Commit 0a7f7161 authored by Felipe Artur's avatar Felipe Artur

Code fixes

parent a18ac627
...@@ -115,6 +115,24 @@ ...@@ -115,6 +115,24 @@
color: #4c4e54; color: #4c4e54;
font-size: 23px; font-size: 23px;
line-height: 1.1; line-height: 1.1;
h1 {
color: #313236;
margin-bottom: 6px;
font-size: 23px;
}
.visibility-icon {
display: inline-block;
margin-left: 5px;
font-size: 18px;
color: $gray;
}
p {
padding: 0 $gl-padding;
color: #5c5d5e;
}
} }
.cover-desc { .cover-desc {
......
...@@ -385,25 +385,3 @@ table { ...@@ -385,25 +385,3 @@ table {
margin-right: -$gl-padding; margin-right: -$gl-padding;
border-top: 1px solid $border-color; border-top: 1px solid $border-color;
} }
.cover-title{
h1 {
color: #313236;
margin: 0;
margin-bottom: 6px;
font-size: 23px;
font-weight: normal;
}
.visibility-icon {
display: inline-block;
margin-left: 5px;
font-size: 18px;
color: $gray;
}
p {
padding: 0 $gl-padding;
color: #5c5d5e;
}
}
...@@ -28,9 +28,9 @@ class GroupsController < Groups::ApplicationController ...@@ -28,9 +28,9 @@ class GroupsController < Groups::ApplicationController
end end
def create def create
@group = Group.new(group_params) @group = Groups::CreateService.new(current_user, group_params).execute
if Groups::CreateService.new(@group, current_user, group_params).execute if @group.persisted?
redirect_to @group, notice: "Group '#{@group.name}' was successfully created." redirect_to @group, notice: "Group '#{@group.name}' was successfully created."
else else
render action: "new" render action: "new"
......
...@@ -10,8 +10,9 @@ class ContributedProjectsFinder ...@@ -10,8 +10,9 @@ class ContributedProjectsFinder
# visible by this user. # visible by this user.
# #
# Returns an ActiveRecord::Relation. # Returns an ActiveRecord::Relation.
def execute(current_user = nil) def execute(current_user = nil)
if current_user && !current_user.external? if current_user
relation = projects_visible_to_user(current_user) relation = projects_visible_to_user(current_user)
else else
relation = public_projects relation = public_projects
...@@ -24,9 +25,7 @@ class ContributedProjectsFinder ...@@ -24,9 +25,7 @@ class ContributedProjectsFinder
def projects_visible_to_user(current_user) def projects_visible_to_user(current_user)
authorized = @user.contributed_projects.visible_to_user(current_user) authorized = @user.contributed_projects.visible_to_user(current_user)
union = Gitlab::SQL::Union.new([authorized.select(:id), public_projects.select(:id)])
union = Gitlab::SQL::Union.
new([authorized.select(:id), public_projects.select(:id)])
Project.where("projects.id IN (#{union.to_sql})") Project.where("projects.id IN (#{union.to_sql})")
end end
......
...@@ -14,9 +14,17 @@ class GroupsFinder ...@@ -14,9 +14,17 @@ class GroupsFinder
def all_groups(current_user) def all_groups(current_user)
if current_user if current_user
[current_user.authorized_groups, Group.unscoped.public_and_internal_only] user_groups(current_user)
else else
[Group.unscoped.public_only] [Group.unscoped.public_only]
end end
end end
def user_groups(current_user)
if current_user.external?
[current_user.authorized_groups, Group.unscoped.public_only]
else
[current_user.authorized_groups, Group.unscoped.public_and_internal_only]
end
end
end end
...@@ -12,7 +12,7 @@ class JoinedGroupsFinder ...@@ -12,7 +12,7 @@ class JoinedGroupsFinder
# #
# Returns an ActiveRecord::Relation. # Returns an ActiveRecord::Relation.
def execute(current_user = nil) def execute(current_user = nil)
if current_user && !current_user.external? if current_user
relation = groups_visible_to_user(current_user) relation = groups_visible_to_user(current_user)
else else
relation = public_groups relation = public_groups
...@@ -29,7 +29,7 @@ class JoinedGroupsFinder ...@@ -29,7 +29,7 @@ class JoinedGroupsFinder
# "@user" that "current_user" also has access to. # "@user" that "current_user" also has access to.
def groups_visible_to_user(current_user) def groups_visible_to_user(current_user)
base = @user.authorized_groups.visible_to_user(current_user) base = @user.authorized_groups.visible_to_user(current_user)
extra = public_and_internal_groups extra = current_user.external? ? public_groups : public_and_internal_groups
union = Gitlab::SQL::Union.new([base.select(:id), extra.select(:id)]) union = Gitlab::SQL::Union.new([base.select(:id), extra.select(:id)])
Group.where("namespaces.id IN (#{union.to_sql})") Group.where("namespaces.id IN (#{union.to_sql})")
......
...@@ -11,7 +11,7 @@ class PersonalProjectsFinder ...@@ -11,7 +11,7 @@ class PersonalProjectsFinder
# #
# Returns an ActiveRecord::Relation. # Returns an ActiveRecord::Relation.
def execute(current_user = nil) def execute(current_user = nil)
if current_user && !current_user.external? if current_user
relation = projects_visible_to_user(current_user) relation = projects_visible_to_user(current_user)
else else
relation = public_projects relation = public_projects
...@@ -23,10 +23,7 @@ class PersonalProjectsFinder ...@@ -23,10 +23,7 @@ class PersonalProjectsFinder
private private
def projects_visible_to_user(current_user) def projects_visible_to_user(current_user)
authorized = @user.personal_projects.visible_to_user(current_user) union = Gitlab::SQL::Union.new(projects_for_user_ids(current_user))
union = Gitlab::SQL::Union.
new([authorized.select(:id), public_and_internal_projects.select(:id)])
Project.where("projects.id IN (#{union.to_sql})") Project.where("projects.id IN (#{union.to_sql})")
end end
...@@ -38,4 +35,14 @@ class PersonalProjectsFinder ...@@ -38,4 +35,14 @@ class PersonalProjectsFinder
def public_and_internal_projects def public_and_internal_projects
@user.personal_projects.public_and_internal_only @user.personal_projects.public_and_internal_only
end end
def projects_for_user_ids(current_user)
authorized = @user.personal_projects.visible_to_user(current_user)
if current_user.external?
[authorized.select(:id), public_projects.select(:id)]
else
[authorized.select(:id), public_and_internal_projects.select(:id)]
end
end
end end
...@@ -295,11 +295,8 @@ class Ability ...@@ -295,11 +295,8 @@ class Ability
end end
def can_read_group?(user, group) def can_read_group?(user, group)
if user.external? user.admin? || group.public? || (group.internal? && !user.external?) || group.users.include?(user) ||
group.public? || ProjectsFinder.new.execute(user, group: group).any? ProjectsFinder.new.execute(user, group: group).any?
else
user.admin? || group.public? || group.internal? || group.users.include?(user) || ProjectsFinder.new.execute(user, group: group).any?
end
end end
def namespace_abilities(user, namespace) def namespace_abilities(user, namespace)
......
...@@ -6,8 +6,20 @@ module Groups ...@@ -6,8 +6,20 @@ module Groups
@group, @current_user, @params = group, user, params.dup @group, @current_user, @params = group, user, params.dup
end end
def add_error_message(message) private
group.errors.add(:visibility_level, message)
def visibility_allowed_for_user?(level)
allowed_by_user = Gitlab::VisibilityLevel.allowed_for?(current_user, level)
@group.errors.add(:visibility_level, "You are not authorized to set this permission level.") unless allowed_by_user
allowed_by_user
end
def visibility_allowed_for_project?(level)
projects_visibility = group.projects.pluck(:visibility_level)
allowed_by_projects = !projects_visibility.any? { |project_visibility| level.to_i < project_visibility }
@group.errors.add(:visibility_level, "Cannot be changed. There are projects with higher visibility permissions.") unless allowed_by_projects
allowed_by_projects
end end
end end
end end
module Groups module Groups
class CreateService < Groups::BaseService class CreateService < Groups::BaseService
def execute def initialize(user, params = {})
return false unless visibility_level_allowed?(params[:visibility_level]) @current_user, @params = user, params.dup
@group.name = @group.path.dup unless @group.name @group = Group.new(@params)
@group.save(params) && @group.add_owner(current_user)
end end
private def execute
return @group unless visibility_allowed_for_user?(@params[:visibility_level])
def visibility_level_allowed?(level) @group.name = @group.path.dup unless @group.name
allowed = Gitlab::VisibilityLevel.allowed_for?(current_user, params[:visibility_level]) @group.save
add_error_message("Visibility level restricted by admin.") unless allowed @group.add_owner(@current_user)
allowed @group
end end
end end
end end
...@@ -14,24 +14,7 @@ module Groups ...@@ -14,24 +14,7 @@ module Groups
def visibility_level_allowed?(level) def visibility_level_allowed?(level)
return true unless level.present? return true unless level.present?
allowed_by_projects = visibility_by_project(level) visibility_allowed_for_project?(level) && visibility_allowed_for_user?(level)
allowed_by_user = visibility_by_user(level)
allowed_by_projects && allowed_by_user
end
def visibility_by_project(level)
projects_visibility = group.projects.pluck(:visibility_level)
allowed_by_projects = !projects_visibility.any?{ |project_visibility| level.to_i < project_visibility }
add_error_message("Cannot be changed. There are projects with higher visibility permissions.") unless allowed_by_projects
allowed_by_projects
end
def visibility_by_user(level)
allowed_by_user = Gitlab::VisibilityLevel.allowed_for?(current_user, level)
add_error_message("You are not authorized to set this permission level.") unless allowed_by_user
allowed_by_user
end end
end end
end end
...@@ -18,7 +18,7 @@ ...@@ -18,7 +18,7 @@
%h1 %h1
= @group.name = @group.name
%span.visibility-icon.has_tooltip{data: { container: 'body', placement: 'left' }, title: "#{visibility_level_label(@group.visibility_level)} - #{group_visibility_description(@group)}"} %span.visibility-icon.has_tooltip{data: { container: 'body', placement: 'left' }, title: "#{group_visibility_description(@group)}"}
= visibility_level_icon(@group.visibility_level, fw: false) = visibility_level_icon(@group.visibility_level, fw: false)
.cover-desc.username .cover-desc.username
...@@ -28,14 +28,6 @@ ...@@ -28,14 +28,6 @@
.cover-desc.description .cover-desc.description
= markdown(@group.description, pipeline: :description) = markdown(@group.description, pipeline: :description)
%ul.nav-links
%li.active
= link_to "#activity", 'data-toggle' => 'tab' do
Activity
%li
= link_to "#projects", 'data-toggle' => 'tab' do
Projects
- if can?(current_user, :read_group, @group) - if can?(current_user, :read_group, @group)
%div{ class: container_class } %div{ class: container_class }
.top-area .top-area
......
...@@ -90,10 +90,6 @@ production: &base ...@@ -90,10 +90,6 @@ production: &base
snippets: false snippets: false
builds: true builds: true
## Default group features settings
default_groups_features:
visibility_level: 20
## Webhook settings ## Webhook settings
# Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10) # Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10)
# webhook_timeout: 10 # webhook_timeout: 10
......
...@@ -13,15 +13,9 @@ class AddDefaultGroupVisibilityToApplicationSettings < ActiveRecord::Migration ...@@ -13,15 +13,9 @@ class AddDefaultGroupVisibilityToApplicationSettings < ActiveRecord::Migration
end end
private private
def allowed_visibility_level
default_visibility = Settings.gitlab.default_groups_features['visibility_level']
restricted_levels = current_application_settings.restricted_visibility_levels
return default_visibility unless restricted_levels.present?
if restricted_levels.include?(default_visibility) def allowed_visibility_level
Gitlab::VisibilityLevel.values.select{ |vis_level| vis_level unless restricted_levels.include?(vis_level) }.last allowed_levels = Gitlab::VisibilityLevel.values - current_application_settings.restricted_visibility_levels
else allowed_levels.max
default_visibility
end
end end
end end
...@@ -29,7 +29,6 @@ module Gitlab ...@@ -29,7 +29,6 @@ module Gitlab
session_expire_delay: Settings.gitlab['session_expire_delay'], session_expire_delay: Settings.gitlab['session_expire_delay'],
default_project_visibility: Settings.gitlab.default_projects_features['visibility_level'], default_project_visibility: Settings.gitlab.default_projects_features['visibility_level'],
default_snippet_visibility: Settings.gitlab.default_projects_features['visibility_level'], default_snippet_visibility: Settings.gitlab.default_projects_features['visibility_level'],
default_group_visibility: Settings.gitlab.default_groups_features['visibility_level'],
restricted_signup_domains: Settings.gitlab['restricted_signup_domains'], restricted_signup_domains: Settings.gitlab['restricted_signup_domains'],
import_sources: ['github','bitbucket','gitlab','gitorious','google_code','fogbugz','git'], import_sources: ['github','bitbucket','gitlab','gitorious','google_code','fogbugz','git'],
shared_runners_enabled: Settings.gitlab_ci['shared_runners_enabled'], shared_runners_enabled: Settings.gitlab_ci['shared_runners_enabled'],
......
...@@ -6,19 +6,18 @@ ...@@ -6,19 +6,18 @@
module Gitlab module Gitlab
module VisibilityLevel module VisibilityLevel
extend CurrentSettings extend CurrentSettings
extend ActiveSupport::Concern
included do
scope :public_only, -> { where(visibility_level: PUBLIC) }
scope :public_and_internal_only, -> { where(visibility_level: [PUBLIC, INTERNAL] ) }
end
PRIVATE = 0 unless const_defined?(:PRIVATE) PRIVATE = 0 unless const_defined?(:PRIVATE)
INTERNAL = 10 unless const_defined?(:INTERNAL) INTERNAL = 10 unless const_defined?(:INTERNAL)
PUBLIC = 20 unless const_defined?(:PUBLIC) PUBLIC = 20 unless const_defined?(:PUBLIC)
class << self class << self
def included(base)
base.class_eval do
scope :public_only, -> { where(visibility_level: PUBLIC) }
scope :public_and_internal_only, -> { where(visibility_level: [PUBLIC, INTERNAL] ) }
end
end
def values def values
options.values options.values
end end
......
...@@ -12,9 +12,12 @@ describe 'Internal group access', feature: true do ...@@ -12,9 +12,12 @@ describe 'Internal group access', feature: true do
it { is_expected.to be_allowed_for group_member(:master) } it { is_expected.to be_allowed_for group_member(:master) }
it { is_expected.to be_allowed_for group_member(:reporter) } it { is_expected.to be_allowed_for group_member(:reporter) }
it { is_expected.to be_allowed_for group_member(:guest) } it { is_expected.to be_allowed_for group_member(:guest) }
it { is_expected.to be_allowed_for external_guest }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :user }
it { is_expected.to_not be_allowed_for :visitor } it { is_expected.to be_denied_for :visitor }
it { is_expected.to be_denied_for :external }
end end
context "when user in group project" do context "when user in group project" do
...@@ -31,9 +34,11 @@ describe 'Internal group access', feature: true do ...@@ -31,9 +34,11 @@ describe 'Internal group access', feature: true do
it { is_expected.to be_allowed_for group_member(:master) } it { is_expected.to be_allowed_for group_member(:master) }
it { is_expected.to be_allowed_for group_member(:reporter) } it { is_expected.to be_allowed_for group_member(:reporter) }
it { is_expected.to be_allowed_for group_member(:guest) } it { is_expected.to be_allowed_for group_member(:guest) }
it { is_expected.to be_allowed_for external_guest }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :user }
it { is_expected.to_not be_allowed_for :visitor } it { is_expected.to be_denied_for :visitor }
it { is_expected.to be_denied_for :external }
end end
context "when user in group project" do context "when user in group project" do
...@@ -50,9 +55,11 @@ describe 'Internal group access', feature: true do ...@@ -50,9 +55,11 @@ describe 'Internal group access', feature: true do
it { is_expected.to be_allowed_for group_member(:master) } it { is_expected.to be_allowed_for group_member(:master) }
it { is_expected.to be_allowed_for group_member(:reporter) } it { is_expected.to be_allowed_for group_member(:reporter) }
it { is_expected.to be_allowed_for group_member(:guest) } it { is_expected.to be_allowed_for group_member(:guest) }
it { is_expected.to be_allowed_for external_guest }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :user }
it { is_expected.to_not be_allowed_for :visitor } it { is_expected.to be_denied_for :visitor }
it { is_expected.to be_denied_for :external }
end end
context "when user in group project" do context "when user in group project" do
...@@ -70,9 +77,11 @@ describe 'Internal group access', feature: true do ...@@ -70,9 +77,11 @@ describe 'Internal group access', feature: true do
it { is_expected.to be_allowed_for group_member(:master) } it { is_expected.to be_allowed_for group_member(:master) }
it { is_expected.to be_allowed_for group_member(:reporter) } it { is_expected.to be_allowed_for group_member(:reporter) }
it { is_expected.to be_allowed_for group_member(:guest) } it { is_expected.to be_allowed_for group_member(:guest) }
it { is_expected.to be_allowed_for external_guest }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :user }
it { is_expected.to_not be_allowed_for :visitor } it { is_expected.to be_denied_for :visitor }
it { is_expected.to be_denied_for :external }
end end
context "when user in group project" do context "when user in group project" do
...@@ -89,9 +98,11 @@ describe 'Internal group access', feature: true do ...@@ -89,9 +98,11 @@ describe 'Internal group access', feature: true do
it { is_expected.to be_allowed_for group_member(:master) } it { is_expected.to be_allowed_for group_member(:master) }
it { is_expected.to be_allowed_for group_member(:reporter) } it { is_expected.to be_allowed_for group_member(:reporter) }
it { is_expected.to be_allowed_for group_member(:guest) } it { is_expected.to be_allowed_for group_member(:guest) }
it { is_expected.to be_allowed_for external_guest }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :user }
it { is_expected.to_not be_allowed_for :visitor } it { is_expected.to be_denied_for :visitor }
it { is_expected.to be_denied_for :external }
end end
context "when user in group project" do context "when user in group project" do
......
...@@ -14,9 +14,11 @@ describe 'Private group access', feature: true do ...@@ -14,9 +14,11 @@ describe 'Private group access', feature: true do
it { is_expected.to be_allowed_for group_member(:master) } it { is_expected.to be_allowed_for group_member(:master) }
it { is_expected.to be_allowed_for group_member(:reporter) } it { is_expected.to be_allowed_for group_member(:reporter) }
it { is_expected.to be_allowed_for group_member(:guest) } it { is_expected.to be_allowed_for group_member(:guest) }
it { is_expected.to be_allowed_for external_guest }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for :admin }
it { is_expected.to_not be_allowed_for :user } it { is_expected.to be_denied_for :user }
it { is_expected.to_not be_allowed_for :visitor } it { is_expected.to be_denied_for :visitor }
it { is_expected.to be_denied_for :external }
end end
context "when user in group project" do context "when user in group project" do
...@@ -33,9 +35,11 @@ describe 'Private group access', feature: true do ...@@ -33,9 +35,11 @@ describe 'Private group access', feature: true do
it { is_expected.to be_allowed_for group_member(:master) } it { is_expected.to be_allowed_for group_member(:master) }
it { is_expected.to be_allowed_for group_member(:reporter) } it { is_expected.to be_allowed_for group_member(:reporter) }
it { is_expected.to be_allowed_for group_member(:guest) } it { is_expected.to be_allowed_for group_member(:guest) }
it { is_expected.to be_allowed_for external_guest }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for :admin }
it { is_expected.to_not be_allowed_for :user } it { is_expected.to be_denied_for :user }
it { is_expected.to_not be_allowed_for :visitor } it { is_expected.to be_denied_for :visitor }
it { is_expected.to be_denied_for :external }
end end
context "when user in group project" do context "when user in group project" do
...@@ -52,9 +56,11 @@ describe 'Private group access', feature: true do ...@@ -52,9 +56,11 @@ describe 'Private group access', feature: true do
it { is_expected.to be_allowed_for group_member(:master) } it { is_expected.to be_allowed_for group_member(:master) }
it { is_expected.to be_allowed_for group_member(:reporter) } it { is_expected.to be_allowed_for group_member(:reporter) }
it { is_expected.to be_allowed_for group_member(:guest) } it { is_expected.to be_allowed_for group_member(:guest) }
it { is_expected.to be_allowed_for external_guest }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for :admin }
it { is_expected.to_not be_allowed_for :user } it { is_expected.to be_denied_for :user }
it { is_expected.to_not be_allowed_for :visitor } it { is_expected.to be_denied_for :visitor }
it { is_expected.to be_denied_for :external }
end end
context "when user in group project" do context "when user in group project" do
...@@ -72,9 +78,11 @@ describe 'Private group access', feature: true do ...@@ -72,9 +78,11 @@ describe 'Private group access', feature: true do
it { is_expected.to be_allowed_for group_member(:master) } it { is_expected.to be_allowed_for group_member(:master) }
it { is_expected.to be_allowed_for group_member(:reporter) } it { is_expected.to be_allowed_for group_member(:reporter) }
it { is_expected.to be_allowed_for group_member(:guest) } it { is_expected.to be_allowed_for group_member(:guest) }
it { is_expected.to be_allowed_for external_guest }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for :admin }
it { is_expected.to_not be_allowed_for :user } it { is_expected.to be_denied_for :user }
it { is_expected.to_not be_allowed_for :visitor } it { is_expected.to be_denied_for :visitor }
it { is_expected.to be_denied_for :external }
end end
context "when user in group project" do context "when user in group project" do
...@@ -91,9 +99,11 @@ describe 'Private group access', feature: true do ...@@ -91,9 +99,11 @@ describe 'Private group access', feature: true do
it { is_expected.to be_allowed_for group_member(:master) } it { is_expected.to be_allowed_for group_member(:master) }
it { is_expected.to be_allowed_for group_member(:reporter) } it { is_expected.to be_allowed_for group_member(:reporter) }
it { is_expected.to be_allowed_for group_member(:guest) } it { is_expected.to be_allowed_for group_member(:guest) }
it { is_expected.to be_allowed_for external_guest }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for :admin }
it { is_expected.to_not be_allowed_for :user } it { is_expected.to be_denied_for :user }
it { is_expected.to_not be_allowed_for :visitor } it { is_expected.to be_denied_for :visitor }
it { is_expected.to be_denied_for :external }
end end
context "when user in group project" do context "when user in group project" do
......
...@@ -14,9 +14,11 @@ describe 'Public group access', feature: true do ...@@ -14,9 +14,11 @@ describe 'Public group access', feature: true do
it { is_expected.to be_allowed_for group_member(:master) } it { is_expected.to be_allowed_for group_member(:master) }
it { is_expected.to be_allowed_for group_member(:reporter) } it { is_expected.to be_allowed_for group_member(:reporter) }
it { is_expected.to be_allowed_for group_member(:guest) } it { is_expected.to be_allowed_for group_member(:guest) }
it { is_expected.to be_allowed_for external_guest }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :user }
it { is_expected.to be_allowed_for :visitor } it { is_expected.to be_allowed_for :visitor }
it { is_expected.to be_allowed_for :external }
end end
context "when user in group project" do context "when user in group project" do
...@@ -33,9 +35,11 @@ describe 'Public group access', feature: true do ...@@ -33,9 +35,11 @@ describe 'Public group access', feature: true do
it { is_expected.to be_allowed_for group_member(:master) } it { is_expected.to be_allowed_for group_member(:master) }
it { is_expected.to be_allowed_for group_member(:reporter) } it { is_expected.to be_allowed_for group_member(:reporter) }
it { is_expected.to be_allowed_for group_member(:guest) } it { is_expected.to be_allowed_for group_member(:guest) }
it { is_expected.to be_allowed_for external_guest }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :user }
it { is_expected.to be_allowed_for :visitor } it { is_expected.to be_allowed_for :visitor }
it { is_expected.to be_allowed_for :external }
end end
context "when user in group project" do context "when user in group project" do
...@@ -52,9 +56,11 @@ describe 'Public group access', feature: true do ...@@ -52,9 +56,11 @@ describe 'Public group access', feature: true do
it { is_expected.to be_allowed_for group_member(:master) } it { is_expected.to be_allowed_for group_member(:master) }
it { is_expected.to be_allowed_for group_member(:reporter) } it { is_expected.to be_allowed_for group_member(:reporter) }
it { is_expected.to be_allowed_for group_member(:guest) } it { is_expected.to be_allowed_for group_member(:guest) }
it { is_expected.to be_allowed_for external_guest }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :user }
it { is_expected.to be_allowed_for :visitor } it { is_expected.to be_allowed_for :visitor }
it { is_expected.to be_allowed_for :external }
end end
context "when user in group project" do context "when user in group project" do
...@@ -72,9 +78,11 @@ describe 'Public group access', feature: true do ...@@ -72,9 +78,11 @@ describe 'Public group access', feature: true do
it { is_expected.to be_allowed_for group_member(:master) } it { is_expected.to be_allowed_for group_member(:master) }
it { is_expected.to be_allowed_for group_member(:reporter) } it { is_expected.to be_allowed_for group_member(:reporter) }
it { is_expected.to be_allowed_for group_member(:guest) } it { is_expected.to be_allowed_for group_member(:guest) }
it { is_expected.to be_allowed_for external_guest }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :user }
it { is_expected.to be_allowed_for :visitor } it { is_expected.to be_allowed_for :visitor }
it { is_expected.to be_allowed_for :external }
end end
context "when user in group project" do context "when user in group project" do
...@@ -91,9 +99,11 @@ describe 'Public group access', feature: true do ...@@ -91,9 +99,11 @@ describe 'Public group access', feature: true do
it { is_expected.to be_allowed_for group_member(:master) } it { is_expected.to be_allowed_for group_member(:master) }
it { is_expected.to be_allowed_for group_member(:reporter) } it { is_expected.to be_allowed_for group_member(:reporter) }
it { is_expected.to be_allowed_for group_member(:guest) } it { is_expected.to be_allowed_for group_member(:guest) }
it { is_expected.to be_allowed_for external_guest }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :user }
it { is_expected.to be_allowed_for :visitor } it { is_expected.to be_allowed_for :visitor }
it { is_expected.to be_allowed_for :external }
end end
context "when user in group project" do context "when user in group project" do
......
...@@ -18,7 +18,14 @@ describe GroupsFinder do ...@@ -18,7 +18,14 @@ describe GroupsFinder do
describe 'with a user' do describe 'with a user' do
subject { finder.execute(user) } subject { finder.execute(user) }
it { is_expected.to eq([public_group, internal_group]) } context 'normal user' do
it { is_expected.to eq([public_group, internal_group]) }
end
context 'external user' do
before { user.update_attribute(external: true) }
it { is_expected.to eq([public_group]) }
end
end end
end end
end end
......
...@@ -46,6 +46,25 @@ describe JoinedGroupsFinder do ...@@ -46,6 +46,25 @@ describe JoinedGroupsFinder do
it { is_expected.to eq([public_group, private_group]) } it { is_expected.to eq([public_group, private_group]) }
end end
context 'external users' do
before do
profile_visitor.update_attributes(external: true)
public_group.add_user(profile_owner, Gitlab::Access::MASTER)
internal_group.add_user(profile_owner, Gitlab::Access::MASTER)
end
subject { finder.execute(profile_visitor) }
it "doest not show internal groups if not member" do
expect(subject).to eq([public_group])
end
it "shows internal groups if authorized" do
internal_group.add_user(profile_visitor, Gitlab::Access::MASTER)
expect(subject).to eq([public_group, internal_group])
end
end
end end
end end
end end
...@@ -16,6 +16,11 @@ describe PersonalProjectsFinder do ...@@ -16,6 +16,11 @@ describe PersonalProjectsFinder do
path: 'B') path: 'B')
end end
let!(:internal_project) do
create(:project, :internal, namespace: source_user.namespace, name: 'c',
path: 'C')
end
before do before do
private_project.team << [current_user, Gitlab::Access::DEVELOPER] private_project.team << [current_user, Gitlab::Access::DEVELOPER]
end end
...@@ -29,6 +34,14 @@ describe PersonalProjectsFinder do ...@@ -29,6 +34,14 @@ describe PersonalProjectsFinder do
describe 'with a current user' do describe 'with a current user' do
subject { finder.execute(current_user) } subject { finder.execute(current_user) }
it { is_expected.to eq([private_project, public_project]) } context 'normal user' do
it { is_expected.to eq([internal_project, private_project, public_project]) }
end
context 'external' do
before { current_user.update_attributes(external: true) }
it { is_expected.to eq([private_project, public_project]) }
end
end end
end end
require 'spec_helper' require 'spec_helper'
describe Groups::CreateService, services: true do describe Groups::CreateService, services: true do
let!(:user) { create(:user) } let!(:user) { create(:user) }
let!(:private_group) { create(:group, visibility_level: Gitlab::VisibilityLevel::PRIVATE) } let!(:group_params) { { path: "group_path", visibility_level: Gitlab::VisibilityLevel::PUBLIC } }
let!(:internal_group) { create(:group, visibility_level: Gitlab::VisibilityLevel::INTERNAL) }
let!(:public_group) { create(:group, visibility_level: Gitlab::VisibilityLevel::PUBLIC) }
describe "execute" do describe "execute" do
let!(:service) { described_class.new(public_group, user, visibility_level: Gitlab::VisibilityLevel::PUBLIC ) } let!(:service) { described_class.new(user, group_params ) }
subject { service.execute } subject { service.execute }
context "create groups without restricted visibility level" do context "create groups without restricted visibility level" do
it { is_expected.to be_truthy } it { is_expected.to be_persisted }
end end
context "cannot create group with restricted visibility level" do context "cannot create group with restricted visibility level" do
before { allow(current_application_settings).to receive(:restricted_visibility_levels).and_return([Gitlab::VisibilityLevel::PUBLIC]) } before { allow(current_application_settings).to receive(:restricted_visibility_levels).and_return([Gitlab::VisibilityLevel::PUBLIC]) }
it { is_expected.to be_falsy } it { is_expected.to_not be_persisted }
end end
end end
end end
...@@ -14,4 +14,8 @@ module GroupAccessHelper ...@@ -14,4 +14,8 @@ module GroupAccessHelper
create(:user).tap { |user| grp.add_user(user, level) } create(:user).tap { |user| grp.add_user(user, level) }
end end
def external_guest(grp=group())
create(:user, external: true).tap { |user| grp.add_user(user, Gitlab::Access::GUEST) }
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment