Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
iv
gitlab-ce
Commits
668d6ffa
Commit
668d6ffa
authored
Mar 30, 2016
by
Felipe Artur
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add specs and fix code
parent
57519565
Changes
6
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
65 additions
and
18 deletions
+65
-18
app/controllers/users_controller.rb
app/controllers/users_controller.rb
+1
-1
app/models/ability.rb
app/models/ability.rb
+14
-11
app/views/layouts/nav/_group.html.haml
app/views/layouts/nav/_group.html.haml
+8
-5
app/views/layouts/nav/_project.html.haml
app/views/layouts/nav/_project.html.haml
+1
-1
spec/controllers/groups/group_members_controller_spec.rb
spec/controllers/groups/group_members_controller_spec.rb
+19
-0
spec/controllers/users_controller_spec.rb
spec/controllers/users_controller_spec.rb
+22
-0
No files found.
app/controllers/users_controller.rb
View file @
668d6ffa
class
UsersController
<
ApplicationController
class
UsersController
<
ApplicationController
skip_before_action
:authenticate_user!
skip_before_action
:authenticate_user!
#TO
-DO
Remove this "set_user" before action. It is not good to use before filters for loading database records.
#TO
DO felipe_artur:
Remove this "set_user" before action. It is not good to use before filters for loading database records.
before_action
:set_user
,
except:
[
:show
]
before_action
:set_user
,
except:
[
:show
]
before_action
:authorize_read_user
,
only:
[
:show
]
before_action
:authorize_read_user
,
only:
[
:show
]
...
...
app/models/ability.rb
View file @
668d6ffa
class
Ability
class
Ability
@public_restricted
=
nil
class
<<
self
class
<<
self
def
allowed
(
user
,
subject
)
def
allowed
(
user
,
subject
)
return
anonymous_abilities
(
user
,
subject
)
if
user
.
nil?
return
anonymous_abilities
(
user
,
subject
)
if
user
.
nil?
...
@@ -18,7 +20,7 @@ class Ability
...
@@ -18,7 +20,7 @@ class Ability
when
Namespace
then
namespace_abilities
(
user
,
subject
)
when
Namespace
then
namespace_abilities
(
user
,
subject
)
when
GroupMember
then
group_member_abilities
(
user
,
subject
)
when
GroupMember
then
group_member_abilities
(
user
,
subject
)
when
ProjectMember
then
project_member_abilities
(
user
,
subject
)
when
ProjectMember
then
project_member_abilities
(
user
,
subject
)
when
User
then
user_abilities
()
when
User
then
user_abilities
else
[]
else
[]
end
.
concat
(
global_abilities
(
user
))
end
.
concat
(
global_abilities
(
user
))
end
end
...
@@ -37,7 +39,7 @@ class Ability
...
@@ -37,7 +39,7 @@ class Ability
when
subject
.
is_a?
(
Group
)
||
subject
.
respond_to?
(
:group
)
when
subject
.
is_a?
(
Group
)
||
subject
.
respond_to?
(
:group
)
anonymous_group_abilities
(
subject
)
anonymous_group_abilities
(
subject
)
when
subject
.
is_a?
(
User
)
when
subject
.
is_a?
(
User
)
anonymous_user_abilities
()
anonymous_user_abilities
else
else
[]
[]
end
end
...
@@ -71,8 +73,7 @@ class Ability
...
@@ -71,8 +73,7 @@ class Ability
rules
<<
:read_issue
unless
subject
.
is_a?
(
Issue
)
&&
subject
.
confidential?
rules
<<
:read_issue
unless
subject
.
is_a?
(
Issue
)
&&
subject
.
confidential?
# Allow anonymous users to read project members if public is not a restricted level
# Allow anonymous users to read project members if public is not a restricted level
restricted_public_level
=
current_application_settings
.
restricted_visibility_levels
.
include?
(
Gitlab
::
VisibilityLevel
::
PUBLIC
)
rules
<<
:read_project_member
unless
restricted_public_level?
rules
<<
:read_project_member
unless
restricted_public_level
rules
-
project_disabled_features_rules
(
project
)
rules
-
project_disabled_features_rules
(
project
)
else
else
...
@@ -100,8 +101,7 @@ class Ability
...
@@ -100,8 +101,7 @@ class Ability
rules
<<
[
:read_group
]
if
group
.
public?
rules
<<
[
:read_group
]
if
group
.
public?
# Allow anonymous users to read project members if public is not a restricted level
# Allow anonymous users to read project members if public is not a restricted level
restricted_public_level
=
current_application_settings
.
restricted_visibility_levels
.
include?
(
Gitlab
::
VisibilityLevel
::
PUBLIC
)
rules
<<
[
:read_group_members
]
unless
restricted_public_level?
rules
<<
[
:read_group_members
]
unless
restricted_public_level
end
end
rules
rules
...
@@ -123,9 +123,8 @@ class Ability
...
@@ -123,9 +123,8 @@ class Ability
end
end
end
end
def
anonymous_user_abilities
()
def
anonymous_user_abilities
restricted_by_public
=
current_application_settings
.
restricted_visibility_levels
.
include?
(
Gitlab
::
VisibilityLevel
::
PUBLIC
)
[
:read_user
]
unless
restricted_public_level?
[
:read_user
]
unless
restricted_by_public
end
end
def
global_abilities
(
user
)
def
global_abilities
(
user
)
...
@@ -303,7 +302,6 @@ class Ability
...
@@ -303,7 +302,6 @@ class Ability
def
group_abilities
(
user
,
group
)
def
group_abilities
(
user
,
group
)
rules
=
[]
rules
=
[]
rules
<<
[
:read_group
,
:read_group_members
]
if
can_read_group?
(
user
,
group
)
rules
<<
[
:read_group
,
:read_group_members
]
if
can_read_group?
(
user
,
group
)
# Only group masters and group owners can create new projects
# Only group masters and group owners can create new projects
...
@@ -475,7 +473,7 @@ class Ability
...
@@ -475,7 +473,7 @@ class Ability
rules
rules
end
end
def
user_abilities
()
def
user_abilities
[
:read_user
]
[
:read_user
]
end
end
...
@@ -493,6 +491,11 @@ class Ability
...
@@ -493,6 +491,11 @@ class Ability
private
private
def
restricted_public_level?
@public_restricted
||=
current_application_settings
.
restricted_visibility_levels
.
include?
(
Gitlab
::
VisibilityLevel
::
PUBLIC
)
@public_restricted
end
def
named_abilities
(
name
)
def
named_abilities
(
name
)
[
[
:"read_
#{
name
}
"
,
:"read_
#{
name
}
"
,
...
...
app/views/layouts/nav/_group.html.haml
View file @
668d6ffa
...
@@ -36,11 +36,14 @@
...
@@ -36,11 +36,14 @@
Merge Requests
Merge Requests
-
merge_requests
=
MergeRequestsFinder
.
new
(
current_user
,
group_id:
@group
.
id
,
state:
'opened'
).
execute
-
merge_requests
=
MergeRequestsFinder
.
new
(
current_user
,
group_id:
@group
.
id
,
state:
'opened'
).
execute
%span
.count
=
number_with_delimiter
(
merge_requests
.
count
)
%span
.count
=
number_with_delimiter
(
merge_requests
.
count
)
-
if
can?
(
current_user
,
:read_group_members
,
@group
)
=
nav_link
(
controller:
[
:group_members
])
do
=
nav_link
(
controller:
[
:group_members
])
do
=
link_to
group_group_members_path
(
@group
),
title:
'Members'
do
=
link_to
group_group_members_path
(
@group
),
title:
'Members'
do
=
icon
(
'users fw'
)
=
icon
(
'users fw'
)
%span
%span
Members
Members
-
if
can?
(
current_user
,
:admin_group
,
@group
)
-
if
can?
(
current_user
,
:admin_group
,
@group
)
=
nav_link
(
html_options:
{
class:
"separate-item"
})
do
=
nav_link
(
html_options:
{
class:
"separate-item"
})
do
=
link_to
edit_group_path
(
@group
),
title:
'Settings'
do
=
link_to
edit_group_path
(
@group
),
title:
'Settings'
do
...
...
app/views/layouts/nav/_project.html.haml
View file @
668d6ffa
...
@@ -77,7 +77,7 @@
...
@@ -77,7 +77,7 @@
Merge Requests
Merge Requests
%span
.count.merge_counter
=
number_with_delimiter
(
@project
.
merge_requests
.
opened
.
count
)
%span
.count.merge_counter
=
number_with_delimiter
(
@project
.
merge_requests
.
opened
.
count
)
-
if
project_nav_tab?
:settings
-
if
project_nav_tab?
(
:settings
)
&&
can?
(
current_user
,
:read_project_members
,
@project
)
=
nav_link
(
controller:
[
:project_members
,
:teams
])
do
=
nav_link
(
controller:
[
:project_members
,
:teams
])
do
=
link_to
namespace_project_project_members_path
(
@project
.
namespace
,
@project
),
title:
'Members'
,
class:
'team-tab tab'
do
=
link_to
namespace_project_project_members_path
(
@project
.
namespace
,
@project
),
title:
'Members'
,
class:
'team-tab tab'
do
=
icon
(
'users fw'
)
=
icon
(
'users fw'
)
...
...
spec/controllers/groups/group_members_controller_spec.rb
0 → 100644
View file @
668d6ffa
require
'spec_helper'
describe
Groups
::
GroupMembersController
do
let
(
:user
)
{
create
(
:user
)
}
let
(
:group
)
{
create
(
:group
)
}
context
"When public visibility level is restricted"
do
before
do
group
.
add_owner
(
user
)
stub_application_setting
(
restricted_visibility_levels:
[
Gitlab
::
VisibilityLevel
::
PUBLIC
])
end
it
'does not show group members'
do
get
:index
,
group_id:
group
.
path
expect
(
response
.
status
).
to
eq
(
404
)
end
end
end
spec/controllers/users_controller_spec.rb
View file @
668d6ffa
...
@@ -38,6 +38,28 @@ describe UsersController do
...
@@ -38,6 +38,28 @@ describe UsersController do
end
end
end
end
end
end
context
'When public visibility level is restricted'
do
before
do
stub_application_setting
(
restricted_visibility_levels:
[
Gitlab
::
VisibilityLevel
::
PUBLIC
])
end
context
'when logged out'
do
it
'renders 404'
do
get
:show
,
username:
user
.
username
expect
(
response
.
status
).
to
eq
(
404
)
end
end
context
'when logged in'
do
before
{
sign_in
(
user
)
}
it
'renders 404'
do
get
:show
,
username:
user
.
username
expect
(
response
.
status
).
to
eq
(
200
)
end
end
end
end
end
describe
'GET #calendar'
do
describe
'GET #calendar'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment