Notes related to branch creation should not be shown in an issue's
activity feed when the user doesn't have access to :download_code.

This is to be more consistent as there is already a :read_note policy in
NotePolicy. To keep other behaviour the same we've introduced a
Note#noteable_ability_name that is used anywhere this was expected.

Dmitriy Zaporozhets authored 5 years ago and Peter Leitzen committed 5 years ago

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Because we don't have any destroy callbacks (or other logic
triggered on event destroy), there is no reason for deleting events
inefficiently one by one, instead we can use :delete_all.

Jan Provaznik authored 5 years ago and Thong Kuah committed 5 years ago

Creates new event when an epic is created, closed, reopened or
commented.

This is to accomodate prepended modules.

Limiting the size of issuable description and comments to 1_000_000,
which is close to ~1MB of ASCII characters, which represents 99.9% of
all descriptions and comments we have in DB at the moment. This should
help prevent DoS attacks when comments contain refference strings.

Also this change updates regexp matching the namespaces paths by
limiting the namespaces paths to Namespace::NUMBER_OF_ANCESTORS_ALLOWED,
as we allow 20 levels deep groups.

see https://gitlab.com/gitlab-org/gitlab-ce/issues/61974#note_191274234

https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/31117 enabled the
HashInefficientHash Rubocop rule that was fooled by the special
implementation of `SpecialRole`. We fix this by introducing a
`value?` method and adding unit tests.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/65383

When used with a Hash, `.keys.include?` is bad because:

1. It performs a O(n) search instead of the efficient `.has_key?`
2. It clones all keys into separate array.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/64975

A new `discussion_id` argument on the `createNote` mutation allows
people to create a note within that discussion.

The ability to lazy-load Discussions has been added, so
GraphQL.object_from_id can treat Discussions the same as AR objects and
batch load them.

https://gitlab.com/gitlab-org/gitlab-ce/issues/62826
https://gitlab.com/gitlab-org/gitlab-ee/issues/9489

Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>

This exposes `Note`s on Issues & MergeRequests using a
`Types::Notes::NoteableType` in GraphQL.

Exposing notes on a new type can be done by implementing the
`NoteableType` interface on the type. The presented object should
be a `Noteable`.

Makes `Note#edited?` return `false` when the note body was not edited

Add support for group entities to quick actions

There is a combination of few strategies implemented here:

1. Few relations were eager loaded
2. Changed few polymorphic routes to specific ones so we don't have to
   use `#becomes(Namespace)` which doesn't preserve association cache

[master]Fixed ability to comment on and edit/delete comments on locked or confidential issues

See merge request gitlab/gitlabhq!2612

It's possible that user pastes accidentally also unsubscribe link
which is included in footer of notification emails. This unsubscribe
link contains personal token which attacker then use to act as the
original user (e.g. for sending comments under his/her identity).

This resolves a conflict and inconsistency with the EE version of
app/models/note.rb.

This commit adds the module `FromUnion`, which provides the class method
`from_union`. This simplifies the process of selecting data from the
result of a UNION, and reduces the likelihood of making mistakes. As a
result, instead of this:

    union = Gitlab::SQL::Union.new([foo, bar])

    Foo.from("(#{union.to_sql}) #{Foo.table_name}")

We can now write this instead:

    Foo.from_union([foo, bar])

This commit also includes some changes to make this new setup work
properly. For example, a bug in Rails 4
(https://github.com/rails/rails/issues/24193) would break the use of
`from("sub-query-here").includes(:relation)` in certain cases. There was
also a CI query which appeared to repeat a lot of conditions from an
outer query on an inner query, which isn't necessary.

Finally, we include a RuboCop cop to ensure developers use this new
module, instead of using Gitlab::SQL::Union directly.

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/51307

This whitelists all existing offenses for the various CodeReuse cops, of
which most are triggered by the CodeReuse/ActiveRecord cop.

This reverts commit 8717c7da.

The status is shown for
- The author of a commit when viewing a commit
- Notes on a commit (regular/diff)
- The user that triggered a pipeline when viewing a pipeline
- The author of a merge request when viewing a merge request
- The author of notes on a merge request (regular/diff)
- The author of an issue when viewing an issue
- The author of notes on an issue
- The author of a snippet when viewing a snippet
- The author of notes on a snippet
- A user's profile page
- The list of members of a group/user

Partially addresses #47424.

This reverts commit 4d9a3f42, reversing
changes made to ecf9c145.

Jan Provaznik authored 6 years ago and Jarka Kadlecova committed 6 years ago

* Group filtering now includes also issues/MRs from
subgroups/subprojects
* fixed due_date
* Also DRYed todo controller specs