diff options
author | Ciro Santillli <ciro.santilli@gmail.com> | 2014-01-27 15:53:59 +0100 |
---|---|---|
committer | Ciro Santillli <ciro.santilli@gmail.com> | 2014-02-11 15:45:30 +0100 |
commit | 91571c078dee6297a17afecb6dc071ce882c82be (patch) | |
tree | d57688b9653182beaa345e6cabe11b50e4dfabee /features | |
parent | 1284f21c073e42c44b9faa7b0ad1ec90b66ca8fb (diff) | |
download | gitlab-ce-91571c078dee6297a17afecb6dc071ce882c82be.tar.gz |
User pages are visible to users without login
... if the user is authorized to at least one public project.
Diffstat (limited to 'features')
-rw-r--r-- | features/admin/groups.feature | 6 | ||||
-rw-r--r-- | features/group/group.feature | 6 | ||||
-rw-r--r-- | features/steps/admin/admin_groups.rb | 13 | ||||
-rw-r--r-- | features/steps/group/group.rb | 13 | ||||
-rw-r--r-- | features/steps/public/projects_feature.rb | 32 | ||||
-rw-r--r-- | features/steps/shared/paths.rb | 8 | ||||
-rw-r--r-- | features/steps/shared/project.rb | 64 | ||||
-rw-r--r-- | features/steps/shared/user.rb | 11 | ||||
-rw-r--r-- | features/steps/user.rb | 10 | ||||
-rw-r--r-- | features/user.feature | 69 |
10 files changed, 180 insertions, 52 deletions
diff --git a/features/admin/groups.feature b/features/admin/groups.feature index 6fed9a34869..7741307f178 100644 --- a/features/admin/groups.feature +++ b/features/admin/groups.feature @@ -2,7 +2,7 @@ Feature: Admin Groups Background: Given I sign in as an admin And I have group with projects - And Create gitlab user "John" + And Create user "John Doe" And I visit admin groups page Scenario: See group list @@ -17,5 +17,5 @@ Feature: Admin Groups @javascript Scenario: Add user into projects in group When I visit admin group page - When I select user "John" from user list as "Reporter" - Then I should see "John" in team list in every project as "Reporter" + When I select user "John Doe" from user list as "Reporter" + Then I should see "John Doe" in team list in every project as "Reporter" diff --git a/features/group/group.feature b/features/group/group.feature index ca3e67d2c1d..6177263e477 100644 --- a/features/group/group.feature +++ b/features/group/group.feature @@ -21,10 +21,10 @@ Feature: Groups @javascript Scenario: I should add user to projects in Group - Given I have new user "John" + Given Create user "John Doe" When I visit group members page - And I select user "John" from list with role "Reporter" - Then I should see user "John" in team list + And I select user "John Doe" from list with role "Reporter" + Then I should see user "John Doe" in team list Scenario: I should see edit group page When I visit group settings page diff --git a/features/steps/admin/admin_groups.rb b/features/steps/admin/admin_groups.rb index 013fa6da8b4..9c1bcfefb9c 100644 --- a/features/steps/admin/admin_groups.rb +++ b/features/steps/admin/admin_groups.rb @@ -1,6 +1,7 @@ class AdminGroups < Spinach::FeatureSteps include SharedAuthentication include SharedPaths + include SharedUser include SharedActiveTab include Select2Helper @@ -20,10 +21,6 @@ class AdminGroups < Spinach::FeatureSteps @project.team << [current_user, :master] end - And 'Create gitlab user "John"' do - create(:user, name: "John") - end - And 'submit form with new group info' do fill_in 'group_name', with: 'gitlab' fill_in 'group_description', with: 'Group description' @@ -39,8 +36,8 @@ class AdminGroups < Spinach::FeatureSteps current_path.should == admin_group_path(Group.last) end - When 'I select user "John" from user list as "Reporter"' do - user = User.find_by(name: "John") + When 'I select user "John Doe" from user list as "Reporter"' do + user = User.find_by(name: "John Doe") select2(user.id, from: "#user_ids", multiple: true) within "#new_team_member" do select "Reporter", from: "group_access" @@ -48,9 +45,9 @@ class AdminGroups < Spinach::FeatureSteps click_button "Add users into group" end - Then 'I should see "John" in team list in every project as "Reporter"' do + Then 'I should see "John Doe" in team list in every project as "Reporter"' do within ".group-users-list" do - page.should have_content "John" + page.should have_content "John Doe" page.should have_content "Reporter" end end diff --git a/features/steps/group/group.rb b/features/steps/group/group.rb index 0b0f401c3ba..686f683314a 100644 --- a/features/steps/group/group.rb +++ b/features/steps/group/group.rb @@ -1,6 +1,7 @@ class Groups < Spinach::FeatureSteps include SharedAuthentication include SharedPaths + include SharedUser include Select2Helper Then 'I should see projects list' do @@ -34,12 +35,8 @@ class Groups < Spinach::FeatureSteps end end - Given 'I have new user "John"' do - create(:user, name: "John") - end - - And 'I select user "John" from list with role "Reporter"' do - user = User.find_by(name: "John") + And 'I select user "John Doe" from list with role "Reporter"' do + user = User.find_by(name: "John Doe") within ".users-group-form" do select2(user.id, from: "#user_ids", multiple: true) select "Reporter", from: "group_access" @@ -47,9 +44,9 @@ class Groups < Spinach::FeatureSteps click_button "Add users into group" end - Then 'I should see user "John" in team list' do + Then 'I should see user "John Doe" in team list' do projects_with_access = find(".ui-box .well-list") - projects_with_access.should have_content("John") + projects_with_access.should have_content("John Doe") end Given 'project from group has issues assigned to me' do diff --git a/features/steps/public/projects_feature.rb b/features/steps/public/projects_feature.rb index 84a5ebbf7a7..eb1d235f435 100644 --- a/features/steps/public/projects_feature.rb +++ b/features/steps/public/projects_feature.rb @@ -3,12 +3,8 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps include SharedPaths include SharedProject - step 'I should see project "Community"' do - page.should have_content "Community" - end - - step 'I should not see project "Enterprise"' do - page.should_not have_content "Enterprise" + step 'public empty project "Empty Public Project"' do + create :empty_project, name: 'Empty Public Project', visibility_level: Gitlab::VisibilityLevel::PUBLIC end step 'I should see project "Empty Public Project"' do @@ -24,14 +20,6 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps page.should have_content 'README.md' end - step 'public project "Community"' do - create :project, name: 'Community', visibility_level: Gitlab::VisibilityLevel::PUBLIC - end - - step 'public empty project "Empty Public Project"' do - create :empty_project, name: 'Empty Public Project', visibility_level: Gitlab::VisibilityLevel::PUBLIC - end - step 'I visit empty project page' do project = Project.find_by(name: 'Empty Public Project') visit project_path(project) @@ -60,10 +48,6 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps end end - step 'private project "Enterprise"' do - create :project, name: 'Enterprise' - end - step 'I visit project "Enterprise" page' do project = Project.find_by(name: 'Enterprise') visit project_path(project) @@ -75,18 +59,6 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps end end - step 'internal project "Internal"' do - create :project, name: 'Internal', visibility_level: Gitlab::VisibilityLevel::INTERNAL - end - - step 'I should see project "Internal"' do - page.should have_content "Internal" - end - - step 'I should not see project "Internal"' do - page.should_not have_content "Internal" - end - step 'I visit project "Internal" page' do project = Project.find_by(name: 'Internal') visit project_path(project) diff --git a/features/steps/shared/paths.rb b/features/steps/shared/paths.rb index d287121bb84..c1aafc183dc 100644 --- a/features/steps/shared/paths.rb +++ b/features/steps/shared/paths.rb @@ -6,6 +6,14 @@ module SharedPaths end # ---------------------------------------- + # User + # ---------------------------------------- + + step 'I visit user "John Doe" page' do + visit user_path("john_doe") + end + + # ---------------------------------------- # Group # ---------------------------------------- diff --git a/features/steps/shared/project.rb b/features/steps/shared/project.rb index 7360482d736..a6354aeaf86 100644 --- a/features/steps/shared/project.rb +++ b/features/steps/shared/project.rb @@ -65,4 +65,68 @@ module SharedProject def current_project @project ||= Project.first end + + # ---------------------------------------- + # Visibility level + # ---------------------------------------- + + step 'private project "Enterprise"' do + create :project, name: 'Enterprise' + end + + step 'I should see project "Enterprise"' do + page.should have_content "Enterprise" + end + + step 'I should not see project "Enterprise"' do + page.should_not have_content "Enterprise" + end + + step 'internal project "Internal"' do + create :project, name: 'Internal', visibility_level: Gitlab::VisibilityLevel::INTERNAL + end + + step 'I should see project "Internal"' do + page.should have_content "Internal" + end + + step 'I should not see project "Internal"' do + page.should_not have_content "Internal" + end + + step 'public project "Community"' do + create :project, name: 'Community', visibility_level: Gitlab::VisibilityLevel::PUBLIC + end + + step 'I should see project "Community"' do + page.should have_content "Community" + end + + step 'I should not see project "Community"' do + page.should_not have_content "Community" + end + + step '"John Doe" is authorized to private project "Enterprise"' do + user = User.find_by(name: "John Doe") + user ||= create(:user, name: "John Doe", username: "john_doe") + project = Project.find_by(name: "Enterprise") + project ||= create(:project, name: "Enterprise", namespace: user.namespace) + project.team << [user, :master] + end + + step '"John Doe" is authorized to internal project "Internal"' do + user = User.find_by(name: "John Doe") + user ||= create(:user, name: "John Doe", username: "john_doe") + project = Project.find_by(name: "Internal") + project ||= create :project, name: 'Internal', visibility_level: Gitlab::VisibilityLevel::INTERNAL + project.team << [user, :master] + end + + step '"John Doe" is authorized to public project "Community"' do + user = User.find_by(name: "John Doe") + user ||= create(:user, name: "John Doe", username: "john_doe") + project = Project.find_by(name: "Community") + project ||= create :project, name: 'Community', visibility_level: Gitlab::VisibilityLevel::PUBLIC + project.team << [user, :master] + end end diff --git a/features/steps/shared/user.rb b/features/steps/shared/user.rb new file mode 100644 index 00000000000..a2bf069a114 --- /dev/null +++ b/features/steps/shared/user.rb @@ -0,0 +1,11 @@ +module SharedUser + include Spinach::DSL + + step 'Create user "John Doe"' do + create(:user, name: "John Doe", username: "john_doe") + end + + step 'I sign in as "John Doe"' do + login_with(User.find_by(name: "John Doe")) + end +end diff --git a/features/steps/user.rb b/features/steps/user.rb new file mode 100644 index 00000000000..5fb248ffcbc --- /dev/null +++ b/features/steps/user.rb @@ -0,0 +1,10 @@ +class Spinach::Features::User < Spinach::FeatureSteps + include SharedAuthentication + include SharedPaths + include SharedUser + include SharedProject + + step 'I should see user "John Doe" page' do + expect(page.title).to match(/^\s*John Doe/) + end +end diff --git a/features/user.feature b/features/user.feature new file mode 100644 index 00000000000..c1c1ddda52b --- /dev/null +++ b/features/user.feature @@ -0,0 +1,69 @@ +Feature: User + Background: + Given Create user "John Doe" + And "John Doe" is authorized to private project "Enterprise" + + # Signed out + + Scenario: I visit user "John Doe" page while not signed in when he is authorized to a public project + Given "John Doe" is authorized to internal project "Internal" + And "John Doe" is authorized to public project "Community" + When I visit user "John Doe" page + Then I should see user "John Doe" page + And I should not see project "Enterprise" + And I should not see project "Internal" + And I should see project "Community" + + Scenario: I visit user "John Doe" page while not signed in when he is not authorized to a public project + Given "John Doe" is authorized to internal project "Internal" + When I visit user "John Doe" page + Then I should be redirected to sign in page + + # Signed in as someone else + + Scenario: I visit user "John Doe" page while signed in as someone else when he is authorized to a public project + Given "John Doe" is authorized to public project "Community" + And "John Doe" is authorized to internal project "Internal" + And I sign in as a user + When I visit user "John Doe" page + Then I should see user "John Doe" page + And I should not see project "Enterprise" + And I should see project "Internal" + And I should see project "Community" + + Scenario: I visit user "John Doe" page while signed in as someone else when he is not authorized to a public project + Given "John Doe" is authorized to internal project "Internal" + And I sign in as a user + When I visit user "John Doe" page + Then I should see user "John Doe" page + And I should not see project "Enterprise" + And I should see project "Internal" + And I should not see project "Community" + + Scenario: I visit user "John Doe" page while signed in as someone else when he is not authorized to a project I can see + Given I sign in as a user + When I visit user "John Doe" page + Then I should see user "John Doe" page + And I should not see project "Enterprise" + And I should not see project "Internal" + And I should not see project "Community" + + # Signed in as the user himself + + Scenario: I visit user "John Doe" page while signed in as "John Doe" when he has a public project + Given "John Doe" is authorized to internal project "Internal" + And "John Doe" is authorized to public project "Community" + And I sign in as "John Doe" + When I visit user "John Doe" page + Then I should see user "John Doe" page + And I should see project "Enterprise" + And I should see project "Internal" + And I should see project "Community" + + Scenario: I visit user "John Doe" page while signed in as "John Doe" when he has no public project + Given I sign in as "John Doe" + When I visit user "John Doe" page + Then I should see user "John Doe" page + And I should see project "Enterprise" + And I should not see project "Internal" + And I should not see project "Community" |