed from groups and projects as members
-
- Sep 25, 2017
-
-
Annabel Dunstone Gray authored
-
- Aug 18, 2017
-
-
Phil Hughes authored
-
- Aug 17, 2017
-
-
Winnie Hellmann authored
-
- Jul 05, 2017
-
-
Douwe Maan authored
-
- Jun 05, 2017
-
-
Nick Thomas authored
-
Nick Thomas authored
-
- Jun 01, 2017
-
-
Nick Thomas authored
-
- May 18, 2017
-
-
Annabel Dunstone Gray authored
-
- May 03, 2017
-
-
Mark Fletcher authored
+ Add a partial for displaying user deletion guidance
-
- Apr 06, 2017
-
-
- Mar 24, 2017
-
-
Alexander Randa authored
-
- Mar 09, 2017
-
-
http://jneen.net/ authored
and don't offer to impersonate them
-
- Mar 06, 2017
-
-
Tiago Botelho authored
-
- Feb 28, 2017
-
-
Tiago Botelho authored
-
Simon Vocella authored
-
- Feb 24, 2017
-
-
Timothy Andrew authored
- Add a `destroy_user` ability. This didn't exist before, and was implicit in other abilities (only admins could access the admin area, so only they could destroy all users; a user can only access their own account page, and so can destroy only themselves). - Grant this ability to admins, and when the current user is trying to destroy themselves. Disallow destroying ghost users in all cases. - Modify the `Users::DestroyService` to check this ability. Also check it in views to decide whether or not to show the "Delete User" button. - Add a short summary of the Ghost User to the bio.
-
- Feb 15, 2017
-
-
Semyon Pupkov authored
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/24036
-
- Feb 06, 2017
-
-
Douwe Maan authored
-
Jose Ivan Vargas Lopez authored
-
Timothy Andrew authored
-
- Jan 24, 2017
-
-
Kushal Pandya authored
-
- Dec 31, 2016
-
-
Kushal Pandya authored
-
- Dec 29, 2016
-
-
James Gregory authored
-
- Dec 05, 2016
-
-
Annabel Dunstone Gray authored
-
- Dec 02, 2016
-
-
James Gregory authored
-
- Nov 01, 2016
-
-
Yar authored
The parameter is used to search users by several criretia was called :name. This request renames it to :search_query which closer to it actual perpose
-
- Aug 02, 2016
-
-
Elias Werberich authored
-
- Jul 14, 2016
-
-
Alfredo Sumaran authored
-
- Jul 08, 2016
-
-
Andrey Krivko authored
-
Robert Speicher authored
This reverts commit bf2a86b7.
-
- Jul 07, 2016
-
-
Robert Speicher authored
This reverts commit 68155ee7, reversing changes made to 7ebd011e.
-
Alfredo Sumaran authored
-
Alfredo Sumaran authored
-
- Jun 30, 2016
-
-
Valery Sizov authored
-
- Jun 24, 2016
-
-
Rémy Coutable authored
The issue was with the `User#groups` and `User#projects` associations which goes through the `User#group_members` and `User#project_members`. Initially I chose to use a secure approach by storing the requester's user ID in `Member#created_by_id` instead of `Member#user_id` because I was aware that there was a security risk since I didn't know the codebase well enough. Then during the review, we decided to change that and directly store the requester's user ID into `Member#user_id` (for the sake of simplifying the code I believe), meaning that every `group_members` / `project_members` association would include the requesters by default... My bad for not checking that all the `group_members` / `project_members` associations and the ones that go through them (e.g. `Group#users` and `Project#users`) were made safe with the `where(requested_at: nil)` / `where(members: { requested_at: nil })` scopes. Now they are all secure. Signed-off-by:Rémy Coutable <remy@rymai.me>
-
- Jun 16, 2016
-
-
James Lopez authored
This reverts commit 13e37a3e.
-
James Lopez authored
-
