Commit bb6f2467 authored by Kamil Trzcinski's avatar Kamil Trzcinski

Authorize environments controller actions

parent e129f66d
class Projects::EnvironmentsController < Projects::ApplicationController class Projects::EnvironmentsController < Projects::ApplicationController
layout 'project' layout 'project'
before_action :authorize_read_environment! before_action :authorize_read_environment!
before_action :authorize_create_environment!, only: [:new, :create]
before_action :authorize_update_environment!, only: [:destroy]
before_action :environment, only: [:show, :destroy] before_action :environment, only: [:show, :destroy]
def index def index
......
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
= form_for @environment, url: namespace_project_environments_path(@project.namespace, @project), html: { id: "new-environment-form", class: "col-lg-9 js-new-environment-form js-requires-input" } do |f| = form_for @environment, url: namespace_project_environments_path(@project.namespace, @project), html: { id: "new-environment-form", class: "col-lg-9 js-new-environment-form js-requires-input" } do |f|
= form_errors(@environment) = form_errors(@environment)
.form-group .form-group
= f.label :ref, 'Environment name', class: 'label-light' = f.label :name, 'Environment name', class: 'label-light'
= f.text_field :name, required: true, class: 'form-control' = f.text_field :name, required: true, class: 'form-control'
= f.submit 'Create environment', class: 'btn btn-create' = f.submit 'Create environment', class: 'btn btn-create'
= link_to "Cancel", namespace_project_environments_path(@project.namespace, @project), class: "btn btn-cancel" = link_to "Cancel", namespace_project_environments_path(@project.namespace, @project), class: "btn btn-cancel"
...@@ -9,6 +9,7 @@ ...@@ -9,6 +9,7 @@
.col-md-3 .col-md-3
.nav-controls .nav-controls
- if can?(current_user, :update_environment, @project)
= link_to 'Destroy', namespace_project_environment_path(@project.namespace, @project, @environment), data: { confirm: 'Are you sure?' }, class: 'btn btn-danger', method: :delete = link_to 'Destroy', namespace_project_environment_path(@project.namespace, @project, @environment), data: { confirm: 'Are you sure?' }, class: 'btn btn-danger', method: :delete
- if @deployments.blank? - if @deployments.blank?
......
...@@ -175,6 +175,49 @@ describe "Public Project Access", feature: true do ...@@ -175,6 +175,49 @@ describe "Public Project Access", feature: true do
end end
end end
describe "GET /:project_path/environments" do
subject { namespace_project_environments_path(project.namespace, project) }
it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_allowed_for owner }
it { is_expected.to be_allowed_for master }
it { is_expected.to be_allowed_for developer }
it { is_expected.to be_allowed_for reporter }
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_denied_for :visitor }
end
describe "GET /:project_path/environments/:id" do
let(:environment) { create(:environment, project: project) }
subject { namespace_project_environments_path(project.namespace, project, environment) }
it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_allowed_for owner }
it { is_expected.to be_allowed_for master }
it { is_expected.to be_allowed_for developer }
it { is_expected.to be_allowed_for reporter }
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_denied_for :visitor }
end
describe "GET /:project_path/environments/new" do
subject { new_namespace_project_environment_path(project.namespace, project) }
it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_allowed_for owner }
it { is_expected.to be_allowed_for master }
it { is_expected.to be_allowed_for developer }
it { is_expected.to be_denied_for reporter }
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_denied_for :visitor }
end
describe "GET /:project_path/blob" do describe "GET /:project_path/blob" do
let(:commit) { project.repository.commit } let(:commit) { project.repository.commit }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment