BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
25e44edc
Commit
25e44edc
authored
Jul 25, 2017
by
Lin Jen-Shin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Allow admin to read_users_list even if it's restricted
parent
d95e6da0
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
37 additions
and
8 deletions
+37
-8
global_policy.rb
app/policies/global_policy.rb
+1
-1
35478-allow-admin-to-read-user-list.yml
...gelogs/unreleased/35478-allow-admin-to-read-user-list.yml
+4
-0
global_policy_spec.rb
spec/policies/global_policy_spec.rb
+20
-0
users_spec.rb
spec/requests/api/users_spec.rb
+12
-7
No files found.
app/policies/global_policy.rb
View file @
25e44edc
...
...
@@ -44,7 +44,7 @@ class GlobalPolicy < BasePolicy
prevent
:log_in
end
rule
{
~
restricted_public_level
}.
policy
do
rule
{
admin
|
~
restricted_public_level
}.
policy
do
enable
:read_users_list
end
end
changelogs/unreleased/35478-allow-admin-to-read-user-list.yml
0 → 100644
View file @
25e44edc
---
title
:
Allow admin to read_users_list even if it's restricted
merge_request
:
13066
author
:
spec/policies/global_policy_spec.rb
View file @
25e44edc
...
...
@@ -30,5 +30,25 @@ describe GlobalPolicy, models: true do
it
{
is_expected
.
to
be_allowed
(
:read_users_list
)
}
end
end
context
"for an admin"
do
let
(
:current_user
)
{
create
(
:admin
)
}
context
"when the public level is restricted"
do
before
do
stub_application_setting
(
restricted_visibility_levels:
[
Gitlab
::
VisibilityLevel
::
PUBLIC
])
end
it
{
is_expected
.
to
be_allowed
(
:read_users_list
)
}
end
context
"when the public level is not restricted"
do
before
do
stub_application_setting
(
restricted_visibility_levels:
[])
end
it
{
is_expected
.
to
be_allowed
(
:read_users_list
)
}
end
end
end
end
spec/requests/api/users_spec.rb
View file @
25e44edc
...
...
@@ -55,17 +55,22 @@ describe API::Users do
context
"when public level is restricted"
do
before
do
stub_application_setting
(
restricted_visibility_levels:
[
Gitlab
::
VisibilityLevel
::
PUBLIC
])
allow_any_instance_of
(
API
::
Helpers
).
to
receive
(
:authenticate!
).
and_return
(
true
)
end
it
"renders 403"
do
get
api
(
"/users"
)
expect
(
response
).
to
have_http_status
(
403
)
context
'when authenticate as a regular user'
do
it
"renders 403"
do
get
api
(
"/users"
,
user
)
expect
(
response
).
to
have_gitlab_http_status
(
403
)
end
end
it
"renders 404"
do
get
api
(
"/users/
#{
user
.
id
}
"
)
expect
(
response
).
to
have_http_status
(
404
)
context
'when authenticate as an admin'
do
it
"renders 200"
do
get
api
(
"/users"
,
admin
)
expect
(
response
).
to
have_gitlab_http_status
(
200
)
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment