Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
iv
gitlab-ce
Commits
07b38c3b
Commit
07b38c3b
authored
Apr 05, 2016
by
Felipe Artur
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Code fixes
parent
147879ae
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
14 additions
and
28 deletions
+14
-28
app/controllers/projects/project_members_controller.rb
app/controllers/projects/project_members_controller.rb
+0
-7
app/controllers/users_controller.rb
app/controllers/users_controller.rb
+10
-11
app/models/ability.rb
app/models/ability.rb
+2
-8
app/views/layouts/nav/_project.html.haml
app/views/layouts/nav/_project.html.haml
+1
-1
spec/controllers/users_controller_spec.rb
spec/controllers/users_controller_spec.rb
+1
-1
No files found.
app/controllers/projects/project_members_controller.rb
View file @
07b38c3b
class
Projects::ProjectMembersController
<
Projects
::
ApplicationController
class
Projects::ProjectMembersController
<
Projects
::
ApplicationController
# Authorize
# Authorize
before_action
:authorize_admin_project_member!
,
except: :leave
before_action
:authorize_admin_project_member!
,
except: :leave
before_action
:authorize_read_project_members
,
only: :index
def
index
def
index
@project_members
=
@project
.
project_members
@project_members
=
@project
.
project_members
...
@@ -113,10 +112,4 @@ class Projects::ProjectMembersController < Projects::ApplicationController
...
@@ -113,10 +112,4 @@ class Projects::ProjectMembersController < Projects::ApplicationController
def
member_params
def
member_params
params
.
require
(
:project_member
).
permit
(
:user_id
,
:access_level
)
params
.
require
(
:project_member
).
permit
(
:user_id
,
:access_level
)
end
end
private
def
authorize_read_project_members
can?
(
current_user
,
:read_project_members
,
@project
)
end
end
end
app/controllers/users_controller.rb
View file @
07b38c3b
class
UsersController
<
ApplicationController
class
UsersController
<
ApplicationController
skip_before_action
:authenticate_user!
skip_before_action
:authenticate_user!
before_action
:
set_user
,
except:
[
:show
]
before_action
:
user
before_action
:authorize_read_user!
,
only:
[
:show
]
before_action
:authorize_read_user!
,
only:
[
:show
]
def
show
def
show
...
@@ -77,26 +77,25 @@ class UsersController < ApplicationController
...
@@ -77,26 +77,25 @@ class UsersController < ApplicationController
private
private
def
authorize_read_user!
def
authorize_read_user!
set_user
render_404
unless
can?
(
current_user
,
:read_user
,
user
)
render_404
unless
can?
(
current_user
,
:read_user
,
@user
)
end
end
def
set_
user
def
user
@user
=
User
.
find_by_username!
(
params
[
:username
])
@user
||
=
User
.
find_by_username!
(
params
[
:username
])
end
end
def
contributed_projects
def
contributed_projects
ContributedProjectsFinder
.
new
(
@
user
).
execute
(
current_user
)
ContributedProjectsFinder
.
new
(
user
).
execute
(
current_user
)
end
end
def
contributions_calendar
def
contributions_calendar
@contributions_calendar
||=
Gitlab
::
ContributionsCalendar
.
@contributions_calendar
||=
Gitlab
::
ContributionsCalendar
.
new
(
contributed_projects
,
@
user
)
new
(
contributed_projects
,
user
)
end
end
def
load_events
def
load_events
# Get user activity feed for projects common for both users
# Get user activity feed for projects common for both users
@events
=
@
user
.
recent_events
.
@events
=
user
.
recent_events
.
merge
(
projects_for_current_user
).
merge
(
projects_for_current_user
).
references
(
:project
).
references
(
:project
).
with_associations
.
with_associations
.
...
@@ -105,16 +104,16 @@ class UsersController < ApplicationController
...
@@ -105,16 +104,16 @@ class UsersController < ApplicationController
def
load_projects
def
load_projects
@projects
=
@projects
=
PersonalProjectsFinder
.
new
(
@
user
).
execute
(
current_user
)
PersonalProjectsFinder
.
new
(
user
).
execute
(
current_user
)
.
page
(
params
[
:page
])
.
page
(
params
[
:page
])
end
end
def
load_contributed_projects
def
load_contributed_projects
@contributed_projects
=
contributed_projects
.
joined
(
@
user
)
@contributed_projects
=
contributed_projects
.
joined
(
user
)
end
end
def
load_groups
def
load_groups
@groups
=
JoinedGroupsFinder
.
new
(
@
user
).
execute
(
current_user
)
@groups
=
JoinedGroupsFinder
.
new
(
user
).
execute
(
current_user
)
end
end
def
projects_for_current_user
def
projects_for_current_user
...
...
app/models/ability.rb
View file @
07b38c3b
class
Ability
class
Ability
class
<<
self
class
<<
self
def
allowed
(
user
,
subject
)
def
allowed
(
user
,
subject
)
return
anonymous_abilities
(
user
,
subject
)
if
user
.
nil?
return
anonymous_abilities
(
user
,
subject
)
if
user
.
nil?
...
@@ -58,7 +57,6 @@ class Ability
...
@@ -58,7 +57,6 @@ class Ability
:read_label
,
:read_label
,
:read_milestone
,
:read_milestone
,
:read_project_snippet
,
:read_project_snippet
,
:read_project_member
,
:read_merge_request
,
:read_merge_request
,
:read_note
,
:read_note
,
:read_commit_status
,
:read_commit_status
,
...
@@ -71,8 +69,6 @@ class Ability
...
@@ -71,8 +69,6 @@ class Ability
# Allow to read issues by anonymous user if issue is not confidential
# Allow to read issues by anonymous user if issue is not confidential
rules
<<
:read_issue
unless
subject
.
is_a?
(
Issue
)
&&
subject
.
confidential?
rules
<<
:read_issue
unless
subject
.
is_a?
(
Issue
)
&&
subject
.
confidential?
rules
<<
:read_project_member
unless
restricted_public_level?
rules
-
project_disabled_features_rules
(
project
)
rules
-
project_disabled_features_rules
(
project
)
else
else
[]
[]
...
@@ -96,9 +92,8 @@ class Ability
...
@@ -96,9 +92,8 @@ class Ability
end
end
if
group
if
group
rules
<<
[
:read_group
]
if
group
.
public?
rules
<<
:read_group
if
group
.
public?
rules
<<
:read_group_members
unless
restricted_public_level?
rules
<<
[
:read_group_members
]
unless
restricted_public_level?
end
end
rules
rules
...
@@ -156,7 +151,6 @@ class Ability
...
@@ -156,7 +151,6 @@ class Ability
rules
-=
project_archived_rules
rules
-=
project_archived_rules
end
end
rules
<<
:read_project_members
rules
-
project_disabled_features_rules
(
project
)
rules
-
project_disabled_features_rules
(
project
)
end
end
end
end
...
...
app/views/layouts/nav/_project.html.haml
View file @
07b38c3b
...
@@ -77,7 +77,7 @@
...
@@ -77,7 +77,7 @@
Merge Requests
Merge Requests
%span
.count.merge_counter
=
number_with_delimiter
(
@project
.
merge_requests
.
opened
.
count
)
%span
.count.merge_counter
=
number_with_delimiter
(
@project
.
merge_requests
.
opened
.
count
)
-
if
project_nav_tab?
(
:settings
)
&&
can?
(
current_user
,
:read_project_members
,
@project
)
-
if
project_nav_tab?
(
:settings
)
=
nav_link
(
controller:
[
:project_members
,
:teams
])
do
=
nav_link
(
controller:
[
:project_members
,
:teams
])
do
=
link_to
namespace_project_project_members_path
(
@project
.
namespace
,
@project
),
title:
'Members'
,
class:
'team-tab tab'
do
=
link_to
namespace_project_project_members_path
(
@project
.
namespace
,
@project
),
title:
'Members'
,
class:
'team-tab tab'
do
=
icon
(
'users fw'
)
=
icon
(
'users fw'
)
...
...
spec/controllers/users_controller_spec.rb
View file @
07b38c3b
...
@@ -41,7 +41,7 @@ describe UsersController do
...
@@ -41,7 +41,7 @@ describe UsersController do
end
end
end
end
context
'
W
hen public visibility level is restricted'
do
context
'
w
hen public visibility level is restricted'
do
before
do
before
do
stub_application_setting
(
restricted_visibility_levels:
[
Gitlab
::
VisibilityLevel
::
PUBLIC
])
stub_application_setting
(
restricted_visibility_levels:
[
Gitlab
::
VisibilityLevel
::
PUBLIC
])
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment