Merge branch 'settings-dropdown-permissions' into 'master'

Fix displaying of project settings links the user cannot access. ## What does this MR do? It fixes the Project Settings dropdown displaying project settings links that the user cannot actually access. ## Are there points in the code the reviewer needs to double check? I've tested combinations I can think of, feel free to mess around with and see if it breaks? ## Why was this MR needed? Users were seeing links in the Project Settings dropdown that they shouldn't have seen, if they clicked them they would be shown permission errors. ## What are the relevant issue numbers? #18294 ## Screenshots (if relevant) Users without any permissions: ![Screen_Shot_2016-06-10_at_10.41.27_AM](/uploads/b70ca18a36b5f774b85694d8f1728882/Screen_Shot_2016-06-10_at_10.41.27_AM.png) Guest members of the project: ![Screen_Shot_2016-06-10_at_10.48.36_AM](/uploads/a37986b4daa789063661c2fa8cf59d43/Screen_Shot_2016-06-10_at_10.48.36_AM.png) Full permissions: ![Screen_Shot_2016-06-10_at_10.41.57_AM](/uploads/4c5cc97962e69a1a72ee8e237591ec22/Screen_Shot_2016-06-10_at_10.41.57_AM.png) cc: @dzaporozhets @annabeldunstone @jschatz1 See merge request !4599
author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-06-14 14:11:13 +0000
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-06-14 14:11:13 +0000
commit: d4cd6dcaa024f8eca9089e67fb9b97022696d3e0 (patch)
tree: 2d7177f94ec9b51d470389ffc86476d49c36cc0d /app
parent: 95a7fbe97cebdf3e4249a99b6729ffb410398e4f (diff)
parent: 63900c1dcfa477ab573e7fd57d8b3e5cc2ecf6cf (diff)
download: gitlab-ce-d4cd6dcaa024f8eca9089e67fb9b97022696d3e0.tar.gz
2 files changed, 50 insertions, 49 deletions
diff --git a/app/views/layouts/nav/_project.html.haml b/app/views/layouts/nav/_project.html.haml
index 53d1fcc30a6..0ac44b084a9 100644
--- a/app/views/layouts/nav/_project.html.haml
+++ b/app/views/layouts/nav/_project.html.haml
@@ -1,23 +1,24 @@
 - if current_user
+  - access = user_max_access_in_project(current_user.id, @project)
+  - can_edit = can?(current_user, :admin_project, @project)
   .controls
-    - access = user_max_access_in_project(current_user.id, @project)
-    - can_edit = can?(current_user, :admin_project, @project)
     .dropdown.project-settings-dropdown
       %a.dropdown-new.btn.btn-default#project-settings-button{href: '#', 'data-toggle' => 'dropdown'}
         = icon('cog')
         = icon('caret-down')
       %ul.dropdown-menu.dropdown-menu-align-right
-        = render 'layouts/nav/project_settings'
-        %li.divider
-        - if can_edit
-          %li
-            = link_to edit_project_path(@project) do
-              Edit Project
-        - if access
-          %li
-            = link_to leave_namespace_project_project_members_path(@project.namespace, @project),
-              data: { confirm: leave_project_message(@project) }, method: :delete, title: 'Leave project' do
-              Leave Project
+        = render 'layouts/nav/project_settings', access: access, can_edit: can_edit
+        - if can_edit || access
+          %li.divider
+          - if can_edit
+            %li
+              = link_to edit_project_path(@project) do
+                Edit Project
+          - if access
+            %li
+              = link_to leave_namespace_project_project_members_path(@project.namespace, @project),
+                data: { confirm: leave_project_message(@project) }, method: :delete, title: 'Leave project' do
+                Leave Project
 
 %div{ class: nav_control_class }
   %ul.nav-links.scrolling-tabs
diff --git a/app/views/layouts/nav/_project_settings.html.haml b/app/views/layouts/nav/_project_settings.html.haml
index 885e78d38c6..13d32bd1354 100644
--- a/app/views/layouts/nav/_project_settings.html.haml
+++ b/app/views/layouts/nav/_project_settings.html.haml
@@ -3,43 +3,43 @@
     = link_to namespace_project_project_members_path(@project.namespace, @project), title: 'Members', class: 'team-tab tab' do
       %span
         Members
-
-- if @project.allowed_to_share_with_group?
-  = nav_link(controller: :group_links) do
-    = link_to namespace_project_group_links_path(@project.namespace, @project), title: "Groups" do
-      %span
-        Groups
-= nav_link(controller: :deploy_keys) do
-  = link_to namespace_project_deploy_keys_path(@project.namespace, @project), title: 'Deploy Keys' do
-    %span
-      Deploy Keys
-= nav_link(controller: :hooks) do
-  = link_to namespace_project_hooks_path(@project.namespace, @project), title: 'Webhooks' do
-    %span
-      Webhooks
-= nav_link(controller: :services) do
-  = link_to namespace_project_services_path(@project.namespace, @project), title: 'Services' do
-    %span
-      Services
-= nav_link(controller: :protected_branches) do
-  = link_to namespace_project_protected_branches_path(@project.namespace, @project), title: 'Protected Branches' do
-    %span
-      Protected Branches
-
-- if @project.builds_enabled?
-  = nav_link(controller: :runners) do
-    = link_to namespace_project_runners_path(@project.namespace, @project), title: 'Runners' do
+- if access && can_edit
+  - if @project.allowed_to_share_with_group?
+    = nav_link(controller: :group_links) do
+      = link_to namespace_project_group_links_path(@project.namespace, @project), title: "Groups" do
+        %span
+          Groups
+  = nav_link(controller: :deploy_keys) do
+    = link_to namespace_project_deploy_keys_path(@project.namespace, @project), title: 'Deploy Keys' do
       %span
-        Runners
-  = nav_link(controller: :variables) do
-    = link_to namespace_project_variables_path(@project.namespace, @project), title: 'Variables' do
+        Deploy Keys
+  = nav_link(controller: :hooks) do
+    = link_to namespace_project_hooks_path(@project.namespace, @project), title: 'Webhooks' do
       %span
-        Variables
-  = nav_link(controller: :triggers) do
-    = link_to namespace_project_triggers_path(@project.namespace, @project), title: 'Triggers' do
+        Webhooks
+  = nav_link(controller: :services) do
+    = link_to namespace_project_services_path(@project.namespace, @project), title: 'Services' do
       %span
-        Triggers
-  = nav_link(controller: :badges) do
-    = link_to namespace_project_badges_path(@project.namespace, @project), title: 'Badges' do
+        Services
+  = nav_link(controller: :protected_branches) do
+    = link_to namespace_project_protected_branches_path(@project.namespace, @project), title: 'Protected Branches' do
       %span
-        Badges
+        Protected Branches
+
+  - if @project.builds_enabled?
+    = nav_link(controller: :runners) do
+      = link_to namespace_project_runners_path(@project.namespace, @project), title: 'Runners' do
+        %span
+          Runners
+    = nav_link(controller: :variables) do
+      = link_to namespace_project_variables_path(@project.namespace, @project), title: 'Variables' do
+        %span
+          Variables
+    = nav_link(controller: :triggers) do
+      = link_to namespace_project_triggers_path(@project.namespace, @project), title: 'Triggers' do
+        %span
+          Triggers
+    = nav_link(controller: :badges) do
+      = link_to namespace_project_badges_path(@project.namespace, @project), title: 'Badges' do
+        %span
+          Badges
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2016-06-14 14:11:13 +0000
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2016-06-14 14:11:13 +0000
commit	d4cd6dcaa024f8eca9089e67fb9b97022696d3e0 (patch)
tree	2d7177f94ec9b51d470389ffc86476d49c36cc0d /app
parent	95a7fbe97cebdf3e4249a99b6729ffb410398e4f (diff)
parent	63900c1dcfa477ab573e7fd57d8b3e5cc2ecf6cf (diff)
download	gitlab-ce-d4cd6dcaa024f8eca9089e67fb9b97022696d3e0.tar.gz