diff options
author | Robert Speicher <robert@gitlab.com> | 2016-05-23 00:41:50 +0000 |
---|---|---|
committer | Robert Speicher <robert@gitlab.com> | 2016-05-23 00:41:50 +0000 |
commit | b0e12290ab9631b9f6047cd775a852095228cb6a (patch) | |
tree | 01f04c05c238f3ba8e2206e83a04cf11a4d9d760 | |
parent | 243e9bc0d9d34e3e930571713625bd51a09a08a6 (diff) | |
parent | 11fa89dfa548832cda0f3dafbc902c9193ed3177 (diff) | |
download | gitlab-ce-b0e12290ab9631b9f6047cd775a852095228cb6a.tar.gz |
Merge branch 'fix-access-to-pipelines-for-anonymous' into 'master'
Allow anonymous user to access pipelines
## What does this MR do?
It fixes an issue where the Pipelines is shown for the Anonymous users,
but they get 404 when clicked. Their session is then logged out.
Fixes #17717.
See merge request !4233
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | app/helpers/projects_helper.rb | 4 | ||||
-rw-r--r-- | app/models/ability.rb | 1 | ||||
-rw-r--r-- | app/views/layouts/nav/_project.html.haml | 3 | ||||
-rw-r--r-- | spec/features/pipelines_spec.rb | 6 |
5 files changed, 14 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG index ef4d72a9e9b..88e7cfaf967 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -3,6 +3,7 @@ Please view this file on the master branch, on stable branches it's out of date. v 8.8.1 (unreleased) - Fix MySQL compatibility in zero downtime migrations helpers - Fix the CI login to Container Registry (the gitlab-ci-token user) + - Fix access to Pipelines by Anonymous user v 8.8.0 (unreleased) - Implement GFM references for milestones (Alejandro RodrÃguez) diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb index 0825b5b6437..5e5d170a9f3 100644 --- a/app/helpers/projects_helper.rb +++ b/app/helpers/projects_helper.rb @@ -144,6 +144,10 @@ module ProjectsHelper nav_tabs << :merge_requests end + if can?(current_user, :read_pipeline, project) + nav_tabs << :pipelines + end + if can?(current_user, :read_build, project) nav_tabs << :builds end diff --git a/app/models/ability.rb b/app/models/ability.rb index f7ea2fd2b1f..b354b1990c7 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -60,6 +60,7 @@ class Ability :read_project_member, :read_merge_request, :read_note, + :read_pipeline, :read_commit_status, :read_container_image, :download_code diff --git a/app/views/layouts/nav/_project.html.haml b/app/views/layouts/nav/_project.html.haml index a97fefcfb46..6dff488eda5 100644 --- a/app/views/layouts/nav/_project.html.haml +++ b/app/views/layouts/nav/_project.html.haml @@ -38,7 +38,7 @@ %span Commits - - if project_nav_tab? :builds + - if project_nav_tab? :pipelines = nav_link(controller: :pipelines) do = link_to project_pipelines_path(@project), title: 'Pipelines', class: 'shortcuts-pipelines' do = icon('ship fw') @@ -46,6 +46,7 @@ Pipelines %span.count.ci_counter= number_with_delimiter(@project.ci_commits.running_or_pending.count) + - if project_nav_tab? :builds = nav_link(controller: %w(builds)) do = link_to project_builds_path(@project), title: 'Builds', class: 'shortcuts-builds' do = icon('cubes fw') diff --git a/spec/features/pipelines_spec.rb b/spec/features/pipelines_spec.rb index 32665aadd22..1d6f4485c81 100644 --- a/spec/features/pipelines_spec.rb +++ b/spec/features/pipelines_spec.rb @@ -24,6 +24,12 @@ describe "Pipelines" do end end + context 'anonymous access' do + before { visit namespace_project_pipelines_path(project.namespace, project) } + + it { expect(page).to have_http_status(:success) } + end + context 'cancelable pipeline' do let!(:running) { create(:ci_build, :running, commit: pipeline, stage: 'test', commands: 'test') } |