diff options
| author | Patrick Bajao <ebajao@gitlab.com> | 2019-01-24 12:44:46 +0000 |
|---|---|---|
| committer | Nick Thomas <nick@gitlab.com> | 2019-01-24 12:44:46 +0000 |
| commit | 40900669b3bde03468d709c479794a758b431d8c (patch) | |
| tree | 807a6567e50b691796b84cff62515dd25172ea52 | |
| parent | 16ab0050f6f1544eb717da34975f12861df37c9c (diff) | |
| download | gitlab-ce-40900669b3bde03468d709c479794a758b431d8c.tar.gz | |
Allow admins/auditors to read private personal snippets
| -rw-r--r-- | app/policies/personal_snippet_policy.rb | 2 | ||||
| -rw-r--r-- | changelogs/unreleased/51754-admin-view-private-personal-snippets.yml | 5 | ||||
| -rw-r--r-- | spec/models/event_spec.rb | 5 | ||||
| -rw-r--r-- | spec/policies/personal_snippet_policy_spec.rb | 11 |
4 files changed, 19 insertions, 4 deletions
diff --git a/app/policies/personal_snippet_policy.rb b/app/policies/personal_snippet_policy.rb index 777f933cdcd..040b5a73415 100644 --- a/app/policies/personal_snippet_policy.rb +++ b/app/policies/personal_snippet_policy.rb @@ -29,4 +29,6 @@ class PersonalSnippetPolicy < BasePolicy rule { anonymous }.prevent :comment_personal_snippet rule { can?(:comment_personal_snippet) }.enable :award_emoji + + rule { full_private_access }.enable :read_personal_snippet end diff --git a/changelogs/unreleased/51754-admin-view-private-personal-snippets.yml b/changelogs/unreleased/51754-admin-view-private-personal-snippets.yml new file mode 100644 index 00000000000..cf3d73fce0c --- /dev/null +++ b/changelogs/unreleased/51754-admin-view-private-personal-snippets.yml @@ -0,0 +1,5 @@ +--- +title: Allow users with full private access to read private personal snippets. +merge_request: 24560 +author: +type: fixed diff --git a/spec/models/event_spec.rb b/spec/models/event_spec.rb index a64720f1876..ce4f8ee4705 100644 --- a/spec/models/event_spec.rb +++ b/spec/models/event_spec.rb @@ -399,10 +399,7 @@ describe Event do expect(event.visible_to_user?(nil)).to be_falsy expect(event.visible_to_user?(non_member)).to be_falsy expect(event.visible_to_user?(author)).to be_truthy - - # It is very unexpected that a private personal snippet is not visible - # to an instance administrator. This should be fixed in the future. - expect(event.visible_to_user?(admin)).to be_falsy + expect(event.visible_to_user?(admin)).to be_truthy end end end diff --git a/spec/policies/personal_snippet_policy_spec.rb b/spec/policies/personal_snippet_policy_spec.rb index 3809692b373..397eaee068c 100644 --- a/spec/policies/personal_snippet_policy_spec.rb +++ b/spec/policies/personal_snippet_policy_spec.rb @@ -128,6 +128,17 @@ describe PersonalSnippetPolicy do end end + context 'admin user' do + subject { permissions(admin_user) } + + it do + is_expected.to be_allowed(:read_personal_snippet) + is_expected.to be_disallowed(:comment_personal_snippet) + is_expected.to be_disallowed(:award_emoji) + is_expected.to be_disallowed(*author_permissions) + end + end + context 'external user' do subject { permissions(external_user) } |