BigW Consortium Gitlab

Commit d4cd6dca by Dmitriy Zaporozhets

Merge branch 'settings-dropdown-permissions' into 'master'

Fix displaying of project settings links the user cannot access. ## What does this MR do? It fixes the Project Settings dropdown displaying project settings links that the user cannot actually access. ## Are there points in the code the reviewer needs to double check? I've tested combinations I can think of, feel free to mess around with and see if it breaks? ## Why was this MR needed? Users were seeing links in the Project Settings dropdown that they shouldn't have seen, if they clicked them they would be shown permission errors. ## What are the relevant issue numbers? #18294 ## Screenshots (if relevant) Users without any permissions: ![Screen_Shot_2016-06-10_at_10.41.27_AM](/uploads/b70ca18a36b5f774b85694d8f1728882/Screen_Shot_2016-06-10_at_10.41.27_AM.png) Guest members of the project: ![Screen_Shot_2016-06-10_at_10.48.36_AM](/uploads/a37986b4daa789063661c2fa8cf59d43/Screen_Shot_2016-06-10_at_10.48.36_AM.png) Full permissions: ![Screen_Shot_2016-06-10_at_10.41.57_AM](/uploads/4c5cc97962e69a1a72ee8e237591ec22/Screen_Shot_2016-06-10_at_10.41.57_AM.png) cc: @dzaporozhets @annabeldunstone @jschatz1 See merge request !4599
parents 95a7fbe9 63900c1d
- if current_user - if current_user
- access = user_max_access_in_project(current_user.id, @project)
- can_edit = can?(current_user, :admin_project, @project)
.controls .controls
- access = user_max_access_in_project(current_user.id, @project)
- can_edit = can?(current_user, :admin_project, @project)
.dropdown.project-settings-dropdown .dropdown.project-settings-dropdown
%a.dropdown-new.btn.btn-default#project-settings-button{href: '#', 'data-toggle' => 'dropdown'} %a.dropdown-new.btn.btn-default#project-settings-button{href: '#', 'data-toggle' => 'dropdown'}
= icon('cog') = icon('cog')
= icon('caret-down') = icon('caret-down')
%ul.dropdown-menu.dropdown-menu-align-right %ul.dropdown-menu.dropdown-menu-align-right
= render 'layouts/nav/project_settings' = render 'layouts/nav/project_settings', access: access, can_edit: can_edit
%li.divider - if can_edit || access
- if can_edit %li.divider
%li - if can_edit
= link_to edit_project_path(@project) do %li
Edit Project = link_to edit_project_path(@project) do
- if access Edit Project
%li - if access
= link_to leave_namespace_project_project_members_path(@project.namespace, @project), %li
data: { confirm: leave_project_message(@project) }, method: :delete, title: 'Leave project' do = link_to leave_namespace_project_project_members_path(@project.namespace, @project),
Leave Project data: { confirm: leave_project_message(@project) }, method: :delete, title: 'Leave project' do
Leave Project
%div{ class: nav_control_class } %div{ class: nav_control_class }
%ul.nav-links.scrolling-tabs %ul.nav-links.scrolling-tabs
......
...@@ -3,43 +3,43 @@ ...@@ -3,43 +3,43 @@
= link_to namespace_project_project_members_path(@project.namespace, @project), title: 'Members', class: 'team-tab tab' do = link_to namespace_project_project_members_path(@project.namespace, @project), title: 'Members', class: 'team-tab tab' do
%span %span
Members Members
- if access && can_edit
- if @project.allowed_to_share_with_group? - if @project.allowed_to_share_with_group?
= nav_link(controller: :group_links) do = nav_link(controller: :group_links) do
= link_to namespace_project_group_links_path(@project.namespace, @project), title: "Groups" do = link_to namespace_project_group_links_path(@project.namespace, @project), title: "Groups" do
%span %span
Groups Groups
= nav_link(controller: :deploy_keys) do = nav_link(controller: :deploy_keys) do
= link_to namespace_project_deploy_keys_path(@project.namespace, @project), title: 'Deploy Keys' do = link_to namespace_project_deploy_keys_path(@project.namespace, @project), title: 'Deploy Keys' do
%span
Deploy Keys
= nav_link(controller: :hooks) do
= link_to namespace_project_hooks_path(@project.namespace, @project), title: 'Webhooks' do
%span
Webhooks
= nav_link(controller: :services) do
= link_to namespace_project_services_path(@project.namespace, @project), title: 'Services' do
%span
Services
= nav_link(controller: :protected_branches) do
= link_to namespace_project_protected_branches_path(@project.namespace, @project), title: 'Protected Branches' do
%span
Protected Branches
- if @project.builds_enabled?
= nav_link(controller: :runners) do
= link_to namespace_project_runners_path(@project.namespace, @project), title: 'Runners' do
%span %span
Runners Deploy Keys
= nav_link(controller: :variables) do = nav_link(controller: :hooks) do
= link_to namespace_project_variables_path(@project.namespace, @project), title: 'Variables' do = link_to namespace_project_hooks_path(@project.namespace, @project), title: 'Webhooks' do
%span %span
Variables Webhooks
= nav_link(controller: :triggers) do = nav_link(controller: :services) do
= link_to namespace_project_triggers_path(@project.namespace, @project), title: 'Triggers' do = link_to namespace_project_services_path(@project.namespace, @project), title: 'Services' do
%span %span
Triggers Services
= nav_link(controller: :badges) do = nav_link(controller: :protected_branches) do
= link_to namespace_project_badges_path(@project.namespace, @project), title: 'Badges' do = link_to namespace_project_protected_branches_path(@project.namespace, @project), title: 'Protected Branches' do
%span %span
Badges Protected Branches
- if @project.builds_enabled?
= nav_link(controller: :runners) do
= link_to namespace_project_runners_path(@project.namespace, @project), title: 'Runners' do
%span
Runners
= nav_link(controller: :variables) do
= link_to namespace_project_variables_path(@project.namespace, @project), title: 'Variables' do
%span
Variables
= nav_link(controller: :triggers) do
= link_to namespace_project_triggers_path(@project.namespace, @project), title: 'Triggers' do
%span
Triggers
= nav_link(controller: :badges) do
= link_to namespace_project_badges_path(@project.namespace, @project), title: 'Badges' do
%span
Badges
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment