summaryrefslogtreecommitdiff
path: root/features
diff options
context:
space:
mode:
authorCiro Santillli <ciro.santilli@gmail.com>2014-01-27 15:53:59 +0100
committerCiro Santillli <ciro.santilli@gmail.com>2014-02-11 15:45:30 +0100
commit91571c078dee6297a17afecb6dc071ce882c82be (patch)
treed57688b9653182beaa345e6cabe11b50e4dfabee /features
parent1284f21c073e42c44b9faa7b0ad1ec90b66ca8fb (diff)
downloadgitlab-ce-91571c078dee6297a17afecb6dc071ce882c82be.tar.gz
User pages are visible to users without login
... if the user is authorized to at least one public project.
Diffstat (limited to 'features')
-rw-r--r--features/admin/groups.feature6
-rw-r--r--features/group/group.feature6
-rw-r--r--features/steps/admin/admin_groups.rb13
-rw-r--r--features/steps/group/group.rb13
-rw-r--r--features/steps/public/projects_feature.rb32
-rw-r--r--features/steps/shared/paths.rb8
-rw-r--r--features/steps/shared/project.rb64
-rw-r--r--features/steps/shared/user.rb11
-rw-r--r--features/steps/user.rb10
-rw-r--r--features/user.feature69
10 files changed, 180 insertions, 52 deletions
diff --git a/features/admin/groups.feature b/features/admin/groups.feature
index 6fed9a34869..7741307f178 100644
--- a/features/admin/groups.feature
+++ b/features/admin/groups.feature
@@ -2,7 +2,7 @@ Feature: Admin Groups
Background:
Given I sign in as an admin
And I have group with projects
- And Create gitlab user "John"
+ And Create user "John Doe"
And I visit admin groups page
Scenario: See group list
@@ -17,5 +17,5 @@ Feature: Admin Groups
@javascript
Scenario: Add user into projects in group
When I visit admin group page
- When I select user "John" from user list as "Reporter"
- Then I should see "John" in team list in every project as "Reporter"
+ When I select user "John Doe" from user list as "Reporter"
+ Then I should see "John Doe" in team list in every project as "Reporter"
diff --git a/features/group/group.feature b/features/group/group.feature
index ca3e67d2c1d..6177263e477 100644
--- a/features/group/group.feature
+++ b/features/group/group.feature
@@ -21,10 +21,10 @@ Feature: Groups
@javascript
Scenario: I should add user to projects in Group
- Given I have new user "John"
+ Given Create user "John Doe"
When I visit group members page
- And I select user "John" from list with role "Reporter"
- Then I should see user "John" in team list
+ And I select user "John Doe" from list with role "Reporter"
+ Then I should see user "John Doe" in team list
Scenario: I should see edit group page
When I visit group settings page
diff --git a/features/steps/admin/admin_groups.rb b/features/steps/admin/admin_groups.rb
index 013fa6da8b4..9c1bcfefb9c 100644
--- a/features/steps/admin/admin_groups.rb
+++ b/features/steps/admin/admin_groups.rb
@@ -1,6 +1,7 @@
class AdminGroups < Spinach::FeatureSteps
include SharedAuthentication
include SharedPaths
+ include SharedUser
include SharedActiveTab
include Select2Helper
@@ -20,10 +21,6 @@ class AdminGroups < Spinach::FeatureSteps
@project.team << [current_user, :master]
end
- And 'Create gitlab user "John"' do
- create(:user, name: "John")
- end
-
And 'submit form with new group info' do
fill_in 'group_name', with: 'gitlab'
fill_in 'group_description', with: 'Group description'
@@ -39,8 +36,8 @@ class AdminGroups < Spinach::FeatureSteps
current_path.should == admin_group_path(Group.last)
end
- When 'I select user "John" from user list as "Reporter"' do
- user = User.find_by(name: "John")
+ When 'I select user "John Doe" from user list as "Reporter"' do
+ user = User.find_by(name: "John Doe")
select2(user.id, from: "#user_ids", multiple: true)
within "#new_team_member" do
select "Reporter", from: "group_access"
@@ -48,9 +45,9 @@ class AdminGroups < Spinach::FeatureSteps
click_button "Add users into group"
end
- Then 'I should see "John" in team list in every project as "Reporter"' do
+ Then 'I should see "John Doe" in team list in every project as "Reporter"' do
within ".group-users-list" do
- page.should have_content "John"
+ page.should have_content "John Doe"
page.should have_content "Reporter"
end
end
diff --git a/features/steps/group/group.rb b/features/steps/group/group.rb
index 0b0f401c3ba..686f683314a 100644
--- a/features/steps/group/group.rb
+++ b/features/steps/group/group.rb
@@ -1,6 +1,7 @@
class Groups < Spinach::FeatureSteps
include SharedAuthentication
include SharedPaths
+ include SharedUser
include Select2Helper
Then 'I should see projects list' do
@@ -34,12 +35,8 @@ class Groups < Spinach::FeatureSteps
end
end
- Given 'I have new user "John"' do
- create(:user, name: "John")
- end
-
- And 'I select user "John" from list with role "Reporter"' do
- user = User.find_by(name: "John")
+ And 'I select user "John Doe" from list with role "Reporter"' do
+ user = User.find_by(name: "John Doe")
