Commit 218c9742 authored by Kushal Pandya's avatar Kushal Pandya

Merge branch 'ap-14330-external-personal-snippets' into 'master'

Hide new snippet button from external users

Closes #14330

See merge request gitlab-org/gitlab!21718
parents cf42ec6d a958849e
...@@ -43,7 +43,7 @@ ...@@ -43,7 +43,7 @@
= f.check_box :external do = f.check_box :external do
External External
%p.light %p.light
External users cannot see internal or private projects unless access is explicitly granted. Also, external users cannot create projects or groups. External users cannot see internal or private projects unless access is explicitly granted. Also, external users cannot create projects, groups, or personal snippets.
%row.hidden#warning_external_automatically_set.hidden %row.hidden#warning_external_automatically_set.hidden
.badge.badge-warning.text-white .badge.badge-warning.text-white
= _('Automatically marked as default internal user') = _('Automatically marked as default internal user')
...@@ -3,7 +3,8 @@ ...@@ -3,7 +3,8 @@
- if current_user && current_user.snippets.any? || @snippets.any? - if current_user && current_user.snippets.any? || @snippets.any?
.page-title-controls .page-title-controls
= link_to _("New snippet"), new_snippet_path, class: "btn btn-success", title: _("New snippet") - if can?(current_user, :create_personal_snippet)
= link_to _("New snippet"), new_snippet_path, class: "btn btn-success", title: _("New snippet")
.top-area .top-area
%ul.nav-links.nav.nav-tabs %ul.nav-links.nav.nav-tabs
......
- @hide_top_links = true - @hide_top_links = true
- page_title "Snippets" - page_title "Snippets"
- header_title "Snippets", dashboard_snippets_path - header_title "Snippets", dashboard_snippets_path
- button_path = new_snippet_path if can?(current_user, :create_personal_snippet)
= render 'dashboard/snippets_head' = render 'dashboard/snippets_head'
- if current_user.snippets.exists? - if current_user.snippets.exists?
...@@ -9,4 +10,4 @@ ...@@ -9,4 +10,4 @@
- if current_user.snippets.exists? - if current_user.snippets.exists?
= render partial: 'shared/snippets/list', locals: { link_project: true } = render partial: 'shared/snippets/list', locals: { link_project: true }
- else - else
= render 'shared/empty_states/snippets', button_path: new_snippet_path = render 'shared/empty_states/snippets', button_path: button_path
...@@ -8,8 +8,7 @@ ...@@ -8,8 +8,7 @@
- if can?(current_user, :create_project_snippet, @project) - if can?(current_user, :create_project_snippet, @project)
.nav-controls .nav-controls
- if can?(current_user, :create_project_snippet, @project) = link_to _("New snippet"), new_project_snippet_path(@project), class: "btn btn-success", title: _("New snippet")
= link_to _("New snippet"), new_project_snippet_path(@project), class: "btn btn-success", title: _("New snippet")
= render 'shared/snippets/list' = render 'shared/snippets/list'
- else - else
......
...@@ -11,7 +11,8 @@ ...@@ -11,7 +11,8 @@
%p %p
= s_('SnippetsEmptyState|They can be either public or private.') = s_('SnippetsEmptyState|They can be either public or private.')
.text-center .text-center
= link_to s_('SnippetsEmptyState|New snippet'), button_path, class: 'btn btn-success', title: s_('SnippetsEmptyState|New snippet'), id: 'new_snippet_link' - if button_path
= link_to s_('SnippetsEmptyState|New snippet'), button_path, class: 'btn btn-success', title: s_('SnippetsEmptyState|New snippet'), id: 'new_snippet_link'
- unless current_page?(dashboard_snippets_path) - unless current_page?(dashboard_snippets_path)
= link_to s_('SnippetsEmptyState|Explore public snippets'), explore_snippets_path, class: 'btn btn-default', title: s_('SnippetsEmptyState|Explore public snippets') = link_to s_('SnippetsEmptyState|Explore public snippets'), explore_snippets_path, class: 'btn btn-default', title: s_('SnippetsEmptyState|Explore public snippets')
- else - else
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
- current_user_empty_message_header = s_('UserProfile|You haven\'t created any snippets.') - current_user_empty_message_header = s_('UserProfile|You haven\'t created any snippets.')
- current_user_empty_message_description = s_('UserProfile|Snippets in GitLab can either be private, internal, or public.') - current_user_empty_message_description = s_('UserProfile|Snippets in GitLab can either be private, internal, or public.')
- primary_button_label = _('New snippet') - primary_button_label = _('New snippet')
- primary_button_link = new_snippet_path - primary_button_link = new_snippet_path if can?(current_user, :create_personal_snippet)
- visitor_empty_message = s_('UserProfile|No snippets found.') - visitor_empty_message = s_('UserProfile|No snippets found.')
.snippets-list-holder .snippets-list-holder
......
---
title: Match external user new snippet button visibility to permissions
merge_request: 21718
author:
type: fixed
...@@ -253,7 +253,7 @@ project and should only have access to that project. ...@@ -253,7 +253,7 @@ project and should only have access to that project.
External users: External users:
- Cannot create groups or projects. - Cannot create groups, projects, or personal snippets.
- Can only access projects to which they are explicitly granted access, - Can only access projects to which they are explicitly granted access,
thus hiding all other internal or private ones from them (like being thus hiding all other internal or private ones from them (like being
logged out). logged out).
......
...@@ -14,6 +14,11 @@ describe 'Dashboard snippets' do ...@@ -14,6 +14,11 @@ describe 'Dashboard snippets' do
end end
it_behaves_like 'paginated snippets' it_behaves_like 'paginated snippets'
it 'shows new snippet button in header' do
parent_element = page.find('.page-title-controls')
expect(parent_element).to have_link('New snippet')
end
end end
context 'when there are no project snippets', :js do context 'when there are no project snippets', :js do
...@@ -30,6 +35,11 @@ describe 'Dashboard snippets' do ...@@ -30,6 +35,11 @@ describe 'Dashboard snippets' do
expect(element).to have_content("Snippets are small pieces of code or notes that you want to keep.") expect(element).to have_content("Snippets are small pieces of code or notes that you want to keep.")
expect(element.find('.svg-content img')['src']).to have_content('illustrations/snippets_empty') expect(element.find('.svg-content img')['src']).to have_content('illustrations/snippets_empty')
end end
it 'shows new snippet button in main content area' do
parent_element = page.find('.row.empty-state')
expect(parent_element).to have_link('New snippet')
end
end end
context 'filtering by visibility' do context 'filtering by visibility' do
...@@ -78,4 +88,26 @@ describe 'Dashboard snippets' do ...@@ -78,4 +88,26 @@ describe 'Dashboard snippets' do
expect(page).to have_content(snippets[0].title) expect(page).to have_content(snippets[0].title)
end end
end end
context 'as an external user' do
let(:user) { create(:user, :external) }
before do
sign_in(user)
visit dashboard_snippets_path
end
context 'without snippets' do
it 'hides new snippet button' do
expect(page).not_to have_link('New snippet')
end
end
context 'with snippets' do
let!(:snippets) { create(:personal_snippet, author: user) }
it 'hides new snippet button' do
expect(page).not_to have_link('New snippet')
end
end
end
end end
...@@ -6,30 +6,59 @@ describe 'Explore Snippets' do ...@@ -6,30 +6,59 @@ describe 'Explore Snippets' do
let!(:public_snippet) { create(:personal_snippet, :public) } let!(:public_snippet) { create(:personal_snippet, :public) }
let!(:internal_snippet) { create(:personal_snippet, :internal) } let!(:internal_snippet) { create(:personal_snippet, :internal) }
let!(:private_snippet) { create(:personal_snippet, :private) } let!(:private_snippet) { create(:personal_snippet, :private) }
let(:user) { nil }
it 'User should see snippets that are not private' do before do
sign_in create(:user) sign_in(user) if user
visit explore_snippets_path visit explore_snippets_path
expect(page).to have_content(public_snippet.title)
expect(page).to have_content(internal_snippet.title)
expect(page).not_to have_content(private_snippet.title)
end end
it 'External user should see only public snippets' do context 'User' do
sign_in create(:user, :external) let(:user) { create(:user) }
visit explore_snippets_path
it 'see snippets that are not private' do
expect(page).to have_content(public_snippet.title)
expect(page).to have_content(internal_snippet.title)
expect(page).not_to have_content(private_snippet.title)
end
expect(page).to have_content(public_snippet.title) it 'shows new snippet button in header' do
expect(page).not_to have_content(internal_snippet.title) parent_element = page.find('.page-title-controls')
expect(page).not_to have_content(private_snippet.title) expect(parent_element).to have_link('New snippet')
end
end end
it 'Not authenticated user should see only public snippets' do context 'External user' do
visit explore_snippets_path let(:user) { create(:user, :external) }
it 'see only public snippets' do
expect(page).to have_content(public_snippet.title)
expect(page).not_to have_content(internal_snippet.title)
expect(page).not_to have_content(private_snippet.title)
end
context 'without snippets' do
before do
Snippet.delete_all
end
it 'hides new snippet button' do
expect(page).not_to have_link('New snippet')
end
end
context 'with snippets' do
it 'hides new snippet button' do
expect(page).not_to have_link('New snippet')
end
end
end
expect(page).to have_content(public_snippet.title) context 'Not authenticated user' do
expect(page).not_to have_content(internal_snippet.title) it 'see only public snippets' do
expect(page).not_to have_content(private_snippet.title) expect(page).to have_content(public_snippet.title)
expect(page).not_to have_content(internal_snippet.title)
expect(page).not_to have_content(private_snippet.title)
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment