Rename allow_guest_to_access_builds to public_builds

app/controllers/projects_controller.rb

@@ -227,7 +227,7 @@ class ProjectsController < ApplicationController
       :issues_enabled, :merge_requests_enabled, :snippets_enabled, :issues_tracker_id, :default_branch,
       :wiki_enabled, :visibility_level, :import_url, :last_activity_at, :namespace_id, :avatar,
       :builds_enabled, :build_allow_git_fetch, :build_timeout_in_minutes, :build_coverage_regex,
-      :allow_guest_to_access_builds,
+      :public_builds,
     )
   end
 

app/models/ability.rb

@@ -64,7 +64,7 @@ class Ability
         ]
 
         # Allow to read builds by anonymous user if guests are allowed
-        rules << :read_build if project.allow_guest_to_access_builds?
+        rules << :read_build if project.public_builds?
 
         rules - project_disabled_features_rules(project)
       else
@@ -132,9 +132,9 @@ class Ability
           rules.push(*public_project_rules)
         end
 
-        # Allow to read builds if guests are allowed
-        if team.guest?(user) || project.public? || project.internal?
-          rules << :read_build if project.allow_guest_to_access_builds?
+        # Allow to read builds for internal projects
+        if project.public? || project.internal?
+          rules << :read_build if project.public_builds?
         end
 
         if project.owner == user || user.admin?
@@ -172,7 +172,6 @@ class Ability
         :read_project_member,
         :read_merge_request,
         :read_note,
-        :read_commit_status,
         :create_project,
         :create_issue,
         :create_note
@@ -187,6 +186,7 @@ class Ability
         :update_issue,
         :admin_issue,
         :admin_label,
+        :read_commit_status,
         :read_build,
       ]
     end

app/views/projects/edit.html.haml

@@ -162,10 +162,10 @@
               .form-group
                 .col-sm-offset-2.col-sm-10
                   .checkbox
-                    = f.label :allow_guest_to_access_builds do
-                      = f.check_box :allow_guest_to_access_builds
-                      %strong Guests can see builds
-                    .help-block Allow guests and anonymous users to access builds including build trace and artifacts
+                    = f.label :public_builds do
+                      = f.check_box :public_builds
+                      %strong Public builds
+                    .help-block Allow everyone to access builds for Public and Internal projects
 
           %fieldset.features
             %legend

db/migrate/20160202164642_add_allow_guest_to_access_builds_project.rb

 class AddAllowGuestToAccessBuildsProject < ActiveRecord::Migration
   def change
-    add_column :projects, :allow_guest_to_access_builds, :boolean, default: true, null: false
+    add_column :projects, :public_builds, :boolean, default: true, null: false
   end
 end

db/schema.rb

@@ -678,7 +678,7 @@ ActiveRecord::Schema.define(version: 20160202164642) do
     t.boolean  "build_allow_git_fetch",  default: true,     null: false
     t.integer  "build_timeout",          default: 3600,     null: false
     t.boolean  "pending_delete",         default: false
-    t.boolean  "allow_guest_to_access_builds", default: true,     null: false
+    t.boolean  "public_builds",          default: true,     null: false
   end
 
   add_index "projects", ["builds_enabled", "shared_runners_enabled"], name: "index_projects_on_builds_enabled_and_shared_runners_enabled", using: :btree

doc/api/projects.md

@@ -82,7 +82,7 @@ Parameters:
     "forks_count": 0,
     "star_count": 0,
     "runners_token": "b8547b1dc37721d05889db52fa2f02",
-    "allow_guest_to_access_builds": true
+    "public_builds": true
   },
   {
     "id": 6,
@@ -140,7 +140,7 @@ Parameters:
     "forks_count": 0,
     "star_count": 0,
     "runners_token": "b8547b1dc37721d05889db52fa2f02",
-    "allow_guest_to_access_builds": true
+    "public_builds": true
   }
 ]
 ```
@@ -427,7 +427,7 @@ Parameters:
 - `public` (optional) - if `true` same as setting visibility_level = 20
 - `visibility_level` (optional)
 - `import_url` (optional)
-- `allow_guest_to_access_builds` (optional)
+- `public_builds` (optional)
 
 ### Create project for user
 
@@ -450,7 +450,7 @@ Parameters:
 - `public` (optional) - if `true` same as setting visibility_level = 20
 - `visibility_level` (optional)
 - `import_url` (optional)
-- `allow_guest_to_access_builds` (optional)
+- `public_builds` (optional)
 
 ### Edit project
 
@@ -474,7 +474,7 @@ Parameters:
 - `snippets_enabled` (optional)
 - `public` (optional) - if `true` same as setting visibility_level = 20
 - `visibility_level` (optional)
-- `allow_guest_to_access_builds` (optional)
+- `public_builds` (optional)
 
 On success, method returns 200 with the updated project. If parameters are
 invalid, 400 is returned.

features/steps/shared/project.rb

@@ -240,6 +240,14 @@ module SharedProject
     end
   end
 
+  step 'public access for builds is enabled' do
+    @project.update(public_builds: true)
+  end
+
+  step 'public access for builds is disabled' do
+    @project.update(public_builds: false)
+  end
+
   def user_owns_project(user_name:, project_name:, visibility: :private)
     user = user_exists(user_name, username: user_name.gsub(/\s/, '').underscore)
     project = Project.find_by(name: project_name)

lib/api/entities.rb

@@ -72,7 +72,7 @@ module API
       expose :star_count, :forks_count
       expose :open_issues_count, if: lambda { |project, options| project.issues_enabled? && project.default_issues_tracker? }
       expose :runners_token, if: lambda { |_project, options| options[:user_can_admin_project] }
-      expose :allow_guest_to_access_builds
+      expose :public_builds
     end
 
     class ProjectMember < UserBasic
@@ -384,7 +384,7 @@ module API
       #       for downloading of artifacts (see: https://gitlab.com/gitlab-org/gitlab-ce/issues/4255)
       expose :download_url do |repo_obj, options|
         if options[:user_can_download_artifacts]
-          repo_obj.download_url
+          repo_obj.artifacts_download_url
         end
       end
       expose :commit, with: RepoCommit do |repo_obj, _options|

lib/api/projects.rb

@@ -99,7 +99,7 @@ module API
       #   public (optional) - if true same as setting visibility_level = 20
       #   visibility_level (optional) - 0 by default
       #   import_url (optional)
-      #   allow_guest_to_access_builds (optional)
+      #   public_builds (optional)
       # Example Request
       #   POST /projects
       post do
@@ -117,7 +117,7 @@ module API
                                      :public,
                                      :visibility_level,
                                      :import_url,
-                                     :allow_guest_to_access_builds]
+                                     :public_builds]
         attrs = map_public_to_visibility_level(attrs)
         @project = ::Projects::CreateService.new(current_user, attrs).execute
         if @project.saved?
@@ -147,7 +147,7 @@ module API
       #   public (optional) - if true same as setting visibility_level = 20
       #   visibility_level (optional)
       #   import_url (optional)
-      #   allow_guest_to_access_builds (optional)
+      #   public_builds (optional)
       # Example Request
       #   POST /projects/user/:user_id
       post "user/:user_id" do
@@ -165,7 +165,7 @@ module API
                                      :public,
                                      :visibility_level,
                                      :import_url,
-                                     :allow_guest_to_access_builds]
+                                     :public_builds]
         attrs = map_public_to_visibility_level(attrs)
         @project = ::Projects::CreateService.new(user, attrs).execute
         if @project.saved?
@@ -209,7 +209,7 @@ module API
       #   shared_runners_enabled (optional)
       #   public (optional) - if true same as setting visibility_level = 20
       #   visibility_level (optional) - visibility level of a project
-      #   allow_guest_to_access_builds (optional)
+      #   public_builds (optional)
       # Example Request
       #   PUT /projects/:id
       put ':id' do
@@ -225,7 +225,7 @@ module API
                                      :shared_runners_enabled,
                                      :public,
                                      :visibility_level,
-                                     :allow_guest_to_access_builds]
+                                     :public_builds]
         attrs = map_public_to_visibility_level(attrs)
         authorize_admin_project
         authorize! :rename_project, user_project if attrs[:name].present?

spec/features/builds_spec.rb

@@ -8,7 +8,7 @@ describe "Builds" do
     @commit = FactoryGirl.create :ci_commit
     @build = FactoryGirl.create :ci_build, commit: @commit
     @project = @commit.project
-    @project.team << [@user, :master]
+    @project.team << [@user, :developer]
   end
 
   describe "GET /:project/builds" do

spec/features/commits_spec.rb

@@ -8,7 +8,6 @@ describe 'Commits' do
   describe 'CI' do
     before do
       login_as :user
-      project.team << [@user, :master]
       stub_ci_commit_to_return_yaml_file
     end
 
@@ -19,6 +18,10 @@ describe 'Commits' do
     context 'commit status is Generic Commit Status' do
       let!(:status) { FactoryGirl.create :generic_commit_status, commit: commit }
 
+      before do
+        project.team << [@user, :reporter]
+      end
+
       describe 'Commit builds' do
         before do
           visit ci_status_path(commit)
@@ -37,6 +40,12 @@ describe 'Commits' do
 
     context 'commit status is Ci Build' do
       let!(:build) { FactoryGirl.create :ci_build, commit: commit }
+      let(:artifacts_file) { fixture_file_upload(Rails.root + 'spec/fixtures/banana_sample.gif', 'image/gif') }
+
+      context 'when logged as developer' do
+        before do
+          project.team << [@user, :developer]
+        end
 
         describe 'Project commits' do
           before do
@@ -61,8 +70,6 @@ describe 'Commits' do
         end
 
         context 'Download artifacts' do
-        let(:artifacts_file) { fixture_file_upload(Rails.root + 'spec/fixtures/banana_sample.gif', 'image/gif') }
-
           before do
             build.update_attributes(artifacts_file: artifacts_file)
           end
@@ -117,5 +124,42 @@ describe 'Commits' do
           end
         end
       end
+
+      context "when logged as reporter" do
+        before do
+          project.team << [@user, :reporter]
+          build.update_attributes(artifacts_file: artifacts_file)
+          visit ci_status_path(commit)
+        end
+
+        it do
+          expect(page).to have_content commit.sha[0..7]
+          expect(page).to have_content commit.git_commit_message
+          expect(page).to have_content commit.git_author_name
+          expect(page).to have_link('Download artifacts')
+          expect(page).to_not have_link('Cancel running')
+          expect(page).to_not have_link('Retry failed')
+        end
+      end
+
+      context 'when accessing internal project with disallowed access' do
+        before do
+          project.update(
+            visibility_level: Gitlab::VisibilityLevel::INTERNAL,
+            public_builds: false)
+          build.update_attributes(artifacts_file: artifacts_file)
+          visit ci_status_path(commit)
+        end
+
+        it do
+          expect(page).to have_content commit.sha[0..7]
+          expect(page).to have_content commit.git_commit_message
+          expect(page).to have_content commit.git_author_name
+          expect(page).to_not have_link('Download artifacts')
+          expect(page).to_not have_link('Cancel running')
+          expect(page).to_not have_link('Retry failed')
+        end
+      end
+    end
   end
 end

spec/features/security/project/public_access_spec.rb

@@ -96,6 +96,60 @@ describe "Public Project Access", feature: true  do
     it { is_expected.to be_denied_for :visitor }
   end
 
+  describe "GET /:project_path/builds" do
+    subject { namespace_project_builds_path(project.namespace, project) }
+
+    context "when allowed for public" do
+      before { project.update(public_builds: true) }
+
+      it { is_expected.to be_allowed_for master }
+      it { is_expected.to be_allowed_for reporter }
+      it { is_expected.to be_allowed_for :admin }
+      it { is_expected.to be_allowed_for guest }
+      it { is_expected.to be_allowed_for :user }
+      it { is_expected.to be_allowed_for :visitor }
+    end
+
+    context "when disallowed for public" do
+      before { project.update(public_builds: false) }
+
+      it { is_expected.to be_allowed_for master }
+      it { is_expected.to be_allowed_for reporter }
+      it { is_expected.to be_allowed_for :admin }
+      it { is_expected.to be_denied_for guest }
+      it { is_expected.to be_denied_for :user }
+      it { is_expected.to be_denied_for :visitor }
+    end
+  end
+
+  describe "GET /:project_path/builds/:id" do
+    let(:commit) { create(:ci_commit, project: project) }
+    let(:build) { create(:ci_build, commit: commit) }
+    subject { namespace_project_build_path(project.namespace, project, build.id) }
+
+    context "when allowed for public" do
+      before { project.update(public_builds: true) }
+
+      it { is_expected.to be_allowed_for master }
+      it { is_expected.to be_allowed_for reporter }
+      it { is_expected.to be_allowed_for :admin }
+      it { is_expected.to be_allowed_for guest }
+      it { is_expected.to be_allowed_for :user }
+      it { is_expected.to be_allowed_for :visitor }
+    end
+
+    context "when disallowed for public" do
+      before { project.update(public_builds: false) }
+
+      it { is_expected.to be_allowed_for master }
+      it { is_expected.to be_allowed_for reporter }
+      it { is_expected.to be_allowed_for :admin }
+      it { is_expected.to be_denied_for guest }
+      it { is_expected.to be_denied_for :user }
+      it { is_expected.to be_denied_for :visitor }
+    end
+  end
+
   describe "GET /:project_path/blob" do
     before do
       commit = project.repository.commit