diff options
author | Felipe Artur <felipefac@gmail.com> | 2016-04-18 17:52:10 -0300 |
---|---|---|
committer | Felipe Artur <felipefac@gmail.com> | 2016-04-18 17:53:34 -0300 |
commit | 0b91ff287d12d59bb4193fff4c8e605f8a1a6e69 (patch) | |
tree | db301d139aaf7112679e58981f89a5f38fbd0d5a | |
parent | 62f6601c598d59781137109c0eee5c5ea1792e13 (diff) | |
download | gitlab-ce-0b91ff287d12d59bb4193fff4c8e605f8a1a6e69.tar.gz |
Projects members tab should follow visibility levels
-rw-r--r-- | app/models/ability.rb | 15 | ||||
-rw-r--r-- | spec/controllers/projects/project_members_controller_spec.rb | 15 | ||||
-rw-r--r-- | spec/features/security/project/internal_access_spec.rb | 10 | ||||
-rw-r--r-- | spec/features/security/project/private_access_spec.rb | 6 | ||||
-rw-r--r-- | spec/features/security/project/public_access_spec.rb | 12 |
5 files changed, 19 insertions, 39 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb index a037aee6d51..386c3d82d2c 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -154,17 +154,9 @@ class Ability end end - def project_member_rules(team, user) - all_members_rules = [] - - #Rules only for members which does not include public behavior - all_members_rules << :read_members_list if team.members.include?(user) - all_members_rules - end - def project_team_rules(team, user) # Rules based on role in project - filtered_rules = if team.master?(user) + if team.master?(user) project_master_rules elsif team.developer?(user) project_dev_rules @@ -173,8 +165,6 @@ class Ability elsif team.guest?(user) project_guest_rules end - - Array(filtered_rules) + project_member_rules(team, user) end def public_project_rules @@ -199,7 +189,8 @@ class Ability :create_project, :create_issue, :create_note, - :upload_file + :upload_file, + :read_members_list ] end diff --git a/spec/controllers/projects/project_members_controller_spec.rb b/spec/controllers/projects/project_members_controller_spec.rb index c52c586cc9b..1bc5ad4706b 100644 --- a/spec/controllers/projects/project_members_controller_spec.rb +++ b/spec/controllers/projects/project_members_controller_spec.rb @@ -48,7 +48,7 @@ describe Projects::ProjectMembersController do end describe 'index' do - let(:project) { create(:project, :internal) } + let(:project) { create(:project, :private) } context 'when user is member' do let(:member) { create(:user) } @@ -59,18 +59,7 @@ describe Projects::ProjectMembersController do get :index, namespace_id: project.namespace.to_param, project_id: project.to_param end - it { expect(response.status).to eq(200) } - end - - context 'when user is not member' do - let(:not_member) { create(:user) } - - before do - sign_in(not_member) - get :index, namespace_id: project.namespace.to_param, project_id: project.to_param - end - - it { expect(response.status).to eq(403) } + it { expect(response.status).to eq(200) } end end end diff --git a/spec/features/security/project/internal_access_spec.rb b/spec/features/security/project/internal_access_spec.rb index 79d5bf4cf06..8625ea6bc10 100644 --- a/spec/features/security/project/internal_access_spec.rb +++ b/spec/features/security/project/internal_access_spec.rb @@ -101,12 +101,12 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for owner } it { is_expected.to be_allowed_for master } - it { is_expected.to be_denied_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } - it { is_expected.to be_denied_for :user } - it { is_expected.to be_denied_for :external } + it { is_expected.to be_allowed_for developer } + it { is_expected.to be_allowed_for reporter } + it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :visitor } + it { is_expected.to be_denied_for :external } end describe "GET /:project_path/blob" do diff --git a/spec/features/security/project/private_access_spec.rb b/spec/features/security/project/private_access_spec.rb index 0a89193eb67..544270b4037 100644 --- a/spec/features/security/project/private_access_spec.rb +++ b/spec/features/security/project/private_access_spec.rb @@ -101,9 +101,9 @@ describe "Private Project Access", feature: true do it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for owner } it { is_expected.to be_allowed_for master } - it { is_expected.to be_denied_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for developer } + it { is_expected.to be_allowed_for reporter } + it { is_expected.to be_allowed_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } diff --git a/spec/features/security/project/public_access_spec.rb b/spec/features/security/project/public_access_spec.rb index 40daac89d40..4def4f99bc0 100644 --- a/spec/features/security/project/public_access_spec.rb +++ b/spec/features/security/project/public_access_spec.rb @@ -101,12 +101,12 @@ describe "Public Project Access", feature: true do it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for owner } it { is_expected.to be_allowed_for master } - it { is_expected.to be_denied_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } - it { is_expected.to be_denied_for :user } - it { is_expected.to be_denied_for :external } - it { is_expected.to be_denied_for :visitor } + it { is_expected.to be_allowed_for developer } + it { is_expected.to be_allowed_for reporter } + it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for :user } + it { is_expected.to be_allowed_for :visitor } + it { is_expected.to be_allowed_for :external } end describe "GET /:project_path/builds" do |