This cop prevents you from using file in API, it points you to the
development documentation about workhorse file acceleration.

This change adds the ability to read and
write admin notes for a user via the
USER API

Adam Hegyi authored 5 years ago and Mayra Cabrera committed 5 years ago

- Background migration for changing null values to false
- Set false as default value for private_profile DB column

To avoid having to specify an actual password to create users, admins
can now use the `force_random_password` parameter to let Devise generate
a password.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/63826

Updated users API documentation
Moved API level changes to the service level

MR: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/9815

This backports the EE specific parameters for API::Users, and wraps them
in a conditional.

Since we migrated all PersonlAccessTokens to store only its hash in the
DB, the token value can no longer be shown to the user.

find_by_token is overriden by TokenAuthenticatable which can be easily
missed or confused with #find_by(:token) defined by ActiveRecord. First
step for safer usage is to remove #find_by.

Partially addresses #47424.

Had to make changes to spec files because
stubbing methods on frozen objects is a mess
in RSpec and leads to failures:

https://github.com/rspec/rspec-mocks/issues/1190

This whitelists all existing offenses for the various CodeReuse cops, of
which most are triggered by the CodeReuse/ActiveRecord cop.

This gives admins the ability to send a `skip_confirmation` flag in the
`POST /users/:id/email` API endpoint to skip the verification step and
assume the given e-mail address is verified.

Closes #50876

This can be done trough the API for the current user, or on the
profile page.

Signed-off-by: Marko, Peter <peter.marko@siemens.com>