Skip to content

G
gitlab-ce
Commit f1fd4787 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets
Browse files
Options

Merge branch 'epic/public_projects' of /home/git/repositories/gitlab/gitlabhq

parents a3c80673 e8292e73
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 871 additions and 674 deletions
CHANGELOG
View file @ f1fd4787
v 6.2.0
- Public projects are visible from the outside
v 6.1.0
- Project specific IDs for issues, mr, milestones
Above items will get a new id and for example all bookmarked issue urls will change.
......
app/assets/stylesheets/common.scss
View file @ f1fd4787
......@@ -382,3 +382,8 @@ table {
width: 50px;
min-height: 100px;
}
.navbar-gitlab .navbar-inner .nav > li .btn-sign-in {
@extend .btn-new;
padding: 5px 15px;
}
app/assets/stylesheets/sections/login.scss
View file @ f1fd4787
/* Login Page */
body.login-page{
background: #474D57;
.container .content { padding-top: 4%; }
.container > .content {
padding-top: 20px;
}
}
.login-box{
......
app/assets/stylesheets/sections/projects.scss
View file @ f1fd4787
......@@ -79,21 +79,6 @@ ul.nav.nav-projects-tabs {
margin: 0px;
}
.public-projects {
li {
.project-title {
font-size: 14px;
line-height: 2;
font-weight: normal;
}
.description {
margin-left: 15px;
color: #aaa;
}
}
}
.my-projects {
li {
.project-title {
......@@ -110,7 +95,6 @@ ul.nav.nav-projects-tabs {
}
}
.public-clone {
background: #333;
color: #f5f5f5;
......@@ -123,3 +107,11 @@ ul.nav.nav-projects-tabs {
position: relative;
top: -5px;
}
.public-projects .repo-info {
color: #777;
a {
color: #777;
}
}
app/controllers/profiles_controller.rb
View file @ f1fd4787
......@@ -33,8 +33,8 @@ class ProfilesController < ApplicationController
end
def update_password
params[:user].select! do |key, value|
%w(current_password password password_confirmation).include?(key.to_s)
password_attributes = params[:user].select do |key, value|
%w(password password_confirmation).include?(key.to_s)
end
unless @user.valid_password?(params[:user][:current_password])
......@@ -42,7 +42,7 @@ class ProfilesController < ApplicationController
return
end
if @user.update_attributes(params[:user])
if @user.update_attributes(password_attributes)
flash[:notice] = "Password was successfully updated. Please login with it"
redirect_to new_user_session_path
else
......
app/controllers/projects/application_controller.rb
View file @ f1fd4787
class Projects::ApplicationController < ApplicationController
before_filter :project
before_filter :repository
layout 'projects'
layout :determine_layout
def authenticate_user!
# Restrict access to Projects area only
# for non-signed users
if !current_user
id = params[:project_id] || params[:id]
@project = Project.find_with_namespace(id)
return if @project && @project.public
end
super
end
def determine_layout
if current_user
'projects'
else
'public_projects'
end
end
end
app/controllers/projects/hooks_controller.rb
View file @ f1fd4787
class Projects::HooksController < Projects::ApplicationController
# Authorize
before_filter :authorize_read_project!
before_filter :authorize_admin_project!, only: [:new, :create, :destroy]
before_filter :authorize_admin_project!
respond_to :html
......
app/controllers/projects/snippets_controller.rb
View file @ f1fd4787
......@@ -14,8 +14,6 @@ class Projects::SnippetsController < Projects::ApplicationController
# Allow destroy snippet
before_filter :authorize_admin_project_snippet!, only: [:destroy]
layout 'projects'
respond_to :html
def index
......
app/controllers/projects/team_members_controller.rb
View file @ f1fd4787
class Projects::TeamMembersController < Projects::ApplicationController
# Authorize
before_filter :authorize_read_project!
before_filter :authorize_admin_project!, except: [:index, :show]
before_filter :authorize_admin_project!
layout "project_settings"
......
app/controllers/projects_controller.rb
View file @ f1fd4787
class ProjectsController < Projects::ApplicationController
skip_before_filter :project, only: [:new, :create]
skip_before_filter :repository, only: [:new, :create]
class ProjectsController < ApplicationController
skip_before_filter :authenticate_user!, only: [:show]
before_filter :project, except: [:new, :create]
before_filter :repository, except: [:new, :create]
# Authorize
before_filter :authorize_read_project!, except: [:index, :new, :create]
......@@ -54,8 +55,9 @@ class ProjectsController < Projects::ApplicationController
end
def show
limit = (params[:limit] || 20).to_i
return authenticate_user! unless @project.public || current_user
limit = (params[:limit] || 20).to_i
@events = @project.events.recent
@events = event_filter.apply_filter(@events)
@events = @events.limit(limit).offset(params[:offset] || 0)
......@@ -67,10 +69,12 @@ class ProjectsController < Projects::ApplicationController
respond_to do |format|
format.html do
if @project.empty_repo?
render "projects/empty"
render "projects/empty", layout: user_layout
else
@last_push = current_user.recent_push(@project.id)
render :show
if current_user
@last_push = current_user.recent_push(@project.id)
end
render :show, layout: user_layout
end
end
format.js
......@@ -121,4 +125,8 @@ class ProjectsController < Projects::ApplicationController
def set_title
@title = 'New Project'
end
def user_layout
current_user ? "projects" : "public_projects"
end
end
app/controllers/public/projects_controller.rb
View file @ f1fd4787
......@@ -10,17 +10,4 @@ class Public::ProjectsController < ApplicationController
@projects = @projects.search(params[:search]) if params[:search].present?
@projects = @projects.includes(:namespace).order("namespaces.path, projects.name ASC").page(params[:page]).per(20)
end
def show
@project = Project.public_only.find_with_namespace(params[:id])
render_404 and return unless @project
@repository = @project.repository
unless @project.empty_repo?
@recent_tags = @repository.tags.first(10)
@commit = @repository.commit(params[:ref])
@tree = Tree.new(@repository, @commit.id)
end
end
end
app/helpers/application_helper.rb
View file @ f1fd4787
......@@ -90,6 +90,8 @@ module ApplicationHelper
end
def search_autocomplete_source
return unless current_user
projects = current_user.authorized_projects.map { |p| { label: "project: #{simple_sanitize(p.name_with_namespace)}", url: project_path(p) } }
groups = current_user.authorized_groups.map { |group| { label: "group: #{simple_sanitize(group.name)}", url: group_path(group) } }
......
app/helpers/projects_helper.rb
View file @ f1fd4787
......@@ -103,4 +103,20 @@ module ProjectsHelper
nav_tabs.flatten
end
def git_user_name
if current_user
current_user.name
else
"Your name"
end
end
def git_user_email
if current_user
current_user.email
else
"your@email.com"
end
end
end
app/models/ability.rb
View file @ f1fd4787
class Ability
class << self
def allowed(user, subject)
return not_auth_abilities(user, subject) if user.nil?
return [] unless user.kind_of?(User)
return [] if user.blocked?
......@@ -17,6 +18,34 @@ class Ability
end.concat(global_abilities(user))
end
# List of possible abilities
# for non-authenticated user
def not_auth_abilities(user, subject)
project = if subject.kind_of?(Project)
subject
elsif subject.respond_to?(:project)
subject.project
else
nil
end
if project && project.public
[
:read_project,
:read_wiki,
:read_issue,
:read_milestone,
:read_project_snippet,
:read_team_member,
:read_merge_request,
:read_note,
:download_code
]
else
[]
end
end
def global_abilities(user)
rules = []
rules << :create_group if user.can_create_group
......@@ -58,19 +87,9 @@ class Ability
end
def public_project_rules
[
project_guest_rules + [
:download_code,
:fork_project,
:read_project,
:read_wiki,
:read_issue,
:read_milestone,
:read_project_snippet,
:read_team_member,
:read_merge_request,
:read_note,
:write_issue,
:write_note
]
end
......@@ -135,7 +154,7 @@ class Ability
def group_abilities user, group
rules = []
if group.users.include?(user)
if group.users.include?(user) || user.admin?
rules << :read_group
end
......
app/models/group.rb
View file @ f1fd4787
......@@ -32,6 +32,10 @@ class Group < Namespace
end
end
def add_user(user, group_access)
self.users_groups.create(user_id: user.id, group_access: group_access)
end
def change_owner(user)
self.owner = user
membership = users_groups.where(user_id: user.id).first
......
app/views/layouts/_public_head_panel.html.haml 0 → 100644
View file @ f1fd4787
%header.navbar.navbar-static-top.navbar-gitlab
.navbar-inner
.container
%div.app_logo
%span.separator
= link_to public_root_path, class: "home" do
%h1 GITLAB
%span.separator
%h1.project_name
- if @project
= project_title(@project)
- else
Public Projects
%ul.nav
%li
%a
%div.hide.turbolink-spinner
%i.icon-refresh.icon-spin
Loading...
%li
= link_to "Sign in", new_session_path(:user), class: 'btn btn-sign-in'
app/views/layouts/devise.html.haml
View file @ f1fd4787
......@@ -6,5 +6,10 @@
.container
.content
%center
= image_tag image_path "login-logo.png"
%h1 GitLab
%p.light
GitLab is open source software to collaborate on code.
%br
#{link_to "Sign in", new_user_session_path} or browse for #{link_to "public projects", public_projects_path}.
%hr
= yield
app/views/layouts/public.html.haml
View file @ f1fd4787
!!! 5
%html{ lang: "en"}
= render "layouts/head", title: "Public Projects"
%body{class: "#{app_theme} application", :'data-page' => body_data_page}
%body{class: "ui_mars application", :'data-page' => body_data_page}
- if current_user
= render "layouts/head_panel", title: "Public Projects"
- else
%header.navbar.navbar-static-top.navbar-gitlab
.navbar-inner
.container
%div.app_logo
%span.separator
= link_to public_root_path, class: "home" do
%h1 GITLAB
%span.separator
%h1.project_name Public Projects
%ul.nav
%li
%a
%div.hide.turbolink-spinner
%i.icon-refresh.icon-spin
Loading...
%li
= link_to "Sign in", new_session_path(:user)
= render "layouts/public_head_panel"
.container.navless-container
.content
= yield
.content= yield
app/views/layouts/public_projects.html.haml 0 → 100644
View file @ f1fd4787
!!! 5
%html{ lang: "en"}
= render "layouts/head", title: @project.name_with_namespace
%body{class: "ui_mars application", :'data-page' => body_data_page}
= render "layouts/public_head_panel"
%nav.main-nav
.container= render 'layouts/nav/project'
.container
.content= yield
app/views/projects/_clone_panel.html.haml
View file @ f1fd4787
......@@ -5,7 +5,7 @@
.span3.pull-right
.pull-right
- unless @project.empty_repo?
- if can?(current_user, :fork_project, @project) && @project.namespace != current_user.namespace
- if current_user && can?(current_user, :fork_project, @project) && @project.namespace != current_user.namespace
- if current_user.already_forked?(@project)
= link_to project_path(current_user.fork_of(@project)), class: 'btn grouped disabled' do
%i.icon-code-fork
......@@ -19,37 +19,38 @@
%i.icon-download-alt
%span.only-wide Download
.dropdown.pull-right
%a.dropdown-toggle.btn{href: '#', "data-toggle" => "dropdown"}
%i.icon-plus-sign-alt
%span.only-wide New
%b.caret
%ul.dropdown-menu
- if @project.issues_enabled && can?(current_user, :write_issue, @project)
%li
= link_to url_for_new_issue, title: "New Issue" do
Issue
- if @project.merge_requests_enabled && can?(current_user, :write_merge_request, @project)
%li
= link_to new_project_merge_request_path(@project), title: "New Merge Request" do
Merge Request
- if @project.snippets_enabled && can?(current_user, :write_snippet, @project)
%li
= link_to new_project_snippet_path(@project), title: "New Snippet" do
Snippet
- if can? current_user, :push_code, @project
%li.divider
%li
= link_to new_project_branch_path(@project) do
%i.icon-code-fork
Git branch
%li
= link_to new_project_tag_path(@project) do
%i.icon-tag
Git tag
- if current_user
.dropdown.pull-right
%a.dropdown-toggle.btn{href: '#', "data-toggle" => "dropdown"}
%i.icon-plus-sign-alt
%span.only-wide New
%b.caret
%ul.dropdown-menu
- if @project.issues_enabled && can?(current_user, :write_issue, @project)
%li
= link_to url_for_new_issue, title: "New Issue" do
Issue
- if @project.merge_requests_enabled && can?(current_user, :write_merge_request, @project)
%li
= link_to new_project_merge_request_path(@project), title: "New Merge Request" do
Merge Request
- if @project.snippets_enabled && can?(current_user, :write_snippet, @project)
%li
= link_to new_project_snippet_path(@project), title: "New Snippet" do
Snippet
- if can? current_user, :push_code, @project
%li.divider
%li
= link_to new_project_branch_path(@project) do
%i.icon-code-fork
Git branch
%li
= link_to new_project_tag_path(@project) do
%i.icon-tag
Git tag
- if can?(current_user, :admin_team_member, @project)
%li.divider
%li
= link_to new_project_team_member_path(@project), title: "New project member" do
Project member
- if can?(current_user, :admin_team_member, @project)
%li.divider
%li
= link_to new_project_team_member_path(@project), title: "New project member" do
Project member
app/views/projects/commits/_head.html.haml
View file @ f1fd4787
......@@ -21,7 +21,7 @@
Stats
- if current_controller?(:commits) && current_user.private_token
- if current_user && current_controller?(:commits) && current_user.private_token
%li.pull-right
= link_to project_commits_path(@project, @ref, {format: :atom, private_token: current_user.private_token}), title: "Feed" do
%i.icon-rss
app/views/projects/empty.html.haml
View file @ f1fd4787
......@@ -16,8 +16,8 @@
%legend Git global setup:
%pre.dark
:preserve
git config --global user.name "#{current_user.name}"
git config --global user.email "#{current_user.email}"
git config --global user.name "#{git_user_name}"
git config --global user.email "#{git_user_email}"
%fieldset
%legend Create Repository
......
app/views/projects/issues/_head.html.haml
View file @ f1fd4787
......@@ -5,6 +5,7 @@
= link_to 'Milestones', project_milestones_path(@project), class: "tab"
= nav_link(controller: :labels) do
= link_to 'Labels', project_labels_path(@project), class: "tab"
%li.pull-right
= link_to project_issues_path(@project, :atom, { private_token: current_user.private_token }) do
%i.icon-rss
- if current_user
%li.pull-right
= link_to project_issues_path(@project, :atom, { private_token: current_user.private_token }) do
%i.icon-rss
app/views/projects/notes/_note.html.haml
View file @ f1fd4787
......@@ -5,7 +5,7 @@
%i.icon-link
Link here
&nbsp;
- if(note.author_id == current_user.id) || can?(current_user, :admin_note, @project)
- if(note.author_id == current_user.try(:id)) || can?(current_user, :admin_note, @project)
= link_to "#", title: "Edit comment", class: "js-note-edit" do
%i.icon-edit
Edit
......
app/views/public/projects/_tree.html.haml deleted 100644 → 0
View file @ a3c80673
- if tree.readme
= render "projects/tree/readme", readme: tree.readme
- else
.alert
%h3.nothing_here_message This project does not have README file
app/views/public/projects/index.html.haml
View file @ f1fd4787
......@@ -2,29 +2,40 @@
.span6
%h3.page-title
Projects (#{@projects.total_count})
%small with read-only access
.light
You can browse public projects in read-only mode until signed in.
.span6
.pull-right
= form_tag public_projects_path, method: :get, class: 'form-inline' do |f|
.search-holder
.controls
= search_field_tag :search, params[:search], placeholder: "Filter by name", class: "span3 search-text-input", id: "projects_search"
= submit_tag 'Search', class: "btn btn-primary wide"
= search_field_tag :search, params[:search], placeholder: "Filter by name", class: "span3 search-text-input", id: "projects_search"
= submit_tag 'Search', class: "btn btn-primary wide"
%hr
.public-projects
%ul.bordered-list
%ul.bordered-list.top-list
- @projects.each do |project|
%li
.project-title
%i.icon-share.cgray
= link_to public_project_path(project) do
%strong= project.name_with_namespace
%h4
= link_to project_path(project) do
= project.name_with_namespace
.pull-right
%pre.public-clone git clone #{project.http_url_to_repo}
- if project.description.present?
%div.description
%p
= project.description
.repo-info
- unless project.empty_repo?
= link_to pluralize(project.repository.round_commit_count, 'commit'), project_commits_path(project, project.default_branch)
&middot;
= link_to pluralize(project.repository.branch_names.count, 'branch'), project_branches_path(project)
&middot;
= link_to pluralize(project.repository.tag_names.count, 'tag'), project_tags_path(project)
- else
%i.icon-warning-sign
Empty repository
- unless @projects.present?
%h3.nothing_here_message No public projects
......
app/views/public/projects/show.html.haml deleted 100644 → 0
View file @ a3c80673
%h3.page-title
= @project.name_with_namespace
.pull-right
%pre.public-clone git clone #{@project.http_url_to_repo}
.pull-right
- if current_user
= link_to 'Browse project', @project, class: 'btn btn-create append-right-10'
%div
= link_to public_root_path do
&larr; To projects list
.pull-right
%span.light= @project.description
%br
.row
- unless @project.empty_repo?
.span9
= render 'tree', tree: @tree
.span3
%h5 Repository:
%div
%p
%span.light Bare size is
#{@project.repository.size} MB
%p
= pluralize(@repository.round_commit_count, 'commit')
%p
= pluralize(@repository.branch_names.count, 'branch')
%p
= pluralize(@repository.tag_names.count, 'tag')
- if @recent_tags.present?
%hr
%h5 Most Recent Tags:
%ul.unstyled
- @recent_tags.each do |tag|
%li
%p
%i.icon-tag
%strong= tag.name
%small.light.pull-right
%i.icon-calendar
= time_ago_in_words(tag.commit.committed_date)
ago
- else
= 'Empty Repository'
config/routes.rb
View file @ f1fd4787
......@@ -55,8 +55,6 @@ Gitlab::Application.routes.draw do
#
namespace :public do
resources :projects, only: [:index]
resources :projects, constraints: { id: /[a-zA-Z.\/0-9_\-]+/ }, only: [:show]
root to: "projects#index"
end
......
features/public/public_projects.feature
View file @ f1fd4787
......@@ -9,11 +9,10 @@ Feature: Public Projects Feature
And I should not see project "Enterprise"
Scenario: I visit public project page
When I visit public page for "Community" project
Then I should see public project details
And I should see project readme
When I visit project "Community" page
Then I should see project "Community" home page
Scenario: I visit an empty public project page
Given public empty project "Empty Public Project"
When I visit empty public project page
Then I should see empty public project details
\ No newline at end of file
When I visit empty project page
Then I should see empty public project details
features/steps/public/projects_feature.rb
View file @ f1fd4787
......@@ -11,7 +11,6 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps
step 'I should see project "Empty Public Project"' do
page.should have_content "Empty Public Project"
puts page.save_page('foo.html')
end
step 'I should see public project details' do
......@@ -24,26 +23,35 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps
end
step 'public project "Community"' do
create :project_with_code, name: 'Community', public: true
create :project_with_code, name: 'Community', public: true, default_branch: 'master'
end
step 'public empty project "Empty Public Project"' do
create :project, name: 'Empty Public Project', public: true
end
step 'I visit empty public project page' do
step 'I visit empty project page' do
project = Project.find_by_name('Empty Public Project')
visit public_project_path(project)
visit project_path(project)
end
step 'I visit project "Community" page' do
project = Project.find_by_name('Community')
visit project_path(project)
end
step 'I should see empty public project details' do
page.should have_content 'Empty Repository'
page.should have_content 'Git global setup'
end
step 'private project "Enterprise"' do
create :project, name: 'Enterprise'
end
step 'I should see project "Community" home page' do
page.should have_content 'Repo size is'
end
private
def project
......
spec/features/security/dashboard_access_spec.rb 0 → 100644
View file @ f1fd4787
require 'spec_helper'
describe "Dashboard access" do
describe "GET /dashboard" do
subject { dashboard_path }
it { should be_allowed_for :admin }
it { should be_allowed_for :user }
it { should be_denied_for :visitor }
end
describe "GET /dashboard/issues" do
subject { issues_dashboard_path }
it { should be_allowed_for :admin }
it { should be_allowed_for :user }
it { should be_denied_for :visitor }
end
describe "GET /dashboard/merge_requests" do
subject { merge_requests_dashboard_path }
it { should be_allowed_for :admin }
it { should be_allowed_for :user }
it { should be_denied_for :visitor }
end
describe "GET /dashboard/projects" do
subject { projects_dashboard_path }
it { should be_allowed_for :admin }
it { should be_allowed_for :user }
it { should be_denied_for :visitor }
end
describe "GET /help" do
subject { help_path }
it { should be_allowed_for :admin }
it { should be_allowed_for :user }
it { should be_denied_for :visitor }
end
describe "GET /projects/new" do
it { new_project_path.should be_allowed_for :admin }
it { new_project_path.should be_allowed_for :user }
it { new_project_path.should be_denied_for :visitor }
end
describe "GET /groups/new" do
it { new_group_path.should be_allowed_for :admin }
it { new_group_path.should be_allowed_for :user }
it { new_group_path.should be_denied_for :visitor }
end
end
spec/features/security/group_access_spec.rb 0 → 100644
View file @ f1fd4787
require 'spec_helper'
describe "Group access" do
describe "GET /projects/new" do
it { new_group_path.should be_allowed_for :admin }
it { new_group_path.should be_allowed_for :user }
it { new_group_path.should be_denied_for :visitor }
end
describe "Group" do
let(:group) { create(:group) }
let(:master) { create(:user) }
let(:reporter) { create(:user) }
let(:guest) { create(:user) }
before do
group.add_user(master, Gitlab::Access::MASTER)
group.add_user(reporter, Gitlab::Access::REPORTER)
group.add_user(guest, Gitlab::Access::GUEST)
end
describe "GET /groups/:path" do
subject { group_path(group) }
it { should be_allowed_for group.owner }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /groups/:path/issues" do
subject { issues_group_path(group) }
it { should be_allowed_for group.owner }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /groups/:path/merge_requests" do
subject { merge_requests_group_path(group) }
it { should be_allowed_for group.owner }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /groups/:path/members" do
subject { members_group_path(group) }
it { should be_allowed_for group.owner }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /groups/:path/edit" do
subject { edit_group_path(group) }
it { should be_allowed_for group.owner }
it { should be_denied_for master }
it { should be_denied_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
end
end
spec/features/security/profile_access_spec.rb
View file @ f1fd4787
......@@ -45,5 +45,32 @@ describe "Users Security" do
it { should be_allowed_for :user }
it { should be_denied_for :visitor }
end
describe "GET /profile/history" do
subject { history_profile_path }
it { should be_allowed_for @u1 }
it { should be_allowed_for :admin }
it { should be_allowed_for :user }
it { should be_denied_for :visitor }
end
describe "GET /profile/notifications" do
subject { profile_notifications_path }
it { should be_allowed_for @u1 }
it { should be_allowed_for :admin }
it { should be_allowed_for :user }
it { should be_denied_for :visitor }
end
describe "GET /profile/groups" do
subject { profile_groups_path }
it { should be_allowed_for @u1 }
it { should be_allowed_for :admin }
it { should be_allowed_for :user }
it { should be_denied_for :visitor }
end
end
end
spec/features/security/project/private_access_spec.rb 0 → 100644
View file @ f1fd4787
require 'spec_helper'
describe "Private Project Access" do
let(:project) { create(:project_with_code) }
let(:master) { create(:user) }
let(:guest) { create(:user) }
let(:reporter) { create(:user) }
before do
# full access
project.team << [master, :master]
# readonly
project.team << [reporter, :reporter]
end
describe "GET /:project_path" do
subject { project_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/tree/master" do
subject { project_tree_path(project, project.repository.root_ref) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/commits/master" do
subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/commit/:sha" do
subject { project_commit_path(project, project.repository.commit) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/compare" do
subject { project_compare_index_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/team" do
subject { project_team_index_path(project) }
it { should be_allowed_for master }
it { should be_denied_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/wall" do
subject { project_wall_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/blob" do
before do
commit = project.repository.commit
path = commit.tree.contents.select { |i| i.is_a?(Grit::Blob) }.first.name
@blob_path = project_blob_path(project, File.join(commit.id, path))
end
it { @blob_path.should be_allowed_for master }
it { @blob_path.should be_allowed_for reporter }
it { @blob_path.should be_allowed_for :admin }
it { @blob_path.should be_denied_for guest }
it { @blob_path.should be_denied_for :user }
it { @blob_path.should be_denied_for :visitor }
end
describe "GET /:project_path/edit" do
subject { edit_project_path(project) }
it { should be_allowed_for master }
it { should be_denied_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/deploy_keys" do
subject { project_deploy_keys_path(project) }
it { should be_allowed_for master }
it { should be_denied_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/issues" do
subject { project_issues_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/snippets" do
subject { project_snippets_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/merge_requests" do
subject { project_merge_requests_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/branches/recent" do
subject { recent_project_branches_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/branches" do
subject { project_branches_path(project) }
before do
# Speed increase
Project.any_instance.stub(:branches).and_return([])
end
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/tags" do
subject { project_tags_path(project) }
before do
# Speed increase
Project.any_instance.stub(:tags).and_return([])
end
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/hooks" do
subject { project_hooks_path(project) }
it { should be_allowed_for master }
it { should be_denied_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
end
spec/features/security/project/public_access_spec.rb 0 → 100644
View file @ f1fd4787
require 'spec_helper'
describe "Public Project Access" do
let(:project) { create(:project_with_code) }
let(:master) { create(:user) }
let(:guest) { create(:user) }
let(:reporter) { create(:user) }
before do
# public project
project.public = true
project.save!
# full access
project.team << [master, :master]
# readonly
project.team << [reporter, :reporter]
end
describe "Project should be public" do
subject { project }
its(:public?) { should be_true }
end
describe "GET /:project_path" do
subject { project_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_allowed_for :user }
it { should be_allowed_for :visitor }
end
describe "GET /:project_path/tree/master" do
subject { project_tree_path(project, project.repository.root_ref) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_allowed_for :user }
it { should be_allowed_for :visitor }
end
describe "GET /:project_path/commits/master" do
subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_allowed_for :user }
it { should be_allowed_for :visitor }
end
describe "GET /:project_path/commit/:sha" do
subject { project_commit_path(project, project.repository.commit) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_allowed_for :user }
it { should be_allowed_for :visitor }
end
describe "GET /:project_path/compare" do
subject { project_compare_index_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_allowed_for :user }
it { should be_allowed_for :visitor }
end
describe "GET /:project_path/team" do
subject { project_team_index_path(project) }
it { should be_allowed_for master }
it { should be_denied_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/wall" do
subject { project_wall_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_allowed_for :user }
it { should be_allowed_for :visitor }
end
describe "GET /:project_path/blob" do
before do
commit = project.repository.commit
path = commit.tree.contents.select { |i| i.is_a?(Grit::Blob) }.first.name
@blob_path = project_blob_path(project, File.join(commit.id, path))
end
it { @blob_path.should be_allowed_for master }
it { @blob_path.should be_allowed_for reporter }
it { @blob_path.should be_allowed_for :admin }
it { @blob_path.should be_allowed_for guest }
it { @blob_path.should be_allowed_for :user }
it { @blob_path.should be_allowed_for :visitor }
end
describe "GET /:project_path/edit" do
subject { edit_project_path(project) }
it { should be_allowed_for master }
it { should be_denied_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/deploy_keys" do
subject { project_deploy_keys_path(project) }
it { should be_allowed_for master }
it { should be_denied_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/issues" do
subject { project_issues_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_allowed_for :user }
it { should be_allowed_for :visitor }
end
describe "GET /:project_path/snippets" do
subject { project_snippets_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_allowed_for :user }
it { should be_allowed_for :visitor }
end
describe "GET /:project_path/snippets/new" do
subject { new_project_snippet_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/merge_requests" do
subject { project_merge_requests_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_allowed_for :user }
it { should be_allowed_for :visitor }
end
describe "GET /:project_path/merge_requests/new" do
subject { new_project_merge_request_path(project) }
it { should be_allowed_for master }
it { should be_denied_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/branches/recent" do
subject { recent_project_branches_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_allowed_for :user }
it { should be_allowed_for :visitor }
end
describe "GET /:project_path/branches" do
subject { project_branches_path(project) }
before do
# Speed increase
Project.any_instance.stub(:branches).and_return([])
end
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_allowed_for :user }
it { should be_allowed_for :visitor }
end
describe "GET /:project_path/tags" do
subject { project_tags_path(project) }
before do
# Speed increase
Project.any_instance.stub(:tags).and_return([])
end
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_allowed_for :user }
it { should be_allowed_for :visitor }
end
describe "GET /:project_path/hooks" do
subject { project_hooks_path(project) }
it { should be_allowed_for master }
it { should be_denied_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
end
spec/features/security/project_access_spec.rb deleted 100644 → 0
View file @ a3c80673
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7