diff options
author | Sean McGivern <sean@mcgivern.me.uk> | 2016-10-25 13:21:31 +0000 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2016-10-25 15:33:09 +0200 |
commit | bfe94698a7e82bf4a5976c8341e28cfcc90bf1de (patch) | |
tree | 64823022935bb006d656eb37e1c21ff4a23ad397 | |
parent | e6d6c41546a41ca6f1bf16aad89f2068350f9c63 (diff) | |
download | gitlab-ce-bfe94698a7e82bf4a5976c8341e28cfcc90bf1de.tar.gz |
Merge branch 'board-dragging-disabled' into 'master'
Stop unauthorized users dragging on issue boards
Closes #23763
See merge request !7096
Signed-off-by: Rémy Coutable <remy@rymai.me>
-rw-r--r-- | CHANGELOG.md | 1 | ||||
-rw-r--r-- | app/helpers/boards_helper.rb | 2 | ||||
-rw-r--r-- | spec/features/boards/boards_spec.rb | 4 |
3 files changed, 6 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index ae1e95c4c6f..6d915a61bbd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,7 @@ Please view this file on the master branch, on stable branches it's out of date. - Fix reply-by-email not working due to queue name mismatch. !7068 - Fix 404 for group pages when GitLab setup uses relative url. !7071 - Fix `User#to_reference`. !7088 + - Fix unauthorized users dragging on issue boards. !7096 ## 8.13.0 (2016-10-22) diff --git a/app/helpers/boards_helper.rb b/app/helpers/boards_helper.rb index b7247ffa8b2..38c586ccd31 100644 --- a/app/helpers/boards_helper.rb +++ b/app/helpers/boards_helper.rb @@ -5,7 +5,7 @@ module BoardsHelper { endpoint: namespace_project_boards_path(@project.namespace, @project), board_id: board.id, - disabled: !can?(current_user, :admin_list, @project), + disabled: "#{!can?(current_user, :admin_list, @project)}", issue_link_base: namespace_project_issues_path(@project.namespace, @project) } end diff --git a/spec/features/boards/boards_spec.rb b/spec/features/boards/boards_spec.rb index 0fb1608a0a3..c533ce1d87f 100644 --- a/spec/features/boards/boards_spec.rb +++ b/spec/features/boards/boards_spec.rb @@ -624,6 +624,10 @@ describe 'Issue Boards', feature: true, js: true do it 'does not show create new list' do expect(page).not_to have_selector('.js-new-board-list') end + + it 'does not allow dragging' do + expect(page).not_to have_selector('.user-can-drag') + end end context 'as guest user' do |