within ".users-group-form" do
select2(user.id, from: "#user_ids", multiple: true)
select "Reporter", from: "group_access"
@@ -47,9 +44,9 @@ class Groups < Spinach::FeatureSteps
click_button "Add users into group"
end
- Then 'I should see user "John" in team list' do
+ Then 'I should see user "John Doe" in team list' do
projects_with_access = find(".ui-box .well-list")
- projects_with_access.should have_content("John")
+ projects_with_access.should have_content("John Doe")
end
Given 'project from group has issues assigned to me' do
diff --git a/features/steps/public/projects_feature.rb b/features/steps/public/projects_feature.rb
index 84a5ebbf7a7..eb1d235f435 100644
--- a/features/steps/public/projects_feature.rb
+++ b/features/steps/public/projects_feature.rb
@@ -3,12 +3,8 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps
include SharedPaths
include SharedProject
- step 'I should see project "Community"' do
- page.should have_content "Community"
- end
-
- step 'I should not see project "Enterprise"' do
- page.should_not have_content "Enterprise"
+ step 'public empty project "Empty Public Project"' do
+ create :empty_project, name: 'Empty Public Project', visibility_level: Gitlab::VisibilityLevel::PUBLIC
end
step 'I should see project "Empty Public Project"' do
@@ -24,14 +20,6 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps
page.should have_content 'README.md'
end
- step 'public project "Community"' do
- create :project, name: 'Community', visibility_level: Gitlab::VisibilityLevel::PUBLIC
- end
-
- step 'public empty project "Empty Public Project"' do
- create :empty_project, name: 'Empty Public Project', visibility_level: Gitlab::VisibilityLevel::PUBLIC
- end
-
step 'I visit empty project page' do
project = Project.find_by(name: 'Empty Public Project')
visit project_path(project)
@@ -60,10 +48,6 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps
end
end
- step 'private project "Enterprise"' do
- create :project, name: 'Enterprise'
- end
-
step 'I visit project "Enterprise" page' do
project = Project.find_by(name: 'Enterprise')
visit project_path(project)
@@ -75,18 +59,6 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps
end
end
- step 'internal project "Internal"' do
- create :project, name: 'Internal', visibility_level: Gitlab::VisibilityLevel::INTERNAL
- end
-
- step 'I should see project "Internal"' do
- page.should have_content "Internal"
- end
-
- step 'I should not see project "Internal"' do
- page.should_not have_content "Internal"
- end
-
step 'I visit project "Internal" page' do
project = Project.find_by(name: 'Internal')
visit project_path(project)
diff --git a/features/steps/shared/paths.rb b/features/steps/shared/paths.rb
index d287121bb84..c1aafc183dc 100644
--- a/features/steps/shared/paths.rb
+++ b/features/steps/shared/paths.rb
@@ -6,6 +6,14 @@ module SharedPaths
end
# ----------------------------------------
+ # User
+ # ----------------------------------------
+
+ step 'I visit user "John Doe" page' do
+ visit user_path("john_doe")
+ end
+
+ # ----------------------------------------
# Group
# ----------------------------------------
diff --git a/features/steps/shared/project.rb b/features/steps/shared/project.rb
index 7360482d736..a6354aeaf86 100644
--- a/features/steps/shared/project.rb
+++ b/features/steps/shared/project.rb
@@ -65,4 +65,68 @@ module SharedProject
def current_project
@project ||= Project.first
end
+
+ # ----------------------------------------
+ # Visibility level
+ # ----------------------------------------
+
+ step 'private project "Enterprise"' do
+ create :project, name: 'Enterprise'
+ end
+
+ step 'I should see project "Enterprise"' do
+ page.should have_content "Enterprise"
+ end
+
+ step 'I should not see project "Enterprise"' do
+ page.should_not have_content "Enterprise"
+ end
+
+ step 'internal project "Internal"' do
+ create :project, name: 'Internal', visibility_level: Gitlab::VisibilityLevel::INTERNAL
+ end
+
+ step 'I should see project "Internal"' do
+ page.should have_content "Internal"
+ end
+
+ step 'I should not see project "Internal"' do
+ page.should_not have_content "Internal"
+ end
+
+ step 'public project "Community"' do
+ create :project, name: 'Community', visibility_level: Gitlab::VisibilityLevel::PUBLIC
+ end
+
+ step 'I should see project "Community"' do
+ page.should have_content "Community"
+ end
+
+ step 'I should not see project "Community"' do
+ page.should_not have_content "Community"
+ end
+
+ step '"John Doe" is authorized to private project "Enterprise"' do
+ user = User.find_by(name: "John Doe")
+ user ||= create(:user, name: "John Doe", username: "john_doe")
+ project = Project.find_by(name: "Enterprise")
+ project ||= create(:project, name: "Enterprise", namespace: user.namespace)
+ project.team << [user, :master]
+ end
+
+ step '"John Doe" is authorized to internal project "Internal"' do
+ user = User.find_by(name: "John Doe")
+ user ||= create(:user, name: "John Doe", username: "john_doe")
+ project = Project.find_by(name: "Internal")
+ project ||= create :project, name: 'Internal', visibility_level: Gitlab::VisibilityLevel::INTERNAL
+ project.team << [user, :master]
+ end
+
+ step '"John Doe" is authorized to public project "Community"' do
+ user = User.find_by(name: "John Doe")
+ user ||= create(:user, name: "John Doe", username: "john_doe")
+ project = Project.find_by(name: "Community")
+ project ||= create :project, name: 'Community', visibility_level: Gitlab::VisibilityLevel::PUBLIC
+ project.team << [user, :master]
+ end
end
diff --git a/features/steps/shared/user.rb b/features/steps/shared/user.rb
new file mode 100644
index 00000000000..a2bf069a114
--- /dev/null
+++ b/features/steps/shared/user.rb
@@ -0,0 +1,11 @@
+module SharedUser
+ include Spinach::DSL
+
+ step 'Create user "John Doe"' do
+ create(:user, name: "John Doe", username: "john_doe")
+ end
+
+ step 'I sign in as "John Doe"' do
+ login_with(User.find_by(name: "John Doe"))
+ end
+end
diff --git a/features/steps/user.rb b/features/steps/user.rb
new file mode 100644
index 00000000000..5fb248ffcbc
--- /dev/null
+++ b/features/steps/user.rb
@@ -0,0 +1,10 @@
+class Spinach::Features::User < Spinach::FeatureSteps
+ include SharedAuthentication
+ include SharedPaths
+ include SharedUser
+ include SharedProject
+
+ step 'I should see user "John Doe" page' do
+ expect(page.title).to match(/^\s*John Doe/)
+ end
+end
diff --git a/features/user.feature b/features/user.feature
new file mode 100644
index 00000000000..c1c1ddda52b
--- /dev/null
+++ b/features/user.feature
@@ -0,0 +1,69 @@
+Feature: User
+ Background:
+ Given Create user "John Doe"
+ And "John Doe" is authorized to private project "Enterprise"
+
+ # Signed out
+
+ Scenario: I visit user "John Doe" page while not signed in when he is authorized to a public project
+ Given "John Doe" is authorized to internal project "Internal"
+ And "John Doe" is authorized to public project "Community"
+ When I visit user "John Doe" page
+ Then I should see user "John Doe" page
+ And I should not see project "Enterprise"
+ And I should not see project "Internal"
+ And I should see project "Community"
+
+ Scenario: I visit user "John Doe" page while not signed in when he is not authorized to a public project
+ Given "John Doe" is authorized to internal project "Internal"
+ When I visit user "John Doe" page
+ Then I should be redirected to sign in page
+
+ # Signed in as someone else
+
+ Scenario: I visit user "John Doe" page while signed in as someone else when he is authorized to a public project
+ Given "John Doe" is authorized to public project "Community"
+ And "John Doe" is authorized to internal project "Internal"
+ And I sign in as a user
+ When I visit user "John Doe" page
+ Then I should see user "John Doe" page
+ And I should not see project "Enterprise"
+ And I should see project "Internal"
+ And I should see project "Community"
+
+ Scenario: I visit user "John Doe" page while signed in as someone else when he is not authorized to a public project
+ Given "John Doe" is authorized to internal project "Internal"
+ And I sign in as a user
+ When I visit user "John Doe" page
+ Then I should see user "John Doe" page
+ And I should not see project "Enterprise"
+ And I should see project "Internal"
+ And I should not see project "Community"
+
+ Scenario: I visit user "John Doe" page while signed in as someone else when he is not authorized to a project I can see
+ Given I sign in as a user
+ When I visit user "John Doe" page
+ Then I should see user "John Doe" page
+ And I should not see project "Enterprise"
+ And I should not see project "Internal"
+ And I should not see project "Community"
+
+ # Signed in as the user himself
+
+ Scenario: I visit user "John Doe" page while signed in as "John Doe" when he has a public project
+ Given "John Doe" is authorized to internal project "Internal"
+ And "John Doe" is authorized to public project "Community"
+ And I sign in as "John Doe"
+ When I visit user "John Doe" page
+ Then I should see user "John Doe" page
+ And I should see project "Enterprise"
+ And I should see project "Internal"
+ And I should see project "Community"
+
+ Scenario: I visit user "John Doe" page while signed in as "John Doe" when he has no public project
+ Given I sign in as "John Doe"
+ When I visit user "John Doe" page
+ Then I should see user "John Doe" page
+ And I should see project "Enterprise"
+ And I should not see project "Internal"
+ And I should not see project "Community"
View Lorry Controller Status