summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDouglas Barbosa Alexandre <dbalexandre@gmail.com>2016-06-22 19:29:40 -0300
committerDouglas Barbosa Alexandre <dbalexandre@gmail.com>2016-06-22 20:09:19 -0300
commit256cd8e498edfcbb8199abfb2b54d2d2905f030e (patch)
tree0b1b782c5c84488c148a6e4e7f6ada0918de2bce
parent8f9b64c720d55ee40066d5a6b1017ab95dbd9781 (diff)
downloadgitlab-ce-256cd8e498edfcbb8199abfb2b54d2d2905f030e.tar.gz
Fix visibility of private project snippets for members when searching
-rw-r--r--app/models/snippet.rb14
-rw-r--r--spec/models/snippet_spec.rb36
-rw-r--r--spec/services/search/snippet_service_spec.rb38
3 files changed, 68 insertions, 20 deletions
diff --git a/app/models/snippet.rb b/app/models/snippet.rb
index 3a191cd91d0..51f6ae7b25c 100644
--- a/app/models/snippet.rb
+++ b/app/models/snippet.rb
@@ -135,10 +135,16 @@ class Snippet < ActiveRecord::Base
end
def accessible_to(user)
- visibility_levels = [Snippet::PUBLIC]
- visibility_levels << Snippet::INTERNAL if user
-
- where('visibility_level IN (?) OR author_id = ?', visibility_levels, user)
+ return are_public unless user.present?
+ return all if user.admin?
+
+ where(
+ 'visibility_level IN (:visibility_levels)
+ OR author_id = :author_id
+ OR project_id IN (:project_ids)',
+ visibility_levels: [Snippet::PUBLIC, Snippet::INTERNAL],
+ author_id: user.id,
+ project_ids: user.authorized_projects.select(:id))
end
end
end
diff --git a/spec/models/snippet_spec.rb b/spec/models/snippet_spec.rb
index 57365571a7b..0621c6a06ce 100644
--- a/spec/models/snippet_spec.rb
+++ b/spec/models/snippet_spec.rb
@@ -89,22 +89,42 @@ describe Snippet, models: true do
end
describe '.accessible_to' do
- let(:author) { create(:author) }
- let(:user) { create(:user) }
+ let(:author) { create(:author) }
+ let(:project) { create(:empty_project) }
+
let!(:public_snippet) { create(:snippet, :public) }
let!(:internal_snippet) { create(:snippet, :internal) }
let!(:private_snippet) { create(:snippet, :private, author: author) }
- it 'returns only public snippets when user is nil' do
- expect(described_class.accessible_to(nil)).to eq [public_snippet]
+ let!(:project_public_snippet) { create(:snippet, :public, project: project) }
+ let!(:project_internal_snippet) { create(:snippet, :internal, project: project) }
+ let!(:project_private_snippet) { create(:snippet, :private, project: project) }
+
+ it 'returns only public snippets when user is blank' do
+ expect(described_class.accessible_to(nil)).to match_array [public_snippet, project_public_snippet]
+ end
+
+ it 'returns only public, and internal snippets for regular users' do
+ user = create(:user)
+
+ expect(described_class.accessible_to(user)).to match_array [public_snippet, internal_snippet, project_public_snippet, project_internal_snippet]
end
- it 'returns only public, and internal snippets when user is not nil' do
- expect(described_class.accessible_to(user)).to match_array [public_snippet, internal_snippet]
+ it 'returns public, internal snippets and project private snippets for project members' do
+ member = create(:user)
+ project.team << [member, :developer]
+
+ expect(described_class.accessible_to(member)).to match_array [public_snippet, internal_snippet, project_public_snippet, project_internal_snippet, project_private_snippet]
end
- it 'returns snippets where the user is the author' do
- expect(described_class.accessible_to(author)).to match_array [public_snippet, internal_snippet, private_snippet]
+ it 'returns private snippets where the user is the author' do
+ expect(described_class.accessible_to(author)).to match_array [public_snippet, internal_snippet, private_snippet, project_public_snippet, project_internal_snippet]
+ end
+
+ it 'returns all snippets when for admins' do
+ admin = create(:admin)
+
+ expect(described_class.accessible_to(admin)).to match_array [public_snippet, internal_snippet, private_snippet, project_public_snippet, project_internal_snippet, project_private_snippet]
end
end
diff --git a/spec/services/search/snippet_service_spec.rb b/spec/services/search/snippet_service_spec.rb
index 85721b61cff..14f3301d9f4 100644
--- a/spec/services/search/snippet_service_spec.rb
+++ b/spec/services/search/snippet_service_spec.rb
@@ -2,35 +2,57 @@ require 'spec_helper'
describe Search::SnippetService, services: true do
let(:author) { create(:author) }
- let(:internal_user) { create(:user) }
+ let(:project) { create(:empty_project) }
let!(:public_snippet) { create(:snippet, :public, content: 'password: XXX') }
let!(:internal_snippet) { create(:snippet, :internal, content: 'password: XXX') }
let!(:private_snippet) { create(:snippet, :private, content: 'password: XXX', author: author) }
+ let!(:project_public_snippet) { create(:snippet, :public, project: project, content: 'password: XXX') }
+ let!(:project_internal_snippet) { create(:snippet, :internal, project: project, content: 'password: XXX') }
+ let!(:project_private_snippet) { create(:snippet, :private, project: project, content: 'password: XXX') }
+
describe '#execute' do
context 'unauthenticated' do
- it 'should return public snippets only' do
+ it 'returns public snippets only' do
search = described_class.new(nil, search: 'password')
results = search.execute
- expect(results.objects('snippet_blobs')).to match_array [public_snippet]
+ expect(results.objects('snippet_blobs')).to match_array [public_snippet, project_public_snippet]
end
end
context 'authenticated' do
- it 'should return only public & internal snippets' do
- search = described_class.new(internal_user, search: 'password')
+ it 'returns only public & internal snippets for regular users' do
+ user = create(:user)
+ search = described_class.new(user, search: 'password')
+ results = search.execute
+
+ expect(results.objects('snippet_blobs')).to match_array [public_snippet, internal_snippet, project_public_snippet, project_internal_snippet]
+ end
+
+ it 'returns public, internal snippets and project private snippets for project members' do
+ member = create(:user)
+ project.team << [member, :developer]
+ search = described_class.new(member, search: 'password')
results = search.execute
- expect(results.objects('snippet_blobs')).to match_array [public_snippet, internal_snippet]
+ expect(results.objects('snippet_blobs')).to match_array [public_snippet, internal_snippet, project_public_snippet, project_internal_snippet, project_private_snippet]
end
- it 'should return public, internal and private snippets for author' do
+ it 'returns public, internal and private snippets where user is the author' do
search = described_class.new(author, search: 'password')
results = search.execute
- expect(results.objects('snippet_blobs')).to match_array [public_snippet, internal_snippet, private_snippet]
+ expect(results.objects('snippet_blobs')).to match_array [public_snippet, internal_snippet, private_snippet, project_public_snippet, project_internal_snippet]
+ end
+
+ it 'returns all snippets when user is admin' do
+ admin = create(:admin)
+ search = described_class.new(admin, search: 'password')
+ results = search.execute
+
+ expect(results.objects('snippet_blobs')).to match_array [public_snippet, internal_snippet, private_snippet, project_public_snippet, project_internal_snippet, project_private_snippet]
end
end
end