summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRémy Coutable <remy@rymai.me>2016-04-22 15:44:48 +0200
committerRémy Coutable <remy@rymai.me>2016-04-22 15:48:58 +0200
commit951e3459e1d7c0f0caa5371d9c5edf7d0168168f (patch)
treef5bc7ba572c132435711b326207afe312a4ede5c
parentd5398e9656c1174d4d5be5a8cdad2a26d7587a27 (diff)
downloadgitlab-ce-15513-fix-undefined-can-method.tar.gz
Use the `can?` helper instead of `current_user.can?`15513-fix-undefined-can-method
Fixes #15513. Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat
-rw-r--r--CHANGELOG5
-rw-r--r--app/views/projects/project_members/_shared_group_members.html.haml2
-rw-r--r--spec/features/projects/members/anonymous_user_sees_members_spec.rb20
3 files changed, 25 insertions, 2 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 361e33eb6b3..da83eab2de6 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -2,7 +2,10 @@ Please view this file on the master branch, on stable branches it's out of date.
v 8.8.0 (unreleased)
-v 8.7.0 (unreleased)
+v 8.7.1 (unreleased)
+ - Use the `can?` helper instead of `current_user.can?`
+
+v 8.7.0
- Gitlab::GitAccess and Gitlab::GitAccessWiki are now instrumented
- Fix vulnerability that made it possible to gain access to private labels and milestones
- The number of InfluxDB points stored per UDP packet can now be configured
diff --git a/app/views/projects/project_members/_shared_group_members.html.haml b/app/views/projects/project_members/_shared_group_members.html.haml
index 62888e41935..ae13f8428f0 100644
--- a/app/views/projects/project_members/_shared_group_members.html.haml
+++ b/app/views/projects/project_members/_shared_group_members.html.haml
@@ -8,7 +8,7 @@
group, members with
%strong #{group_links.human_access}
role (#{shared_group_users_count})
- - if current_user.can?(:admin_group, shared_group)
+ - if can?(current_user, :admin_group, shared_group)
.panel-head-actions
= link_to group_group_members_path(shared_group), class: 'btn btn-sm' do
%i.fa.fa-pencil-square-o
diff --git a/spec/features/projects/members/anonymous_user_sees_members_spec.rb b/spec/features/projects/members/anonymous_user_sees_members_spec.rb
new file mode 100644
index 00000000000..c5e3d143d91
--- /dev/null
+++ b/spec/features/projects/members/anonymous_user_sees_members_spec.rb
@@ -0,0 +1,20 @@
+require 'spec_helper'
+
+feature 'Projects > Members > Anonymous user sees members', feature: true do
+ let(:user) { create(:user) }
+ let(:group) { create(:group, :public) }
+ let(:project) { create(:empty_project, :public) }
+
+ background do
+ project.team << [user, :master]
+ create(:project_group_link, project: project, group: group)
+ end
+
+ scenario "anonymous user visits the project's members page and sees the list of members" do
+ visit namespace_project_project_members_path(project.namespace, project)
+
+ expect(current_path).to eq(
+ namespace_project_project_members_path(project.namespace, project))
+ expect(page).to have_content(user.name)
+ end
+end
View Lorry Controller Status