Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
c3d897a9
Commit
c3d897a9
authored
Feb 03, 2016
by
Kamil Trzcinski
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Properly handle commit status permissions (for a build)
parent
e80c79e3
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
26 additions
and
4 deletions
+26
-4
app/models/ability.rb
app/models/ability.rb
+22
-0
app/views/projects/commit_statuses/_commit_status.html.haml
app/views/projects/commit_statuses/_commit_status.html.haml
+4
-4
No files found.
app/models/ability.rb
View file @
c3d897a9
...
@@ -5,6 +5,12 @@ class Ability
...
@@ -5,6 +5,12 @@ class Ability
return
[]
unless
user
.
is_a?
(
User
)
return
[]
unless
user
.
is_a?
(
User
)
return
[]
if
user
.
blocked?
return
[]
if
user
.
blocked?
if
subject
.
is_a?
(
CommitStatus
)
rules
=
project_abilities
(
user
,
subject
)
rules
=
filter_build_abilities
(
rules
)
if
subject
.
is_a?
(
Ci
::
Build
)
return
rules
end
case
subject
.
class
.
name
case
subject
.
class
.
name
when
"Project"
then
project_abilities
(
user
,
subject
)
when
"Project"
then
project_abilities
(
user
,
subject
)
when
"Issue"
then
issue_abilities
(
user
,
subject
)
when
"Issue"
then
issue_abilities
(
user
,
subject
)
...
@@ -25,6 +31,10 @@ class Ability
...
@@ -25,6 +31,10 @@ class Ability
case
true
case
true
when
subject
.
is_a?
(
PersonalSnippet
)
when
subject
.
is_a?
(
PersonalSnippet
)
anonymous_personal_snippet_abilities
(
subject
)
anonymous_personal_snippet_abilities
(
subject
)
when
subject
.
is_a?
(
CommitStatus
)
rules
=
anonymous_project_abilities
(
subject
)
rules
=
filter_build_abilities
(
rules
)
if
subject
.
is_a?
(
Ci
::
Build
)
rules
when
subject
.
is_a?
(
Project
)
||
subject
.
respond_to?
(
:project
)
when
subject
.
is_a?
(
Project
)
||
subject
.
respond_to?
(
:project
)
anonymous_project_abilities
(
subject
)
anonymous_project_abilities
(
subject
)
when
subject
.
is_a?
(
Group
)
||
subject
.
respond_to?
(
:group
)
when
subject
.
is_a?
(
Group
)
||
subject
.
respond_to?
(
:group
)
...
@@ -396,6 +406,18 @@ class Ability
...
@@ -396,6 +406,18 @@ class Ability
rules
rules
end
end
def
filter_build_abilities
(
rules
)
# If we can't read build we should also not have that
# ability when looking at this in context of commit_status
unless
rules
.
include?
(
:read_build
)
rules
-=
[
:read_commit_status
]
end
unless
rules
.
include?
(
:update_build
)
rules
-=
[
:update_commit_status
]
end
rules
end
def
abilities
def
abilities
@abilities
||=
begin
@abilities
||=
begin
abilities
=
Six
.
new
abilities
=
Six
.
new
...
...
app/views/projects/commit_statuses/_commit_status.html.haml
View file @
c3d897a9
%tr
.commit_status
%tr
.commit_status
%td
.status
%td
.status
-
if
commit_status
.
target_url
-
if
c
an?
(
current_user
,
:read_commit_status
,
commit_status
)
&&
c
ommit_status
.
target_url
=
link_to
commit_status
.
target_url
,
class:
"ci-status ci-
#{
commit_status
.
status
}
"
do
=
link_to
commit_status
.
target_url
,
class:
"ci-status ci-
#{
commit_status
.
status
}
"
do
=
ci_icon_for_status
(
commit_status
.
status
)
=
ci_icon_for_status
(
commit_status
.
status
)
=
commit_status
.
status
=
commit_status
.
status
...
@@ -8,7 +8,7 @@
...
@@ -8,7 +8,7 @@
=
ci_status_with_icon
(
commit_status
.
status
)
=
ci_status_with_icon
(
commit_status
.
status
)
%td
.commit_status-link
%td
.commit_status-link
-
if
can?
(
current_user
,
:read_
build
,
commit_status
.
project
)
&&
commit_status
.
target_url
-
if
can?
(
current_user
,
:read_
commit_status
,
commit_status
)
&&
commit_status
.
target_url
=
link_to
commit_status
.
target_url
do
=
link_to
commit_status
.
target_url
do
%strong
##{commit_status.id}
%strong
##{commit_status.id}
-
else
-
else
...
@@ -66,10 +66,10 @@
...
@@ -66,10 +66,10 @@
%td
%td
.pull-right
.pull-right
-
if
can?
(
current_user
,
:read_
build
,
commit_status
.
project
)
&&
commit_status
.
artifacts_download_url
-
if
can?
(
current_user
,
:read_
commit_status
,
commit_status
)
&&
commit_status
.
artifacts_download_url
=
link_to
commit_status
.
artifacts_download_url
,
title:
'Download artifacts'
do
=
link_to
commit_status
.
artifacts_download_url
,
title:
'Download artifacts'
do
%i
.fa.fa-download
%i
.fa.fa-download
-
if
can?
(
current_user
,
:update_
build
,
commit_status
.
project
)
-
if
can?
(
current_user
,
:update_
commit_status
,
commit_status
)
-
if
commit_status
.
active?
-
if
commit_status
.
active?
-
if
commit_status
.
cancel_url
-
if
commit_status
.
cancel_url
=
link_to
commit_status
.
cancel_url
,
method: :post
,
title:
'Cancel'
do
=
link_to
commit_status
.
cancel_url
,
method: :post
,
title:
'Cancel'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment