Commit afb3caac authored by Douwe Maan's avatar Douwe Maan

Merge branch 'bvl-wrap-cross-project-group-permissions' into 'master'

Create cross project group features

See merge request gitlab-org/gitlab-ce!20333
parents f5b12225 a57ec31e
...@@ -128,8 +128,10 @@ module GroupsHelper ...@@ -128,8 +128,10 @@ module GroupsHelper
def get_group_sidebar_links def get_group_sidebar_links
links = [:overview, :group_members] links = [:overview, :group_members]
if can?(current_user, :read_cross_project) resources = [:activity, :issues, :boards, :labels, :milestones,
links += [:activity, :issues, :boards, :labels, :milestones, :merge_requests] :merge_requests]
links += resources.select do |resource|
can?(current_user, "read_group_#{resource}".to_sym, @group)
end end
if can?(current_user, :admin_group, @group) if can?(current_user, :admin_group, @group)
......
...@@ -72,6 +72,19 @@ class GroupPolicy < BasePolicy ...@@ -72,6 +72,19 @@ class GroupPolicy < BasePolicy
enable :change_visibility_level enable :change_visibility_level
end end
rule { can?(:read_nested_project_resources) }.policy do
enable :read_group_activity
enable :read_group_issues
enable :read_group_boards
enable :read_group_labels
enable :read_group_milestones
enable :read_group_merge_requests
end
rule { can?(:read_cross_project) & can?(:read_group) }.policy do
enable :read_nested_project_resources
end
rule { owner & nested_groups_supported }.enable :create_subgroup rule { owner & nested_groups_supported }.enable :create_subgroup
rule { public_group | logged_in_viewable }.enable :view_globally rule { public_group | logged_in_viewable }.enable :view_globally
......
...@@ -206,8 +206,9 @@ describe GroupsHelper do ...@@ -206,8 +206,9 @@ describe GroupsHelper do
let(:group) { create(:group, :public) } let(:group) { create(:group, :public) }
let(:user) { create(:user) } let(:user) { create(:user) }
before do before do
group.add_owner(user)
allow(helper).to receive(:current_user) { user } allow(helper).to receive(:current_user) { user }
allow(helper).to receive(:can?) { true } allow(helper).to receive(:can?) { |*args| Ability.allowed?(*args) }
helper.instance_variable_set(:@group, group) helper.instance_variable_set(:@group, group)
end end
...@@ -231,7 +232,10 @@ describe GroupsHelper do ...@@ -231,7 +232,10 @@ describe GroupsHelper do
cross_project_features = [:activity, :issues, :labels, :milestones, cross_project_features = [:activity, :issues, :labels, :milestones,
:merge_requests] :merge_requests]
expect(helper).to receive(:can?).with(user, :read_cross_project) { false } allow(Ability).to receive(:allowed?).and_call_original
cross_project_features.each do |feature|
expect(Ability).to receive(:allowed?).with(user, "read_group_#{feature}".to_sym, group) { false }
end
expect(helper.group_sidebar_links).not_to include(*cross_project_features) expect(helper.group_sidebar_links).not_to include(*cross_project_features)
end end
......
...@@ -9,7 +9,11 @@ describe GroupPolicy do ...@@ -9,7 +9,11 @@ describe GroupPolicy do
let(:admin) { create(:admin) } let(:admin) { create(:admin) }
let(:group) { create(:group, :private) } let(:group) { create(:group, :private) }
let(:guest_permissions) { [:read_label, :read_group, :upload_file, :read_namespace] } let(:guest_permissions) do
[:read_label, :read_group, :upload_file, :read_namespace, :read_group_activity,
:read_group_issues, :read_group_boards, :read_group_labels, :read_group_milestones,
:read_group_merge_requests]
end
let(:reporter_permissions) { [:admin_label] } let(:reporter_permissions) { [:admin_label] }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment