Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
23f33151
Commit
23f33151
authored
Dec 01, 2021
by
Magdalena Frankiewicz
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Use permission system for path_locks
Create new PathLockPolicy and use it instead of permission on project
parent
fd76d685
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
56 additions
and
41 deletions
+56
-41
app/models/project.rb
app/models/project.rb
+0
-4
ee/app/helpers/path_locks_helper.rb
ee/app/helpers/path_locks_helper.rb
+2
-3
ee/app/policies/path_lock_policy.rb
ee/app/policies/path_lock_policy.rb
+10
-0
ee/spec/helpers/path_locks_helper_spec.rb
ee/spec/helpers/path_locks_helper_spec.rb
+6
-21
ee/spec/policies/path_lock_policy_spec.rb
ee/spec/policies/path_lock_policy_spec.rb
+38
-0
spec/models/project_spec.rb
spec/models/project_spec.rb
+0
-13
No files found.
app/models/project.rb
View file @
23f33151
...
...
@@ -1656,10 +1656,6 @@ class Project < ApplicationRecord
end
end
def
member?
(
user
)
project_member
(
user
).
present?
end
def
membership_locked?
false
end
...
...
ee/app/helpers/path_locks_helper.rb
View file @
23f33151
# frozen_string_literal: true
module
PathLocksHelper
def
can_unlock?
(
path_lock
,
current_user
=
@current_user
,
project
=
@project
)
can?
(
current_user
,
:admin_path_locks
,
project
)
||
(
path_lock
.
user
==
current_user
&&
project
.
member?
(
current_user
))
def
can_unlock?
(
path_lock
,
current_user
=
@current_user
)
can?
(
current_user
,
:admin_path_locks
,
path_lock
)
end
def
text_label_for_lock
(
file_lock
,
path
)
...
...
ee/app/policies/path_lock_policy.rb
0 → 100644
View file @
23f33151
# frozen_string_literal: true
class
PathLockPolicy
<
BasePolicy
# rubocop:disable Gitlab/NamespacedClass
delegate
{
@subject
.
project
}
condition
(
:is_author
)
{
@user
&&
@subject
.
user
==
@user
}
condition
(
:is_project_member
)
{
@user
&&
@subject
.
project
&&
@subject
.
project
.
team
.
member?
(
user
)
}
rule
{
is_author
&
is_project_member
}.
enable
:admin_path_locks
end
ee/spec/helpers/path_locks_helper_spec.rb
View file @
23f33151
...
...
@@ -4,35 +4,20 @@ require 'spec_helper'
RSpec
.
describe
PathLocksHelper
do
let
(
:user
)
{
create
(
:user
,
name:
'John'
)
}
let
(
:user_2
)
{
create
(
:user
,
name:
'Bob'
)
}
let
(
:path_lock
)
{
create
(
:path_lock
,
path:
'app'
,
user:
user
)
}
let
(
:project
)
{
create
(
:project
)
}
let
(
:path_lock
)
{
create
(
:path_lock
,
path:
'app'
,
user:
user
,
project:
project
)
}
describe
'#can_unlock?'
do
it
"returns false if the user is not a project member"
do
allow
(
self
).
to
receive
(
:can?
).
and_return
(
false
)
expect
(
can_unlock?
(
path_lock
,
user
,
project
)).
to
be
(
false
)
end
it
"returns false if the user is not the lock owner"
do
project
.
add_user
(
user_2
,
:developer
)
allow
(
self
).
to
receive
(
:can?
).
and_return
(
false
)
expect
(
can_unlock?
(
path_lock
,
user_2
,
project
)).
to
be
(
false
)
end
it
"returns true if the user has admin_path_locks permission"
do
allow
(
self
).
to
receive
(
:can?
).
with
(
user
,
:admin_path_locks
,
p
roject
).
and_return
(
true
)
allow
(
self
).
to
receive
(
:can?
).
with
(
user
,
:admin_path_locks
,
p
ath_lock
).
and_return
(
true
)
expect
(
can_unlock?
(
path_lock
,
user
,
project
)).
to
be
(
true
)
expect
(
can_unlock?
(
path_lock
,
user
)).
to
be
(
true
)
end
it
"returns true if the user is the lock owner and a project member"
do
project
.
add_user
(
user
,
:developer
)
allow
(
self
).
to
receive
(
:can?
).
and_return
(
false
)
it
"returns false if the user does not have admin_path_locks permission"
do
allow
(
self
).
to
receive
(
:can?
).
with
(
user
,
:admin_path_locks
,
path_lock
).
and_return
(
false
)
expect
(
can_unlock?
(
path_lock
,
user
,
project
)).
to
be
(
tru
e
)
expect
(
can_unlock?
(
path_lock
,
user
)).
to
be
(
fals
e
)
end
end
...
...
ee/spec/policies/path_lock_policy_spec.rb
0 → 100644
View file @
23f33151
# frozen_string_literal: true
require
'spec_helper'
RSpec
.
describe
PathLockPolicy
do
let
(
:project
)
{
create
(
:project
)
}
let
(
:maintainer
)
{
create
(
:user
)
}
let
(
:developer
)
{
create
(
:user
)
}
let
(
:non_member
)
{
create
(
:user
)
}
let
(
:developer_path_lock
)
{
create
(
:path_lock
,
user:
developer
,
project:
project
)
}
let
(
:non_member_path_lock
)
{
create
(
:path_lock
,
user:
non_member
,
project:
project
)
}
before
do
project
.
add_maintainer
(
maintainer
)
project
.
add_developer
(
developer
)
end
def
permissions
(
user
,
path_lock
)
described_class
.
new
(
user
,
path_lock
)
end
it
'disallows non-member from administrating path lock they created'
do
expect
(
permissions
(
non_member
,
non_member_path_lock
)).
to
be_disallowed
(
:admin_path_locks
)
end
it
'disallows developer from administrating path lock they did not create'
do
expect
(
permissions
(
developer
,
non_member_path_lock
)).
to
be_disallowed
(
:admin_path_locks
)
end
it
'allows developer to administrating path lock they created'
do
expect
(
permissions
(
developer
,
developer_path_lock
)).
to
be_allowed
(
:admin_path_locks
)
end
it
'allows maintainer to administrating path lock they did not create'
do
expect
(
permissions
(
maintainer
,
non_member_path_lock
)).
to
be_allowed
(
:admin_path_locks
)
expect
(
permissions
(
maintainer
,
developer_path_lock
)).
to
be_allowed
(
:admin_path_locks
)
end
end
spec/models/project_spec.rb
View file @
23f33151
...
...
@@ -1589,19 +1589,6 @@ RSpec.describe Project, factory_default: :keep do
it
{
expect
(
project
.
builds_enabled?
).
to
be_truthy
}
end
describe
'#member?'
do
it
'returns true if the given user is a project member, false otherwise'
do
project
=
create
(
:project
)
user
=
create
(
:user
)
expect
(
project
.
member?
(
user
)).
to
be
(
false
)
project
.
add_user
(
user
,
:developer
)
expect
(
project
.
member?
(
user
)).
to
be
(
true
)
end
end
describe
'.sort_by_attribute'
do
it
'reorders the input relation by start count desc'
do
project1
=
create
(
:project
,
star_count:
2
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment