diff options
author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-06-14 14:43:45 +0200 |
---|---|---|
committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-06-14 14:43:45 +0200 |
commit | bb6f246790fb3a6b85ab2fd9341566557da64a23 (patch) | |
tree | f215918327d82cc629f8faba6deeebffef92cb3e | |
parent | e129f66d9e597f43f7a85243ddedf3de0fc4946a (diff) | |
download | gitlab-ce-bb6f246790fb3a6b85ab2fd9341566557da64a23.tar.gz |
Authorize environments controller actions
4 files changed, 48 insertions, 2 deletions
diff --git a/app/controllers/projects/environments_controller.rb b/app/controllers/projects/environments_controller.rb index c6a9a0a403a..4f8dadd6adf 100644 --- a/app/controllers/projects/environments_controller.rb +++ b/app/controllers/projects/environments_controller.rb @@ -1,6 +1,8 @@ class Projects::EnvironmentsController < Projects::ApplicationController layout 'project' before_action :authorize_read_environment! + before_action :authorize_create_environment!, only: [:new, :create] + before_action :authorize_update_environment!, only: [:destroy] before_action :environment, only: [:show, :destroy] def index diff --git a/app/views/projects/environments/new.html.haml b/app/views/projects/environments/new.html.haml index c7abac6e49f..ade41d9de2d 100644 --- a/app/views/projects/environments/new.html.haml +++ b/app/views/projects/environments/new.html.haml @@ -9,7 +9,7 @@ = form_for @environment, url: namespace_project_environments_path(@project.namespace, @project), html: { id: "new-environment-form", class: "col-lg-9 js-new-environment-form js-requires-input" } do |f| = form_errors(@environment) .form-group - = f.label :ref, 'Environment name', class: 'label-light' + = f.label :name, 'Environment name', class: 'label-light' = f.text_field :name, required: true, class: 'form-control' = f.submit 'Create environment', class: 'btn btn-create' = link_to "Cancel", namespace_project_environments_path(@project.namespace, @project), class: "btn btn-cancel" diff --git a/app/views/projects/environments/show.html.haml b/app/views/projects/environments/show.html.haml index f5e30d75b42..1d39bef9427 100644 --- a/app/views/projects/environments/show.html.haml +++ b/app/views/projects/environments/show.html.haml @@ -9,7 +9,8 @@ .col-md-3 .nav-controls - = link_to 'Destroy', namespace_project_environment_path(@project.namespace, @project, @environment), data: { confirm: 'Are you sure?' }, class: 'btn btn-danger', method: :delete + - if can?(current_user, :update_environment, @project) + = link_to 'Destroy', namespace_project_environment_path(@project.namespace, @project, @environment), data: { confirm: 'Are you sure?' }, class: 'btn btn-danger', method: :delete - if @deployments.blank? %ul.content-list diff --git a/spec/features/security/project/public_access_spec.rb b/spec/features/security/project/public_access_spec.rb index c5f741709ad..f6c6687e162 100644 --- a/spec/features/security/project/public_access_spec.rb +++ b/spec/features/security/project/public_access_spec.rb @@ -175,6 +175,49 @@ describe "Public Project Access", feature: true do end end + describe "GET /:project_path/environments" do + subject { namespace_project_environments_path(project.namespace, project) } + + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_allowed_for owner } + it { is_expected.to be_allowed_for master } + it { is_expected.to be_allowed_for developer } + it { is_expected.to be_allowed_for reporter } + it { is_expected.to be_denied_for guest } + it { is_expected.to be_denied_for :user } + it { is_expected.to be_denied_for :external } + it { is_expected.to be_denied_for :visitor } + end + + describe "GET /:project_path/environments/:id" do + let(:environment) { create(:environment, project: project) } + subject { namespace_project_environments_path(project.namespace, project, environment) } + + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_allowed_for owner } + it { is_expected.to be_allowed_for master } + it { is_expected.to be_allowed_for developer } + it { is_expected.to be_allowed_for reporter } + it { is_expected.to be_denied_for guest } + it { is_expected.to be_denied_for :user } + it { is_expected.to be_denied_for :external } + it { is_expected.to be_denied_for :visitor } + end + + describe "GET /:project_path/environments/new" do + subject { new_namespace_project_environment_path(project.namespace, project) } + + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_allowed_for owner } + it { is_expected.to be_allowed_for master } + it { is_expected.to be_allowed_for developer } + it { is_expected.to be_denied_for reporter } + it { is_expected.to be_denied_for guest } + it { is_expected.to be_denied_for :user } + it { is_expected.to be_denied_for :external } + it { is_expected.to be_denied_for :visitor } + end + describe "GET /:project_path/blob" do let(:commit) { project.repository.commit } |