BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
b4c36130
Commit
b4c36130
authored
Feb 04, 2016
by
Kamil Trzcinski
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Rename allow_guest_to_access_builds to public_builds
parent
6a5a175d
Hide whitespace changes
Inline
Side-by-side
Showing
12 changed files
with
202 additions
and
96 deletions
+202
-96
projects_controller.rb
app/controllers/projects_controller.rb
+1
-1
ability.rb
app/models/ability.rb
+5
-5
edit.html.haml
app/views/projects/edit.html.haml
+4
-4
20160202164642_add_allow_guest_to_access_builds_project.rb
...0160202164642_add_allow_guest_to_access_builds_project.rb
+1
-1
schema.rb
db/schema.rb
+17
-17
projects.md
doc/api/projects.md
+5
-5
project.rb
features/steps/shared/project.rb
+8
-0
entities.rb
lib/api/entities.rb
+2
-2
projects.rb
lib/api/projects.rb
+6
-6
builds_spec.rb
spec/features/builds_spec.rb
+1
-1
commits_spec.rb
spec/features/commits_spec.rb
+98
-54
public_access_spec.rb
spec/features/security/project/public_access_spec.rb
+54
-0
No files found.
app/controllers/projects_controller.rb
View file @
b4c36130
...
...
@@ -227,7 +227,7 @@ class ProjectsController < ApplicationController
:issues_enabled
,
:merge_requests_enabled
,
:snippets_enabled
,
:issues_tracker_id
,
:default_branch
,
:wiki_enabled
,
:visibility_level
,
:import_url
,
:last_activity_at
,
:namespace_id
,
:avatar
,
:builds_enabled
,
:build_allow_git_fetch
,
:build_timeout_in_minutes
,
:build_coverage_regex
,
:
allow_guest_to_access
_builds
,
:
public
_builds
,
)
end
...
...
app/models/ability.rb
View file @
b4c36130
...
...
@@ -64,7 +64,7 @@ class Ability
]
# Allow to read builds by anonymous user if guests are allowed
rules
<<
:read_build
if
project
.
allow_guest_to_access
_builds?
rules
<<
:read_build
if
project
.
public
_builds?
rules
-
project_disabled_features_rules
(
project
)
else
...
...
@@ -132,9 +132,9 @@ class Ability
rules
.
push
(
*
public_project_rules
)
end
# Allow to read builds
if guests are allowed
if
team
.
guest?
(
user
)
||
project
.
public?
||
project
.
internal?
rules
<<
:read_build
if
project
.
allow_guest_to_access
_builds?
# Allow to read builds
for internal projects
if
project
.
public?
||
project
.
internal?
rules
<<
:read_build
if
project
.
public
_builds?
end
if
project
.
owner
==
user
||
user
.
admin?
...
...
@@ -172,7 +172,6 @@ class Ability
:read_project_member
,
:read_merge_request
,
:read_note
,
:read_commit_status
,
:create_project
,
:create_issue
,
:create_note
...
...
@@ -187,6 +186,7 @@ class Ability
:update_issue
,
:admin_issue
,
:admin_label
,
:read_commit_status
,
:read_build
,
]
end
...
...
app/views/projects/edit.html.haml
View file @
b4c36130
...
...
@@ -162,10 +162,10 @@
.form-group
.col-sm-offset-2.col-sm-10
.checkbox
=
f
.
label
:
allow_guest_to_access
_builds
do
=
f
.
check_box
:
allow_guest_to_access
_builds
%strong
Guests can see
builds
.help-block
Allow
guests and anonymous users to access builds including build trace and artifa
cts
=
f
.
label
:
public
_builds
do
=
f
.
check_box
:
public
_builds
%strong
Public
builds
.help-block
Allow
everyone to access builds for Public and Internal proje
cts
%fieldset
.features
%legend
...
...
db/migrate/20160202164642_add_allow_guest_to_access_builds_project.rb
View file @
b4c36130
class
AddAllowGuestToAccessBuildsProject
<
ActiveRecord
::
Migration
def
change
add_column
:projects
,
:
allow_guest_to_access
_builds
,
:boolean
,
default:
true
,
null:
false
add_column
:projects
,
:
public
_builds
,
:boolean
,
default:
true
,
null:
false
end
end
db/schema.rb
View file @
b4c36130
...
...
@@ -650,35 +650,35 @@ ActiveRecord::Schema.define(version: 20160202164642) do
t
.
datetime
"created_at"
t
.
datetime
"updated_at"
t
.
integer
"creator_id"
t
.
boolean
"issues_enabled"
,
default:
true
,
null:
false
t
.
boolean
"wall_enabled"
,
default:
true
,
null:
false
t
.
boolean
"merge_requests_enabled"
,
default:
true
,
null:
false
t
.
boolean
"wiki_enabled"
,
default:
true
,
null:
false
t
.
boolean
"issues_enabled"
,
default:
true
,
null:
false
t
.
boolean
"wall_enabled"
,
default:
true
,
null:
false
t
.
boolean
"merge_requests_enabled"
,
default:
true
,
null:
false
t
.
boolean
"wiki_enabled"
,
default:
true
,
null:
false
t
.
integer
"namespace_id"
t
.
string
"issues_tracker"
,
default:
"gitlab"
,
null:
false
t
.
string
"issues_tracker"
,
default:
"gitlab"
,
null:
false
t
.
string
"issues_tracker_id"
t
.
boolean
"snippets_enabled"
,
default:
true
,
null:
false
t
.
boolean
"snippets_enabled"
,
default:
true
,
null:
false
t
.
datetime
"last_activity_at"
t
.
string
"import_url"
t
.
integer
"visibility_level"
,
default:
0
,
null:
false
t
.
boolean
"archived"
,
default:
false
,
null:
false
t
.
integer
"visibility_level"
,
default:
0
,
null:
false
t
.
boolean
"archived"
,
default:
false
,
null:
false
t
.
string
"avatar"
t
.
string
"import_status"
t
.
float
"repository_size"
,
default:
0.0
t
.
integer
"star_count"
,
default:
0
,
null:
false
t
.
float
"repository_size"
,
default:
0.0
t
.
integer
"star_count"
,
default:
0
,
null:
false
t
.
string
"import_type"
t
.
string
"import_source"
t
.
integer
"commit_count"
,
default:
0
t
.
integer
"commit_count"
,
default:
0
t
.
text
"import_error"
t
.
integer
"ci_id"
t
.
boolean
"builds_enabled"
,
default:
true
,
null:
false
t
.
boolean
"shared_runners_enabled"
,
default:
true
,
null:
false
t
.
boolean
"builds_enabled"
,
default:
true
,
null:
false
t
.
boolean
"shared_runners_enabled"
,
default:
true
,
null:
false
t
.
string
"runners_token"
t
.
string
"build_coverage_regex"
t
.
boolean
"build_allow_git_fetch"
,
default:
true
,
null:
false
t
.
integer
"build_timeout"
,
default:
3600
,
null:
false
t
.
boolean
"pending_delete"
,
default:
false
t
.
boolean
"
allow_guest_to_access_builds"
,
default:
true
,
null:
false
t
.
boolean
"build_allow_git_fetch"
,
default:
true
,
null:
false
t
.
integer
"build_timeout"
,
default:
3600
,
null:
false
t
.
boolean
"pending_delete"
,
default:
false
t
.
boolean
"
public_builds"
,
default:
true
,
null:
false
end
add_index
"projects"
,
[
"builds_enabled"
,
"shared_runners_enabled"
],
name:
"index_projects_on_builds_enabled_and_shared_runners_enabled"
,
using: :btree
...
...
doc/api/projects.md
View file @
b4c36130
...
...
@@ -82,7 +82,7 @@ Parameters:
"forks_count"
:
0
,
"star_count"
:
0
,
"runners_token"
:
"b8547b1dc37721d05889db52fa2f02"
,
"
allow_guest_to_access
_builds"
:
true
"
public
_builds"
:
true
},
{
"id"
:
6
,
...
...
@@ -140,7 +140,7 @@ Parameters:
"forks_count"
:
0
,
"star_count"
:
0
,
"runners_token"
:
"b8547b1dc37721d05889db52fa2f02"
,
"
allow_guest_to_access
_builds"
:
true
"
public
_builds"
:
true
}
]
```
...
...
@@ -427,7 +427,7 @@ Parameters:
-
`public`
(optional) - if
`true`
same as setting visibility_level = 20
-
`visibility_level`
(optional)
-
`import_url`
(optional)
-
`
allow_guest_to_access
_builds`
(optional)
-
`
public
_builds`
(optional)
### Create project for user
...
...
@@ -450,7 +450,7 @@ Parameters:
-
`public`
(optional) - if
`true`
same as setting visibility_level = 20
-
`visibility_level`
(optional)
-
`import_url`
(optional)
-
`
allow_guest_to_access
_builds`
(optional)
-
`
public
_builds`
(optional)
### Edit project
...
...
@@ -474,7 +474,7 @@ Parameters:
-
`snippets_enabled`
(optional)
-
`public`
(optional) - if
`true`
same as setting visibility_level = 20
-
`visibility_level`
(optional)
-
`
allow_guest_to_access
_builds`
(optional)
-
`
public
_builds`
(optional)
On success, method returns 200 with the updated project. If parameters are
invalid, 400 is returned.
...
...
features/steps/shared/project.rb
View file @
b4c36130
...
...
@@ -240,6 +240,14 @@ module SharedProject
end
end
step
'public access for builds is enabled'
do
@project
.
update
(
public_builds:
true
)
end
step
'public access for builds is disabled'
do
@project
.
update
(
public_builds:
false
)
end
def
user_owns_project
(
user_name
:,
project_name
:,
visibility: :private
)
user
=
user_exists
(
user_name
,
username:
user_name
.
gsub
(
/\s/
,
''
).
underscore
)
project
=
Project
.
find_by
(
name:
project_name
)
...
...
lib/api/entities.rb
View file @
b4c36130
...
...
@@ -72,7 +72,7 @@ module API
expose
:star_count
,
:forks_count
expose
:open_issues_count
,
if:
lambda
{
|
project
,
options
|
project
.
issues_enabled?
&&
project
.
default_issues_tracker?
}
expose
:runners_token
,
if:
lambda
{
|
_project
,
options
|
options
[
:user_can_admin_project
]
}
expose
:
allow_guest_to_access
_builds
expose
:
public
_builds
end
class
ProjectMember
<
UserBasic
...
...
@@ -384,7 +384,7 @@ module API
# for downloading of artifacts (see: https://gitlab.com/gitlab-org/gitlab-ce/issues/4255)
expose
:download_url
do
|
repo_obj
,
options
|
if
options
[
:user_can_download_artifacts
]
repo_obj
.
download_url
repo_obj
.
artifacts_
download_url
end
end
expose
:commit
,
with:
RepoCommit
do
|
repo_obj
,
_options
|
...
...
lib/api/projects.rb
View file @
b4c36130
...
...
@@ -99,7 +99,7 @@ module API
# public (optional) - if true same as setting visibility_level = 20
# visibility_level (optional) - 0 by default
# import_url (optional)
#
allow_guest_to_access
_builds (optional)
#
public
_builds (optional)
# Example Request
# POST /projects
post
do
...
...
@@ -117,7 +117,7 @@ module API
:public
,
:visibility_level
,
:import_url
,
:
allow_guest_to_access
_builds
]
:
public
_builds
]
attrs
=
map_public_to_visibility_level
(
attrs
)
@project
=
::
Projects
::
CreateService
.
new
(
current_user
,
attrs
).
execute
if
@project
.
saved?
...
...
@@ -147,7 +147,7 @@ module API
# public (optional) - if true same as setting visibility_level = 20
# visibility_level (optional)
# import_url (optional)
#
allow_guest_to_access
_builds (optional)
#
public
_builds (optional)
# Example Request
# POST /projects/user/:user_id
post
"user/:user_id"
do
...
...
@@ -165,7 +165,7 @@ module API
:public
,
:visibility_level
,
:import_url
,
:
allow_guest_to_access
_builds
]
:
public
_builds
]
attrs
=
map_public_to_visibility_level
(
attrs
)
@project
=
::
Projects
::
CreateService
.
new
(
user
,
attrs
).
execute
if
@project
.
saved?
...
...
@@ -209,7 +209,7 @@ module API
# shared_runners_enabled (optional)
# public (optional) - if true same as setting visibility_level = 20
# visibility_level (optional) - visibility level of a project
#
allow_guest_to_access
_builds (optional)
#
public
_builds (optional)
# Example Request
# PUT /projects/:id
put
':id'
do
...
...
@@ -225,7 +225,7 @@ module API
:shared_runners_enabled
,
:public
,
:visibility_level
,
:
allow_guest_to_access
_builds
]
:
public
_builds
]
attrs
=
map_public_to_visibility_level
(
attrs
)
authorize_admin_project
authorize!
:rename_project
,
user_project
if
attrs
[
:name
].
present?
...
...
spec/features/builds_spec.rb
View file @
b4c36130
...
...
@@ -8,7 +8,7 @@ describe "Builds" do
@commit
=
FactoryGirl
.
create
:ci_commit
@build
=
FactoryGirl
.
create
:ci_build
,
commit:
@commit
@project
=
@commit
.
project
@project
.
team
<<
[
@user
,
:
mast
er
]
@project
.
team
<<
[
@user
,
:
develop
er
]
end
describe
"GET /:project/builds"
do
...
...
spec/features/commits_spec.rb
View file @
b4c36130
...
...
@@ -8,7 +8,6 @@ describe 'Commits' do
describe
'CI'
do
before
do
login_as
:user
project
.
team
<<
[
@user
,
:master
]
stub_ci_commit_to_return_yaml_file
end
...
...
@@ -19,6 +18,10 @@ describe 'Commits' do
context
'commit status is Generic Commit Status'
do
let!
(
:status
)
{
FactoryGirl
.
create
:generic_commit_status
,
commit:
commit
}
before
do
project
.
team
<<
[
@user
,
:reporter
]
end
describe
'Commit builds'
do
before
do
visit
ci_status_path
(
commit
)
...
...
@@ -37,85 +40,126 @@ describe 'Commits' do
context
'commit status is Ci Build'
do
let!
(
:build
)
{
FactoryGirl
.
create
:ci_build
,
commit:
commit
}
let
(
:artifacts_file
)
{
fixture_file_upload
(
Rails
.
root
+
'spec/fixtures/banana_sample.gif'
,
'image/gif'
)
}
describe
'Project commits
'
do
context
'when logged as developer
'
do
before
do
visit
namespace_project_commits_path
(
project
.
namespace
,
project
,
:master
)
project
.
team
<<
[
@user
,
:developer
]
end
it
'should show build statu
s'
do
page
.
within
(
"//li[@id='commit-
#{
commit
.
short_sha
}
']"
)
do
expect
(
page
).
to
have_css
(
".ci-status-link"
)
describe
'Project commit
s'
do
before
do
visit
namespace_project_commits_path
(
project
.
namespace
,
project
,
:master
)
end
end
end
describe
'Commit builds'
do
before
do
visit
ci_status_path
(
commit
)
it
'should show build status'
do
page
.
within
(
"//li[@id='commit-
#{
commit
.
short_sha
}
']"
)
do
expect
(
page
).
to
have_css
(
".ci-status-link"
)
end
end
end
it
{
expect
(
page
).
to
have_content
commit
.
sha
[
0
..
7
]
}
it
{
expect
(
page
).
to
have_content
commit
.
git_commit_message
}
it
{
expect
(
page
).
to
have_content
commit
.
git_author_name
}
end
context
'Download artifacts'
do
let
(
:artifacts_file
)
{
fixture_file_upload
(
Rails
.
root
+
'spec/fixtures/banana_sample.gif'
,
'image/gif'
)
}
before
do
build
.
update_attributes
(
artifacts_file:
artifacts_file
)
end
describe
'Commit builds'
do
before
do
visit
ci_status_path
(
commit
)
end
it
do
visit
ci_status_path
(
commit
)
click_on
'Download artifacts'
expect
(
page
.
response_headers
[
'Content-Type'
]).
to
eq
(
artifacts_file
.
content_type
)
it
{
expect
(
page
).
to
have_content
commit
.
sha
[
0
..
7
]
}
it
{
expect
(
page
).
to
have_content
commit
.
git_commit_message
}
it
{
expect
(
page
).
to
have_content
commit
.
git_author_name
}
end
end
describe
'Cancel all builds'
do
it
'cancels commit'
do
visit
ci_status_path
(
commit
)
click_on
'Cancel running'
expect
(
page
).
to
have_content
'canceled'
end
end
context
'Download artifacts'
do
before
do
build
.
update_attributes
(
artifacts_file:
artifacts_file
)
end
describe
'Cancel build'
do
it
'cancels build'
do
visit
ci_status_path
(
commit
)
click_on
'Cancel'
e
xpect
(
page
).
to
have_content
'canceled'
it
do
visit
ci_status_path
(
commit
)
click_on
'Download artifacts'
expect
(
page
.
response_headers
[
'Content-Type'
]).
to
eq
(
artifacts_file
.
content_type
)
e
nd
end
end
describe
'.gitlab-ci.yml not found warning'
do
context
'ci builds enabled'
do
it
"does not show warning"
do
describe
'Cancel all builds'
do
it
'cancels commit'
do
visit
ci_status_path
(
commit
)
expect
(
page
).
not_to
have_content
'.gitlab-ci.yml not found in this commit'
click_on
'Cancel running'
expect
(
page
).
to
have_content
'canceled'
end
end
it
'shows warning
'
do
stub_ci_commit_yaml_file
(
nil
)
describe
'Cancel build
'
do
it
'cancels build'
do
visit
ci_status_path
(
commit
)
expect
(
page
).
to
have_content
'.gitlab-ci.yml not found in this commit'
click_on
'Cancel'
expect
(
page
).
to
have_content
'canceled'
end
end
context
'ci builds disabled'
do
before
do
stub_ci_builds_disabled
stub_ci_commit_yaml_file
(
nil
)
visit
ci_status_path
(
commit
)
describe
'.gitlab-ci.yml not found warning'
do
context
'ci builds enabled'
do
it
"does not show warning"
do
visit
ci_status_path
(
commit
)
expect
(
page
).
not_to
have_content
'.gitlab-ci.yml not found in this commit'
end
it
'shows warning'
do
stub_ci_commit_yaml_file
(
nil
)
visit
ci_status_path
(
commit
)
expect
(
page
).
to
have_content
'.gitlab-ci.yml not found in this commit'
end
end
it
'does not show warning'
do
expect
(
page
).
not_to
have_content
'.gitlab-ci.yml not found in this commit'
context
'ci builds disabled'
do
before
do
stub_ci_builds_disabled
stub_ci_commit_yaml_file
(
nil
)
visit
ci_status_path
(
commit
)
end
it
'does not show warning'
do
expect
(
page
).
not_to
have_content
'.gitlab-ci.yml not found in this commit'
end
end
end
end
context
"when logged as reporter"
do
before
do
project
.
team
<<
[
@user
,
:reporter
]
build
.
update_attributes
(
artifacts_file:
artifacts_file
)
visit
ci_status_path
(
commit
)
end
it
do
expect
(
page
).
to
have_content
commit
.
sha
[
0
..
7
]
expect
(
page
).
to
have_content
commit
.
git_commit_message
expect
(
page
).
to
have_content
commit
.
git_author_name
expect
(
page
).
to
have_link
(
'Download artifacts'
)
expect
(
page
).
to_not
have_link
(
'Cancel running'
)
expect
(
page
).
to_not
have_link
(
'Retry failed'
)
end
end
context
'when accessing internal project with disallowed access'
do
before
do
project
.
update
(
visibility_level:
Gitlab
::
VisibilityLevel
::
INTERNAL
,
public_builds:
false
)
build
.
update_attributes
(
artifacts_file:
artifacts_file
)
visit
ci_status_path
(
commit
)
end
it
do
expect
(
page
).
to
have_content
commit
.
sha
[
0
..
7
]
expect
(
page
).
to
have_content
commit
.
git_commit_message
expect
(
page
).
to
have_content
commit
.
git_author_name
expect
(
page
).
to_not
have_link
(
'Download artifacts'
)
expect
(
page
).
to_not
have_link
(
'Cancel running'
)
expect
(
page
).
to_not
have_link
(
'Retry failed'
)
end
end
end
end
end
spec/features/security/project/public_access_spec.rb
View file @
b4c36130
...
...
@@ -96,6 +96,60 @@ describe "Public Project Access", feature: true do
it
{
is_expected
.
to
be_denied_for
:visitor
}
end
describe
"GET /:project_path/builds"
do
subject
{
namespace_project_builds_path
(
project
.
namespace
,
project
)
}
context
"when allowed for public"
do
before
{
project
.
update
(
public_builds:
true
)
}
it
{
is_expected
.
to
be_allowed_for
master
}
it
{
is_expected
.
to
be_allowed_for
reporter
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
guest
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to
be_allowed_for
:visitor
}
end
context
"when disallowed for public"
do
before
{
project
.
update
(
public_builds:
false
)
}
it
{
is_expected
.
to
be_allowed_for
master
}
it
{
is_expected
.
to
be_allowed_for
reporter
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_denied_for
guest
}
it
{
is_expected
.
to
be_denied_for
:user
}
it
{
is_expected
.
to
be_denied_for
:visitor
}
end
end
describe
"GET /:project_path/builds/:id"
do
let
(
:commit
)
{
create
(
:ci_commit
,
project:
project
)
}
let
(
:build
)
{
create
(
:ci_build
,
commit:
commit
)
}
subject
{
namespace_project_build_path
(
project
.
namespace
,
project
,
build
.
id
)
}
context
"when allowed for public"
do
before
{
project
.
update
(
public_builds:
true
)
}
it
{
is_expected
.
to
be_allowed_for
master
}
it
{
is_expected
.
to
be_allowed_for
reporter
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
guest
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to
be_allowed_for
:visitor
}
end
context
"when disallowed for public"
do
before
{
project
.
update
(
public_builds:
false
)
}
it
{
is_expected
.
to
be_allowed_for
master
}
it
{
is_expected
.
to
be_allowed_for
reporter
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_denied_for
guest
}
it
{
is_expected
.
to
be_denied_for
:user
}
it
{
is_expected
.
to
be_denied_for
:visitor
}
end
end
describe
"GET /:project_path/blob"
do
before
do
commit
=
project
.
repository
.
commit
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment