Commit d8bbd3e7 authored by Rémy Coutable's avatar Rémy Coutable

Merge branch 'modify_group_policy' into 'master'

Update group policy to reflect all the requirements

See merge request gitlab-org/gitlab-ce!25854
parents f06a649c ad283fbb
...@@ -26,7 +26,7 @@ class GroupPolicy < BasePolicy ...@@ -26,7 +26,7 @@ class GroupPolicy < BasePolicy
condition(:can_change_parent_share_with_group_lock) { can?(:change_share_with_group_lock, @subject.parent) } condition(:can_change_parent_share_with_group_lock) { can?(:change_share_with_group_lock, @subject.parent) }
condition(:has_projects) do condition(:has_projects) do
GroupProjectsFinder.new(group: @subject, current_user: @user, options: { include_subgroups: true }).execute.any? GroupProjectsFinder.new(group: @subject, current_user: @user, options: { include_subgroups: true, only_owned: true }).execute.any?
end end
condition(:has_clusters, scope: :subject) { clusterable_has_clusters? } condition(:has_clusters, scope: :subject) { clusterable_has_clusters? }
...@@ -55,6 +55,7 @@ class GroupPolicy < BasePolicy ...@@ -55,6 +55,7 @@ class GroupPolicy < BasePolicy
rule { has_projects }.policy do rule { has_projects }.policy do
enable :read_list enable :read_list
enable :read_label enable :read_label
enable :read_group
end end
rule { has_access }.enable :read_namespace rule { has_access }.enable :read_namespace
......
---
title: Allow project members to see private group if the project is in the group namespace
merge_request:
author:
type: fixed
...@@ -27,7 +27,7 @@ describe 'Private Group access' do ...@@ -27,7 +27,7 @@ describe 'Private Group access' do
it { is_expected.to be_allowed_for(:developer).of(group) } it { is_expected.to be_allowed_for(:developer).of(group) }
it { is_expected.to be_allowed_for(:reporter).of(group) } it { is_expected.to be_allowed_for(:reporter).of(group) }
it { is_expected.to be_allowed_for(:guest).of(group) } it { is_expected.to be_allowed_for(:guest).of(group) }
it { is_expected.to be_denied_for(project_guest) } it { is_expected.to be_allowed_for(project_guest) }
it { is_expected.to be_denied_for(:user) } it { is_expected.to be_denied_for(:user) }
it { is_expected.to be_denied_for(:external) } it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for(:visitor) } it { is_expected.to be_denied_for(:visitor) }
...@@ -42,7 +42,7 @@ describe 'Private Group access' do ...@@ -42,7 +42,7 @@ describe 'Private Group access' do
it { is_expected.to be_allowed_for(:developer).of(group) } it { is_expected.to be_allowed_for(:developer).of(group) }
it { is_expected.to be_allowed_for(:reporter).of(group) } it { is_expected.to be_allowed_for(:reporter).of(group) }
it { is_expected.to be_allowed_for(:guest).of(group) } it { is_expected.to be_allowed_for(:guest).of(group) }
it { is_expected.to be_denied_for(project_guest) } it { is_expected.to be_allowed_for(project_guest) }
it { is_expected.to be_denied_for(:user) } it { is_expected.to be_denied_for(:user) }
it { is_expected.to be_denied_for(:external) } it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for(:visitor) } it { is_expected.to be_denied_for(:visitor) }
...@@ -58,7 +58,7 @@ describe 'Private Group access' do ...@@ -58,7 +58,7 @@ describe 'Private Group access' do
it { is_expected.to be_allowed_for(:developer).of(group) } it { is_expected.to be_allowed_for(:developer).of(group) }
it { is_expected.to be_allowed_for(:reporter).of(group) } it { is_expected.to be_allowed_for(:reporter).of(group) }
it { is_expected.to be_allowed_for(:guest).of(group) } it { is_expected.to be_allowed_for(:guest).of(group) }
it { is_expected.to be_denied_for(project_guest) } it { is_expected.to be_allowed_for(project_guest) }
it { is_expected.to be_denied_for(:user) } it { is_expected.to be_denied_for(:user) }
it { is_expected.to be_denied_for(:external) } it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for(:visitor) } it { is_expected.to be_denied_for(:visitor) }
...@@ -73,7 +73,7 @@ describe 'Private Group access' do ...@@ -73,7 +73,7 @@ describe 'Private Group access' do
it { is_expected.to be_allowed_for(:developer).of(group) } it { is_expected.to be_allowed_for(:developer).of(group) }
it { is_expected.to be_allowed_for(:reporter).of(group) } it { is_expected.to be_allowed_for(:reporter).of(group) }
it { is_expected.to be_allowed_for(:guest).of(group) } it { is_expected.to be_allowed_for(:guest).of(group) }
it { is_expected.to be_denied_for(project_guest) } it { is_expected.to be_allowed_for(project_guest) }
it { is_expected.to be_denied_for(:user) } it { is_expected.to be_denied_for(:user) }
it { is_expected.to be_denied_for(:external) } it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for(:visitor) } it { is_expected.to be_denied_for(:visitor) }
...@@ -96,6 +96,7 @@ describe 'Private Group access' do ...@@ -96,6 +96,7 @@ describe 'Private Group access' do
describe 'GET /groups/:path for shared projects' do describe 'GET /groups/:path for shared projects' do
let(:project) { create(:project, :public) } let(:project) { create(:project, :public) }
before do before do
Projects::GroupLinks::CreateService.new( Projects::GroupLinks::CreateService.new(
project, project,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment