BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
8dcef120
Commit
8dcef120
authored
Nov 25, 2015
by
Douglas Barbosa Alexandre
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix raw private snippets access workflow
parent
dee28c50
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
117 additions
and
1 deletion
+117
-1
CHANGELOG
CHANGELOG
+1
-0
snippets_controller.rb
app/controllers/snippets_controller.rb
+1
-1
snippets_controller_spec.rb
spec/controllers/snippets_controller_spec.rb
+115
-0
No files found.
CHANGELOG
View file @
8dcef120
...
...
@@ -3,6 +3,7 @@ Please view this file on the master branch, on stable branches it's out of date.
v 8.3.0 (unreleased)
- Fix: Assignee selector is empty when 'Unassigned' is selected (Jose Corcuera)
- Fix 500 error when update group member permission
- Fix: Raw private snippets access workflow
v 8.2.1
- Forcefully update builds that didn't want to update with state machine
...
...
app/controllers/snippets_controller.rb
View file @
8dcef120
...
...
@@ -2,7 +2,7 @@ class SnippetsController < ApplicationController
before_action
:snippet
,
only:
[
:show
,
:edit
,
:destroy
,
:update
,
:raw
]
# Allow read snippet
before_action
:authorize_read_snippet!
,
only:
[
:show
]
before_action
:authorize_read_snippet!
,
only:
[
:show
,
:raw
]
# Allow modify snippet
before_action
:authorize_update_snippet!
,
only:
[
:edit
,
:update
]
...
...
spec/controllers/snippets_controller_spec.rb
View file @
8dcef120
...
...
@@ -115,4 +115,119 @@ describe SnippetsController do
end
end
end
describe
'GET #raw'
do
let
(
:user
)
{
create
(
:user
)
}
context
'when the personal snippet is private'
do
let
(
:personal_snippet
)
{
create
(
:personal_snippet
,
:private
,
author:
user
)
}
context
'when signed in'
do
before
do
sign_in
(
user
)
end
context
'when signed in user is not the author'
do
let
(
:other_author
)
{
create
(
:author
)
}
let
(
:other_personal_snippet
)
{
create
(
:personal_snippet
,
:private
,
author:
other_author
)
}
it
'responds with status 404'
do
get
:raw
,
id:
other_personal_snippet
.
to_param
expect
(
response
.
status
).
to
eq
(
404
)
end
end
context
'when signed in user is the author'
do
it
'renders the raw snippet'
do
get
:raw
,
id:
personal_snippet
.
to_param
expect
(
assigns
(
:snippet
)).
to
eq
(
personal_snippet
)
expect
(
response
.
status
).
to
eq
(
200
)
end
end
end
context
'when not signed in'
do
it
'redirects to the sign in page'
do
get
:raw
,
id:
personal_snippet
.
to_param
expect
(
response
).
to
redirect_to
(
new_user_session_path
)
end
end
end
context
'when the personal snippet is internal'
do
let
(
:personal_snippet
)
{
create
(
:personal_snippet
,
:internal
,
author:
user
)
}
context
'when signed in'
do
before
do
sign_in
(
user
)
end
it
'renders the raw snippet'
do
get
:raw
,
id:
personal_snippet
.
to_param
expect
(
assigns
(
:snippet
)).
to
eq
(
personal_snippet
)
expect
(
response
.
status
).
to
eq
(
200
)
end
end
context
'when not signed in'
do
it
'redirects to the sign in page'
do
get
:raw
,
id:
personal_snippet
.
to_param
expect
(
response
).
to
redirect_to
(
new_user_session_path
)
end
end
end
context
'when the personal snippet is public'
do
let
(
:personal_snippet
)
{
create
(
:personal_snippet
,
:public
,
author:
user
)
}
context
'when signed in'
do
before
do
sign_in
(
user
)
end
it
'renders the raw snippet'
do
get
:raw
,
id:
personal_snippet
.
to_param
expect
(
assigns
(
:snippet
)).
to
eq
(
personal_snippet
)
expect
(
response
.
status
).
to
eq
(
200
)
end
end
context
'when not signed in'
do
it
'renders the raw snippet'
do
get
:raw
,
id:
personal_snippet
.
to_param
expect
(
assigns
(
:snippet
)).
to
eq
(
personal_snippet
)
expect
(
response
.
status
).
to
eq
(
200
)
end
end
end
context
'when the personal snippet does not exist'
do
context
'when signed in'
do
before
do
sign_in
(
user
)
end
it
'responds with status 404'
do
get
:raw
,
id:
'doesntexist'
expect
(
response
.
status
).
to
eq
(
404
)
end
end
context
'when not signed in'
do
it
'responds with status 404'
do
get
:raw
,
id:
'doesntexist'
expect
(
response
.
status
).
to
eq
(
404
)
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment