diff options
| author | Felipe Artur <felipefac@gmail.com> | 2016-04-05 18:56:07 -0300 |
|---|---|---|
| committer | Felipe Artur <felipefac@gmail.com> | 2016-04-18 11:12:27 -0300 |
| commit | 07b38c3b389b8b0b6a3d6af7a38555c189e71afe (patch) | |
| tree | 9121f5a70884a8ab60ee5dd7d4e160bacf69658b | |
| parent | 147879ae66fd742d13bbb5b72d492788bc48c8d9 (diff) | |
| download | gitlab-ce-07b38c3b389b8b0b6a3d6af7a38555c189e71afe.tar.gz | |
Code fixes
| -rw-r--r-- | app/controllers/projects/project_members_controller.rb | 7 | ||||
| -rw-r--r-- | app/controllers/users_controller.rb | 21 | ||||
| -rw-r--r-- | app/models/ability.rb | 10 | ||||
| -rw-r--r-- | app/views/layouts/nav/_project.html.haml | 2 | ||||
| -rw-r--r-- | spec/controllers/users_controller_spec.rb | 2 |
5 files changed, 14 insertions, 28 deletions
diff --git a/app/controllers/projects/project_members_controller.rb b/app/controllers/projects/project_members_controller.rb index 7badbb47d0c..e457db2f0b7 100644 --- a/app/controllers/projects/project_members_controller.rb +++ b/app/controllers/projects/project_members_controller.rb @@ -1,7 +1,6 @@ class Projects::ProjectMembersController < Projects::ApplicationController # Authorize before_action :authorize_admin_project_member!, except: :leave - before_action :authorize_read_project_members, only: :index def index @project_members = @project.project_members @@ -113,10 +112,4 @@ class Projects::ProjectMembersController < Projects::ApplicationController def member_params params.require(:project_member).permit(:user_id, :access_level) end - - private - - def authorize_read_project_members - can?(current_user, :read_project_members, @project) - end end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 233dca54b99..2ae180c8a12 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,6 +1,6 @@ class UsersController < ApplicationController skip_before_action :authenticate_user! - before_action :set_user, except: [:show] + before_action :user before_action :authorize_read_user!, only: [:show] def show @@ -77,26 +77,25 @@ class UsersController < ApplicationController private def authorize_read_user! - set_user - render_404 unless can?(current_user, :read_user, @user) + render_404 unless can?(current_user, :read_user, user) end - def set_user - @user = User.find_by_username!(params[:username]) + def user + @user ||= User.find_by_username!(params[:username]) end def contributed_projects - ContributedProjectsFinder.new(@user).execute(current_user) + ContributedProjectsFinder.new(user).execute(current_user) end def contributions_calendar @contributions_calendar ||= Gitlab::ContributionsCalendar. - new(contributed_projects, @user) + new(contributed_projects, user) end def load_events # Get user activity feed for projects common for both users - @events = @user.recent_events. + @events = user.recent_events. merge(projects_for_current_user). references(:project). with_associations. @@ -105,16 +104,16 @@ class UsersController < ApplicationController def load_projects @projects = - PersonalProjectsFinder.new(@user).execute(current_user) + PersonalProjectsFinder.new(user).execute(current_user) .page(params[:page]) end def load_contributed_projects - @contributed_projects = contributed_projects.joined(@user) + @contributed_projects = contributed_projects.joined(user) end def load_groups - @groups = JoinedGroupsFinder.new(@user).execute(current_user) + @groups = JoinedGroupsFinder.new(user).execute(current_user) end def projects_for_current_user diff --git a/app/models/ability.rb b/app/models/ability.rb index 684834aa394..7c452c69d14 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -1,5 +1,4 @@ class Ability - class << self def allowed(user, subject) return anonymous_abilities(user, subject) if user.nil? @@ -58,7 +57,6 @@ class Ability :read_label, :read_milestone, :read_project_snippet, - :read_project_member, :read_merge_request, :read_note, :read_commit_status, @@ -71,8 +69,6 @@ class Ability # Allow to read issues by anonymous user if issue is not confidential rules << :read_issue unless subject.is_a?(Issue) && subject.confidential? - rules << :read_project_member unless restricted_public_level? - rules - project_disabled_features_rules(project) else [] @@ -96,9 +92,8 @@ class Ability end if group - rules << [:read_group] if group.public? - - rules << [:read_group_members] unless restricted_public_level? + rules << :read_group if group.public? + rules << :read_group_members unless restricted_public_level? end rules @@ -156,7 +151,6 @@ class Ability rules -= project_archived_rules end - rules << :read_project_members rules - project_disabled_features_rules(project) end end diff --git a/app/views/layouts/nav/_project.html.haml b/app/views/layouts/nav/_project.html.haml index d651de0fbe0..2c9e2159486 100644 --- a/app/views/layouts/nav/_project.html.haml +++ b/app/views/layouts/nav/_project.html.haml @@ -77,7 +77,7 @@ Merge Requests %span.count.merge_counter= number_with_delimiter(@project.merge_requests.opened.count) - - if project_nav_tab?(:settings) && can?(current_user, :read_project_members, @project) + - if project_nav_tab?(:settings) = nav_link(controller: [:project_members, :teams]) do = link_to namespace_project_project_members_path(@project.namespace, @project), title: 'Members', class: 'team-tab tab' do = icon('users fw') diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb index 7701da9747a..948935bc10d 100644 --- a/spec/controllers/users_controller_spec.rb +++ b/spec/controllers/users_controller_spec.rb @@ -41,7 +41,7 @@ describe UsersController do end end - context 'When public visibility level is restricted' do + context 'when public visibility level is restricted' do before do stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC]) end |