diff options
author | Sean McGivern <sean@mcgivern.me.uk> | 2016-11-04 12:22:46 +0000 |
---|---|---|
committer | Sean McGivern <sean@mcgivern.me.uk> | 2016-11-04 12:22:46 +0000 |
commit | 856ef3c303574f9c6554dddf34e6bae5cfa0d4dd (patch) | |
tree | 0f03ab90d142cc63ee8b3f2b28cf2ff88a547ccf | |
parent | 5ef2bd192aa9b3ecbfc23e83c6984e2a818fb736 (diff) | |
parent | dcd70453a46f9fbf178382b49ff2b9af1937b982 (diff) | |
download | gitlab-ce-856ef3c303574f9c6554dddf34e6bae5cfa0d4dd.tar.gz |
Merge branch '24056-guest-sees-some-project-details-and-gets-404' into 'master'
Fix: Guest sees some repository details and gets 404
Closes #24056
See merge request !7222
-rw-r--r-- | app/views/projects/show.html.haml | 2 | ||||
-rw-r--r-- | changelogs/unreleased/24056-guest-sees-some-project-details-and-gets-404.yml | 4 | ||||
-rw-r--r-- | spec/features/projects/features_visibility_spec.rb | 15 |
3 files changed, 20 insertions, 1 deletions
diff --git a/app/views/projects/show.html.haml b/app/views/projects/show.html.haml index ba16c641462..d2570598501 100644 --- a/app/views/projects/show.html.haml +++ b/app/views/projects/show.html.haml @@ -12,7 +12,7 @@ = render 'projects/last_push' = render "home_panel" -- if @project.feature_available?(:repository, current_user) +- if current_user && can?(current_user, :download_code, @project) %nav.project-stats{ class: container_class } %ul.nav %li diff --git a/changelogs/unreleased/24056-guest-sees-some-project-details-and-gets-404.yml b/changelogs/unreleased/24056-guest-sees-some-project-details-and-gets-404.yml new file mode 100644 index 00000000000..8ca0c5beab3 --- /dev/null +++ b/changelogs/unreleased/24056-guest-sees-some-project-details-and-gets-404.yml @@ -0,0 +1,4 @@ +--- +title: 'Fix: Guest sees some repository details and gets 404' +merge_request: +author: diff --git a/spec/features/projects/features_visibility_spec.rb b/spec/features/projects/features_visibility_spec.rb index e796ee570b7..09aa6758b5c 100644 --- a/spec/features/projects/features_visibility_spec.rb +++ b/spec/features/projects/features_visibility_spec.rb @@ -183,4 +183,19 @@ describe 'Edit Project Settings', feature: true do end end end + + # Regression spec for https://gitlab.com/gitlab-org/gitlab-ce/issues/24056 + describe 'project statistic visibility' do + let!(:project) { create(:project, :private) } + + before do + project.team << [member, :guest] + login_as(member) + visit namespace_project_path(project.namespace, project) + end + + it "does not show project statistic for guest" do + expect(page).not_to have_selector('.project-stats') + end + end end |