Commit 09c8cf9d authored by Felipe Artur's avatar Felipe Artur

Remove group members check

parent ce96d482
class Groups::GroupMembersController < Groups::ApplicationController class Groups::GroupMembersController < Groups::ApplicationController
# Authorize # Authorize
before_action :authorize_admin_group_member!, except: [:index, :leave] before_action :authorize_admin_group_member!, except: [:index, :leave]
before_action :authorize_read_group_members!, only: [:index]
def index def index
@project = @group.projects.find(params[:project_id]) if params[:project_id] @project = @group.projects.find(params[:project_id]) if params[:project_id]
...@@ -80,10 +79,4 @@ class Groups::GroupMembersController < Groups::ApplicationController ...@@ -80,10 +79,4 @@ class Groups::GroupMembersController < Groups::ApplicationController
def member_params def member_params
params.require(:group_member).permit(:access_level, :user_id) params.require(:group_member).permit(:access_level, :user_id)
end end
private
def authorize_read_group_members!
render_404 unless can?(current_user, :read_group_members, @group)
end
end end
...@@ -57,6 +57,7 @@ class Ability ...@@ -57,6 +57,7 @@ class Ability
:read_label, :read_label,
:read_milestone, :read_milestone,
:read_project_snippet, :read_project_snippet,
:read_project_member,
:read_merge_request, :read_merge_request,
:read_note, :read_note,
:read_commit_status, :read_commit_status,
...@@ -91,10 +92,7 @@ class Ability ...@@ -91,10 +92,7 @@ class Ability
subject.group subject.group
end end
if group.public? rules << :read_group if group.public?
rules << :read_group
rules << :read_group_members unless restricted_public_level?
end
rules rules
end end
...@@ -293,7 +291,7 @@ class Ability ...@@ -293,7 +291,7 @@ class Ability
def group_abilities(user, group) def group_abilities(user, group)
rules = [] rules = []
rules << [:read_group, :read_group_members] if can_read_group?(user, group) rules << :read_group if can_read_group?(user, group)
# Only group masters and group owners can create new projects # Only group masters and group owners can create new projects
if group.has_master?(user) || group.has_owner?(user) || user.admin? if group.has_master?(user) || group.has_owner?(user) || user.admin?
......
...@@ -36,14 +36,11 @@ ...@@ -36,14 +36,11 @@
Merge Requests Merge Requests
- merge_requests = MergeRequestsFinder.new(current_user, group_id: @group.id, state: 'opened').execute - merge_requests = MergeRequestsFinder.new(current_user, group_id: @group.id, state: 'opened').execute
%span.count= number_with_delimiter(merge_requests.count) %span.count= number_with_delimiter(merge_requests.count)
= nav_link(controller: [:group_members]) do
- if can?(current_user, :read_group_members, @group) = link_to group_group_members_path(@group), title: 'Members' do
= nav_link(controller: [:group_members]) do = icon('users fw')
= link_to group_group_members_path(@group), title: 'Members' do %span
= icon('users fw') Members
%span
Members
- if can?(current_user, :admin_group, @group) - if can?(current_user, :admin_group, @group)
= nav_link(html_options: { class: "separate-item" }) do = nav_link(html_options: { class: "separate-item" }) do
= link_to edit_group_path(@group), title: 'Settings' do = link_to edit_group_path(@group), title: 'Settings' do
......
...@@ -77,7 +77,7 @@ ...@@ -77,7 +77,7 @@
Merge Requests Merge Requests
%span.count.merge_counter= number_with_delimiter(@project.merge_requests.opened.count) %span.count.merge_counter= number_with_delimiter(@project.merge_requests.opened.count)
- if project_nav_tab?(:settings) - if project_nav_tab? :settings
= nav_link(controller: [:project_members, :teams]) do = nav_link(controller: [:project_members, :teams]) do
= link_to namespace_project_project_members_path(@project.namespace, @project), title: 'Members', class: 'team-tab tab' do = link_to namespace_project_project_members_path(@project.namespace, @project), title: 'Members', class: 'team-tab tab' do
= icon('users fw') = icon('users fw')
......
...@@ -4,15 +4,17 @@ describe Groups::GroupMembersController do ...@@ -4,15 +4,17 @@ describe Groups::GroupMembersController do
let(:user) { create(:user) } let(:user) { create(:user) }
let(:group) { create(:group) } let(:group) { create(:group) }
context "when public visibility level is restricted" do context "index" do
before do before do
group.add_owner(user) group.add_owner(user)
stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC]) stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
end end
it 'does not show group members' do it 'renders index with group members' do
get :index, group_id: group.path get :index, group_id: group.path
expect(response.status).to eq(404)
expect(response.status).to eq(200)
expect(response).to render_template(:index)
end end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment