BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
668d6ffa
Commit
668d6ffa
authored
Mar 30, 2016
by
Felipe Artur
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add specs and fix code
parent
57519565
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
65 additions
and
18 deletions
+65
-18
users_controller.rb
app/controllers/users_controller.rb
+1
-1
ability.rb
app/models/ability.rb
+14
-11
_group.html.haml
app/views/layouts/nav/_group.html.haml
+8
-5
_project.html.haml
app/views/layouts/nav/_project.html.haml
+1
-1
group_members_controller_spec.rb
spec/controllers/groups/group_members_controller_spec.rb
+19
-0
users_controller_spec.rb
spec/controllers/users_controller_spec.rb
+22
-0
No files found.
app/controllers/users_controller.rb
View file @
668d6ffa
class
UsersController
<
ApplicationController
class
UsersController
<
ApplicationController
skip_before_action
:authenticate_user!
skip_before_action
:authenticate_user!
#TO
-DO
Remove this "set_user" before action. It is not good to use before filters for loading database records.
#TO
DO felipe_artur:
Remove this "set_user" before action. It is not good to use before filters for loading database records.
before_action
:set_user
,
except:
[
:show
]
before_action
:set_user
,
except:
[
:show
]
before_action
:authorize_read_user
,
only:
[
:show
]
before_action
:authorize_read_user
,
only:
[
:show
]
...
...
app/models/ability.rb
View file @
668d6ffa
class
Ability
class
Ability
@public_restricted
=
nil
class
<<
self
class
<<
self
def
allowed
(
user
,
subject
)
def
allowed
(
user
,
subject
)
return
anonymous_abilities
(
user
,
subject
)
if
user
.
nil?
return
anonymous_abilities
(
user
,
subject
)
if
user
.
nil?
...
@@ -18,7 +20,7 @@ class Ability
...
@@ -18,7 +20,7 @@ class Ability
when
Namespace
then
namespace_abilities
(
user
,
subject
)
when
Namespace
then
namespace_abilities
(
user
,
subject
)
when
GroupMember
then
group_member_abilities
(
user
,
subject
)
when
GroupMember
then
group_member_abilities
(
user
,
subject
)
when
ProjectMember
then
project_member_abilities
(
user
,
subject
)
when
ProjectMember
then
project_member_abilities
(
user
,
subject
)
when
User
then
user_abilities
()
when
User
then
user_abilities
else
[]
else
[]
end
.
concat
(
global_abilities
(
user
))
end
.
concat
(
global_abilities
(
user
))
end
end
...
@@ -37,7 +39,7 @@ class Ability
...
@@ -37,7 +39,7 @@ class Ability
when
subject
.
is_a?
(
Group
)
||
subject
.
respond_to?
(
:group
)
when
subject
.
is_a?
(
Group
)
||
subject
.
respond_to?
(
:group
)
anonymous_group_abilities
(
subject
)
anonymous_group_abilities
(
subject
)
when
subject
.
is_a?
(
User
)
when
subject
.
is_a?
(
User
)
anonymous_user_abilities
()
anonymous_user_abilities
else
else
[]
[]
end
end
...
@@ -71,8 +73,7 @@ class Ability
...
@@ -71,8 +73,7 @@ class Ability
rules
<<
:read_issue
unless
subject
.
is_a?
(
Issue
)
&&
subject
.
confidential?
rules
<<
:read_issue
unless
subject
.
is_a?
(
Issue
)
&&
subject
.
confidential?
# Allow anonymous users to read project members if public is not a restricted level
# Allow anonymous users to read project members if public is not a restricted level
restricted_public_level
=
current_application_settings
.
restricted_visibility_levels
.
include?
(
Gitlab
::
VisibilityLevel
::
PUBLIC
)
rules
<<
:read_project_member
unless
restricted_public_level?
rules
<<
:read_project_member
unless
restricted_public_level
rules
-
project_disabled_features_rules
(
project
)
rules
-
project_disabled_features_rules
(
project
)
else
else
...
@@ -100,8 +101,7 @@ class Ability
...
@@ -100,8 +101,7 @@ class Ability
rules
<<
[
:read_group
]
if
group
.
public?
rules
<<
[
:read_group
]
if
group
.
public?
# Allow anonymous users to read project members if public is not a restricted level
# Allow anonymous users to read project members if public is not a restricted level
restricted_public_level
=
current_application_settings
.
restricted_visibility_levels
.
include?
(
Gitlab
::
VisibilityLevel
::
PUBLIC
)
rules
<<
[
:read_group_members
]
unless
restricted_public_level?
rules
<<
[
:read_group_members
]
unless
restricted_public_level
end
end
rules
rules
...
@@ -123,9 +123,8 @@ class Ability
...
@@ -123,9 +123,8 @@ class Ability
end
end
end
end
def
anonymous_user_abilities
()
def
anonymous_user_abilities
restricted_by_public
=
current_application_settings
.
restricted_visibility_levels
.
include?
(
Gitlab
::
VisibilityLevel
::
PUBLIC
)
[
:read_user
]
unless
restricted_public_level?
[
:read_user
]
unless
restricted_by_public
end
end
def
global_abilities
(
user
)
def
global_abilities
(
user
)
...
@@ -303,7 +302,6 @@ class Ability
...
@@ -303,7 +302,6 @@ class Ability
def
group_abilities
(
user
,
group
)
def
group_abilities
(
user
,
group
)
rules
=
[]
rules
=
[]
rules
<<
[
:read_group
,
:read_group_members
]
if
can_read_group?
(
user
,
group
)
rules
<<
[
:read_group
,
:read_group_members
]
if
can_read_group?
(
user
,
group
)
# Only group masters and group owners can create new projects
# Only group masters and group owners can create new projects
...
@@ -475,7 +473,7 @@ class Ability
...
@@ -475,7 +473,7 @@ class Ability
rules
rules
end
end
def
user_abilities
()
def
user_abilities
[
:read_user
]
[
:read_user
]
end
end
...
@@ -493,6 +491,11 @@ class Ability
...
@@ -493,6 +491,11 @@ class Ability
private
private
def
restricted_public_level?
@public_restricted
||=
current_application_settings
.
restricted_visibility_levels
.
include?
(
Gitlab
::
VisibilityLevel
::
PUBLIC
)
@public_restricted
end
def
named_abilities
(
name
)
def
named_abilities
(
name
)
[
[
:"read_
#{
name
}
"
,
:"read_
#{
name
}
"
,
...
...
app/views/layouts/nav/_group.html.haml
View file @
668d6ffa
...
@@ -36,11 +36,14 @@
...
@@ -36,11 +36,14 @@
Merge Requests
Merge Requests
-
merge_requests
=
MergeRequestsFinder
.
new
(
current_user
,
group_id:
@group
.
id
,
state:
'opened'
).
execute
-
merge_requests
=
MergeRequestsFinder
.
new
(
current_user
,
group_id:
@group
.
id
,
state:
'opened'
).
execute
%span
.count
=
number_with_delimiter
(
merge_requests
.
count
)
%span
.count
=
number_with_delimiter
(
merge_requests
.
count
)
=
nav_link
(
controller:
[
:group_members
])
do
=
link_to
group_group_members_path
(
@group
),
title:
'Members'
do
-
if
can?
(
current_user
,
:read_group_members
,
@group
)
=
icon
(
'users fw'
)
=
nav_link
(
controller:
[
:group_members
])
do
%span
=
link_to
group_group_members_path
(
@group
),
title:
'Members'
do
Members
=
icon
(
'users fw'
)
%span
Members
-
if
can?
(
current_user
,
:admin_group
,
@group
)
-
if
can?
(
current_user
,
:admin_group
,
@group
)
=
nav_link
(
html_options:
{
class:
"separate-item"
})
do
=
nav_link
(
html_options:
{
class:
"separate-item"
})
do
=
link_to
edit_group_path
(
@group
),
title:
'Settings'
do
=
link_to
edit_group_path
(
@group
),
title:
'Settings'
do
...
...
app/views/layouts/nav/_project.html.haml
View file @
668d6ffa
...
@@ -77,7 +77,7 @@
...
@@ -77,7 +77,7 @@
Merge Requests
Merge Requests
%span
.count.merge_counter
=
number_with_delimiter
(
@project
.
merge_requests
.
opened
.
count
)
%span
.count.merge_counter
=
number_with_delimiter
(
@project
.
merge_requests
.
opened
.
count
)
-
if
project_nav_tab?
:settings
-
if
project_nav_tab?
(
:settings
)
&&
can?
(
current_user
,
:read_project_members
,
@project
)
=
nav_link
(
controller:
[
:project_members
,
:teams
])
do
=
nav_link
(
controller:
[
:project_members
,
:teams
])
do
=
link_to
namespace_project_project_members_path
(
@project
.
namespace
,
@project
),
title:
'Members'
,
class:
'team-tab tab'
do
=
link_to
namespace_project_project_members_path
(
@project
.
namespace
,
@project
),
title:
'Members'
,
class:
'team-tab tab'
do
=
icon
(
'users fw'
)
=
icon
(
'users fw'
)
...
...
spec/controllers/groups/group_members_controller_spec.rb
0 → 100644
View file @
668d6ffa
require
'spec_helper'
describe
Groups
::
GroupMembersController
do
let
(
:user
)
{
create
(
:user
)
}
let
(
:group
)
{
create
(
:group
)
}
context
"When public visibility level is restricted"
do
before
do
group
.
add_owner
(
user
)
stub_application_setting
(
restricted_visibility_levels:
[
Gitlab
::
VisibilityLevel
::
PUBLIC
])
end
it
'does not show group members'
do
get
:index
,
group_id:
group
.
path
expect
(
response
.
status
).
to
eq
(
404
)
end
end
end
spec/controllers/users_controller_spec.rb
View file @
668d6ffa
...
@@ -38,6 +38,28 @@ describe UsersController do
...
@@ -38,6 +38,28 @@ describe UsersController do
end
end
end
end
end
end
context
'When public visibility level is restricted'
do
before
do
stub_application_setting
(
restricted_visibility_levels:
[
Gitlab
::
VisibilityLevel
::
PUBLIC
])
end
context
'when logged out'
do
it
'renders 404'
do
get
:show
,
username:
user
.
username
expect
(
response
.
status
).
to
eq
(
404
)
end
end
context
'when logged in'
do
before
{
sign_in
(
user
)
}
it
'renders 404'
do
get
:show
,
username:
user
.
username
expect
(
response
.
status
).
to
eq
(
200
)
end
end
end
end
end
describe
'GET #calendar'
do
describe
'GET #calendar'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment