BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
256cd8e4
Commit
256cd8e4
authored
Jun 22, 2016
by
Douglas Barbosa Alexandre
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix visibility of private project snippets for members when searching
parent
8f9b64c7
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
68 additions
and
20 deletions
+68
-20
snippet.rb
app/models/snippet.rb
+10
-4
snippet_spec.rb
spec/models/snippet_spec.rb
+28
-8
snippet_service_spec.rb
spec/services/search/snippet_service_spec.rb
+30
-8
No files found.
app/models/snippet.rb
View file @
256cd8e4
...
@@ -135,10 +135,16 @@ class Snippet < ActiveRecord::Base
...
@@ -135,10 +135,16 @@ class Snippet < ActiveRecord::Base
end
end
def
accessible_to
(
user
)
def
accessible_to
(
user
)
visibility_levels
=
[
Snippet
::
PUBLIC
]
return
are_public
unless
user
.
present?
visibility_levels
<<
Snippet
::
INTERNAL
if
user
return
all
if
user
.
admin?
where
(
'visibility_level IN (?) OR author_id = ?'
,
visibility_levels
,
user
)
where
(
'visibility_level IN (:visibility_levels)
OR author_id = :author_id
OR project_id IN (:project_ids)'
,
visibility_levels:
[
Snippet
::
PUBLIC
,
Snippet
::
INTERNAL
],
author_id:
user
.
id
,
project_ids:
user
.
authorized_projects
.
select
(
:id
))
end
end
end
end
end
end
spec/models/snippet_spec.rb
View file @
256cd8e4
...
@@ -89,22 +89,42 @@ describe Snippet, models: true do
...
@@ -89,22 +89,42 @@ describe Snippet, models: true do
end
end
describe
'.accessible_to'
do
describe
'.accessible_to'
do
let
(
:author
)
{
create
(
:author
)
}
let
(
:author
)
{
create
(
:author
)
}
let
(
:user
)
{
create
(
:user
)
}
let
(
:project
)
{
create
(
:empty_project
)
}
let!
(
:public_snippet
)
{
create
(
:snippet
,
:public
)
}
let!
(
:public_snippet
)
{
create
(
:snippet
,
:public
)
}
let!
(
:internal_snippet
)
{
create
(
:snippet
,
:internal
)
}
let!
(
:internal_snippet
)
{
create
(
:snippet
,
:internal
)
}
let!
(
:private_snippet
)
{
create
(
:snippet
,
:private
,
author:
author
)
}
let!
(
:private_snippet
)
{
create
(
:snippet
,
:private
,
author:
author
)
}
it
'returns only public snippets when user is nil'
do
let!
(
:project_public_snippet
)
{
create
(
:snippet
,
:public
,
project:
project
)
}
expect
(
described_class
.
accessible_to
(
nil
)).
to
eq
[
public_snippet
]
let!
(
:project_internal_snippet
)
{
create
(
:snippet
,
:internal
,
project:
project
)
}
let!
(
:project_private_snippet
)
{
create
(
:snippet
,
:private
,
project:
project
)
}
it
'returns only public snippets when user is blank'
do
expect
(
described_class
.
accessible_to
(
nil
)).
to
match_array
[
public_snippet
,
project_public_snippet
]
end
it
'returns only public, and internal snippets for regular users'
do
user
=
create
(
:user
)
expect
(
described_class
.
accessible_to
(
user
)).
to
match_array
[
public_snippet
,
internal_snippet
,
project_public_snippet
,
project_internal_snippet
]
end
end
it
'returns only public, and internal snippets when user is not nil'
do
it
'returns public, internal snippets and project private snippets for project members'
do
expect
(
described_class
.
accessible_to
(
user
)).
to
match_array
[
public_snippet
,
internal_snippet
]
member
=
create
(
:user
)
project
.
team
<<
[
member
,
:developer
]
expect
(
described_class
.
accessible_to
(
member
)).
to
match_array
[
public_snippet
,
internal_snippet
,
project_public_snippet
,
project_internal_snippet
,
project_private_snippet
]
end
end
it
'returns snippets where the user is the author'
do
it
'returns private snippets where the user is the author'
do
expect
(
described_class
.
accessible_to
(
author
)).
to
match_array
[
public_snippet
,
internal_snippet
,
private_snippet
]
expect
(
described_class
.
accessible_to
(
author
)).
to
match_array
[
public_snippet
,
internal_snippet
,
private_snippet
,
project_public_snippet
,
project_internal_snippet
]
end
it
'returns all snippets when for admins'
do
admin
=
create
(
:admin
)
expect
(
described_class
.
accessible_to
(
admin
)).
to
match_array
[
public_snippet
,
internal_snippet
,
private_snippet
,
project_public_snippet
,
project_internal_snippet
,
project_private_snippet
]
end
end
end
end
...
...
spec/services/search/snippet_service_spec.rb
View file @
256cd8e4
...
@@ -2,35 +2,57 @@ require 'spec_helper'
...
@@ -2,35 +2,57 @@ require 'spec_helper'
describe
Search
::
SnippetService
,
services:
true
do
describe
Search
::
SnippetService
,
services:
true
do
let
(
:author
)
{
create
(
:author
)
}
let
(
:author
)
{
create
(
:author
)
}
let
(
:
internal_user
)
{
create
(
:user
)
}
let
(
:
project
)
{
create
(
:empty_project
)
}
let!
(
:public_snippet
)
{
create
(
:snippet
,
:public
,
content:
'password: XXX'
)
}
let!
(
:public_snippet
)
{
create
(
:snippet
,
:public
,
content:
'password: XXX'
)
}
let!
(
:internal_snippet
)
{
create
(
:snippet
,
:internal
,
content:
'password: XXX'
)
}
let!
(
:internal_snippet
)
{
create
(
:snippet
,
:internal
,
content:
'password: XXX'
)
}
let!
(
:private_snippet
)
{
create
(
:snippet
,
:private
,
content:
'password: XXX'
,
author:
author
)
}
let!
(
:private_snippet
)
{
create
(
:snippet
,
:private
,
content:
'password: XXX'
,
author:
author
)
}
let!
(
:project_public_snippet
)
{
create
(
:snippet
,
:public
,
project:
project
,
content:
'password: XXX'
)
}
let!
(
:project_internal_snippet
)
{
create
(
:snippet
,
:internal
,
project:
project
,
content:
'password: XXX'
)
}
let!
(
:project_private_snippet
)
{
create
(
:snippet
,
:private
,
project:
project
,
content:
'password: XXX'
)
}
describe
'#execute'
do
describe
'#execute'
do
context
'unauthenticated'
do
context
'unauthenticated'
do
it
'
should return
public snippets only'
do
it
'
returns
public snippets only'
do
search
=
described_class
.
new
(
nil
,
search:
'password'
)
search
=
described_class
.
new
(
nil
,
search:
'password'
)
results
=
search
.
execute
results
=
search
.
execute
expect
(
results
.
objects
(
'snippet_blobs'
)).
to
match_array
[
public_snippet
]
expect
(
results
.
objects
(
'snippet_blobs'
)).
to
match_array
[
public_snippet
,
project_public_snippet
]
end
end
end
end
context
'authenticated'
do
context
'authenticated'
do
it
'should return only public & internal snippets'
do
it
'returns only public & internal snippets for regular users'
do
search
=
described_class
.
new
(
internal_user
,
search:
'password'
)
user
=
create
(
:user
)
search
=
described_class
.
new
(
user
,
search:
'password'
)
results
=
search
.
execute
expect
(
results
.
objects
(
'snippet_blobs'
)).
to
match_array
[
public_snippet
,
internal_snippet
,
project_public_snippet
,
project_internal_snippet
]
end
it
'returns public, internal snippets and project private snippets for project members'
do
member
=
create
(
:user
)
project
.
team
<<
[
member
,
:developer
]
search
=
described_class
.
new
(
member
,
search:
'password'
)
results
=
search
.
execute
results
=
search
.
execute
expect
(
results
.
objects
(
'snippet_blobs'
)).
to
match_array
[
public_snippet
,
internal_snippet
]
expect
(
results
.
objects
(
'snippet_blobs'
)).
to
match_array
[
public_snippet
,
internal_snippet
,
project_public_snippet
,
project_internal_snippet
,
project_private_snippet
]
end
end
it
'
should return public, internal and private snippets for
author'
do
it
'
returns public, internal and private snippets where user is the
author'
do
search
=
described_class
.
new
(
author
,
search:
'password'
)
search
=
described_class
.
new
(
author
,
search:
'password'
)
results
=
search
.
execute
results
=
search
.
execute
expect
(
results
.
objects
(
'snippet_blobs'
)).
to
match_array
[
public_snippet
,
internal_snippet
,
private_snippet
]
expect
(
results
.
objects
(
'snippet_blobs'
)).
to
match_array
[
public_snippet
,
internal_snippet
,
private_snippet
,
project_public_snippet
,
project_internal_snippet
]
end
it
'returns all snippets when user is admin'
do
admin
=
create
(
:admin
)
search
=
described_class
.
new
(
admin
,
search:
'password'
)
results
=
search
.
execute
expect
(
results
.
objects
(
'snippet_blobs'
)).
to
match_array
[
public_snippet
,
internal_snippet
,
private_snippet
,
project_public_snippet
,
project_internal_snippet
,
project_private_snippet
]
end
end
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment