The current state of group issue boards does not show the "Add issues"
button on the UI for users that are reporters of group child projects.

(cherry picked from commit 0bf7fecdee5a200eeb4f27b4888a57ceee63bde9)

so that we can use API::Internal namespace.

Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/61927.

Etienne Baqué authored 5 years ago and Andreas Brandl committed 5 years ago

Modified schema via migrations.
Added one-to-one relationship between the two models.
Added changelog file

There was some confusion over whether `code` or `content` is the right
parameter for snippets. Internally, the database stores
`content`. However:

1. Project snippets use `code`. `code` gets remapped in `content` in
`lib/api/project_snippets.rb`.

2. Personal snippets use `content`.

To unify these APIs, allow an alias of `content` to work for project
snippets.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66673

Instead of sending varied data to Gitaly, and making Gitaly construct
various messages, build the messages first and have Gitaly print
either basic messages or alert messages, in the order they come.

Depends on https://gitlab.com/gitlab-org/gitaly/merge_requests/1410

A new param with_security_reports was added to
GET /groups/:id/projects API and the code to
support this logic in GroupProjectsFinder and
Project model. Also, a DB index was added to
ci_job_artifacts table to speed up the search
of security reports artifacts for projects

(cherry picked from commit 897a9d308db46b620b738b98f2b0e5630ac7d2dd)

User images and videos will get proxied through
the Camo server in order to keep malicious
sites from collecting the IP address of users.

This is a follow-up from
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/31938.

In GitLab 9.0,
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9661 removed the
`subscribed` flag from the API when the user requested a list of issues
or merge requests since calculating this value triggers extensive
Markdown processing.

In GitLab 12.0 via a4fbf39e, we accidentally reintroduced this
performance regression by changing `IssueBasic` to `Issue` in
`entities.rb`. This showed up as a Gitaly N+1 issue since the Markdown
processing would attempt to extract a commit if it detected a regex that
matched a commit.

We restore the prior behavior by once again removing the `subscribed`
flag for the bulk list of issues and merge requests and add a test to
ensure they aren't reintroduced.

Relates to https://gitlab.com/gitlab-org/gitlab-ce/issues/66202

Marius Bobin authored 5 years ago and Mayra Cabrera committed 5 years ago

Allow users to read pipelines for public projects
with public builds enabled without providing an access token.

Add specs for new parameter and updated documentation as well.

Increase sort options for issues list from updated_at and create_at,
to include more options close to what is required in actual issue list
UI.

This helps us to use REST API for issues list with sorting capabilities

https://gitlab.com/gitlab-org/gitlab-ce/issues/57402

Similar to https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/31834,
we see that in https://gitlab.com/gitlab-org/gitlab-ce/issues/65957
there can be hundreds, even thousands, of Gitaly requests in the
`/api/:version/projects/:id/merge_requests/:noteable_id/notes` endpoint.

Previously, the API to retrieve notes generated hundreds of Gitaly calls
to determine whether a system note should be shown to the user. It did
this by:

1. Rendering the Markdown
2. Extracting cross-references from the Markdown
3. Issuing a Gitaly `FindCommit` RPC for every reference to validate
that the commit exists.

The last step is unnecessary because we don't need to display a commit
if the user doesn't have access to the project in the first place.
`RendersNotes#prepare_notes_for_rendering` is already used in
`MergeRequestsController`, which is why we don't see N+1 Gitaly calls
there. We use it here to optimize the note redaction process.

Adding, destroying and toggling emoji previously lacked services and
instead were performed through methods called on Awardable models.

This led to inconsistencies where relevant todos would be marked as done
only when emoji were awarded through our controllers, but not through
the API. Todos could also be marked as done when an emoji was being
removed.

Behaviour changes

- Awarding emoji through the API will now mark a relevant Todo as done
- Toggling an emoji off (destroying it) through our controllers will no
  longer mark a relevant Todo as done

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/63372

Stan Hu authored 5 years ago and Mayra Cabrera committed 5 years ago

Current `auth.log` uses `fullpath` and `ip`, while `api_json.log` uses
`remote_ip` and `path` for the same fields. Let's standardize these
namings to make it easier for people working with the data.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66167

Nick Thomas authored 5 years ago and Himanshu Kapoor committed 5 years ago

This functionality is available in the /autocomplete users pseudo-API.
We're attempting to replace that with the canonical API, so it needs
support for this parameter too.

In GitLab 9.0,
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9661 removed the
`subscribed` flag from the API when the user requested a list of issues
or merge requests since calculating this value triggers extensive
Markdown processing.

In GitLab 12.0 via a4fbf39e, we accidentally reintroduced this
performance regression by changing `IssueBasic` to `Issue` in
`entities.rb`. This showed up as a Gitaly N+1 issue since the Markdown
processing would attempt to extract a commit if it detected a regex that
matched a commit.

We restore the prior behavior by once again removing the `subscribed`
flag for the bulk list of issues and merge requests and add a test to
ensure they aren't reintroduced.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66202

Previously, the API to retrieve discussions from merge requests often
generated hundreds of Gitaly calls to determine whether a system note
should be shown to the user. It did this by:

1. Rendering the Markdown
2. Extracting cross-references from the Markdown
3. For cross-references that were commits, a Gitaly FindCommit RPC
   would be issued to validate that the commit exists.

The last step is unnecessary because we don't need to display a commit
if the user doesn't have access to the project in the first place.

`RendersNotes#prepare_notes_for_rendering` is already used in
`MergeRequestsController`, which is why we don't see N+1 Gitaly calls
there. We use it here to optimize the note redaction process.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/65957

This was added in
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/31789

CE-specific changes for:
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/15129



Co-Authored-By: Alex Kalderimis <akalderimis@gitlab.com>
Co-Authored-By: Luke Duncalfe <lduncalfe@eml.cc>

Jeremy Jackson authored 5 years ago and Mayra Cabrera committed 5 years ago

This introduces several changes, but these are all just ported from the
EE project.

when params[:ref_name] is set to "" by passing an empty query parameter
to the api it is evaluated as false by the || operator.
The use of active support core extensions presence method fixes the original
implemantation.

https://guides.rubyonrails.org/active_support_core_extensions.html#presence

As decided in https://gitlab.com/gitlab-org/gitlab-ce/issues/53593

These counts significantly increase the load time for these
requests. Users can now opt in to receiving the counts by setting
`with_counts=true` in requests. This is a breaking change, but hopefully
a fairly minor one.

EE added a single line to this file that can easily be backported to CE,
but it appears this was overlooked. The method called is a noop in CE,
so no additional changes are necessary.

Creating new records has been disabled, and all
existing records been migrated to clusters as of
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/28534

Expose time since starring on project/:id/starrers API endpoint; exclude private profiles here as well

Fix API endpoint for starred projects of a user; add info about starred projects on profile to documentation