Allow access to groups with public projects.

Fixed Group avatars to only display when user has read
permissions to at least one project in the group.

2 files changed, 211 insertions, 0 deletions

diff --git a/features/public/public_groups.feature b/features/public/public_groups.feature
new file mode 100644
index 00000000000..7f1ec718e35
--- /dev/null
+++ b/features/public/public_groups.feature
@@ -0,0 +1,118 @@
+Feature: Public Projects Feature
+  Background:
+    Given group "TestGroup" has private project "Enterprise"
+
+  Scenario: I should not see group with private projects as visitor
+    When I visit group "TestGroup" page
+    Then I should be redirected to sign in page
+
+  Scenario: I should not see group with private projects group as user
+    When I sign in as a user
+    And I visit group "TestGroup" page
+    Then page status code should be 404
+
+  Scenario: I should not see group with private and internal projects as visitor
+    Given group "TestGroup" has internal project "Internal"
+    When I visit group "TestGroup" page
+    Then I should be redirected to sign in page
+
+  Scenario: I should see group with private and internal projects as user
+    Given group "TestGroup" has internal project "Internal"
+    When I sign in as a user
+    And I visit group "TestGroup" page
+    Then I should see project "Internal" items
+    And I should not see project "Enterprise" items
+
+  Scenario: I should see group issues for internal project as user
+    Given group "TestGroup" has internal project "Internal"
+    When I sign in as a user
+    And I visit group "TestGroup" issues page
+    And I change filter to Everyone's
+    Then I should see project "Internal" items
+    And I should not see project "Enterprise" items
+
+  Scenario: I should see group merge requests for internal project as user
+    Given group "TestGroup" has internal project "Internal"
+    When I sign in as a user
+    And I visit group "TestGroup" merge requests page
+    And I change filter to Everyone's
+    Then I should see project "Internal" items
+    And I should not see project "Enterprise" items
+
+  Scenario: I should see group's members as user
+    Given group "TestGroup" has internal project "Internal"
+    And "John Doe" is owner of group "TestGroup"
+    When I sign in as a user
+    And I visit group "TestGroup" members page
+    Then I should see group member "John Doe"
+    And I should not see member roles
+
+  Scenario: I should see group with private, internal and public projects as visitor
+    Given group "TestGroup" has internal project "Internal"
+    Given group "TestGroup" has public project "Community"
+    When I visit group "TestGroup" page
+    Then I should see project "Community" items
+    And I should not see project "Internal" items
+    And I should not see project "Enterprise" items
+
+  Scenario: I should see group issues for public project as visitor
+    Given group "TestGroup" has internal project "Internal"
+    Given group "TestGroup" has public project "Community"
+    When I visit group "TestGroup" issues page
+    Then I should see project "Community" items
+    And I should not see project "Internal" items
+    And I should not see project "Enterprise" items
+
+  Scenario: I should see group merge requests for public project as visitor
+    Given group "TestGroup" has internal project "Internal"
+    Given group "TestGroup" has public project "Community"
+    When I visit group "TestGroup" merge requests page
+    Then I should see project "Community" items
+    And I should not see project "Internal" items
+    And I should not see project "Enterprise" items
+
+  Scenario: I should see group's members as visitor
+    Given group "TestGroup" has internal project "Internal"
+    Given group "TestGroup" has public project "Community"
+    And "John Doe" is owner of group "TestGroup"
+    When I visit group "TestGroup" members page
+    Then I should see group member "John Doe"
+    And I should not see member roles
+
+  Scenario: I should see group with private, internal and public projects as user
+    Given group "TestGroup" has internal project "Internal"
+    Given group "TestGroup" has public project "Community"
+    When I sign in as a user
+    And I visit group "TestGroup" page
+    Then I should see project "Community" items
+    And I should see project "Internal" items
+    And I should not see project "Enterprise" items
+
+  Scenario: I should see group issues for internal and public projects as user
+    Given group "TestGroup" has internal project "Internal"
+    Given group "TestGroup" has public project "Community"
+    When I sign in as a user
+    And I visit group "TestGroup" issues page
+    And I change filter to Everyone's
+    Then I should see project "Community" items
+    And I should see project "Internal" items
+    And I should not see project "Enterprise" items
+
+  Scenario: I should see group merge requests for internal and public projects as user
+    Given group "TestGroup" has internal project "Internal"
+    Given group "TestGroup" has public project "Community"
+    When I sign in as a user
+    And I visit group "TestGroup" merge requests page
+    And I change filter to Everyone's
+    Then I should see project "Community" items
+    And I should see project "Internal" items
+    And I should not see project "Enterprise" items
+
+  Scenario: I should see group's members as user
+    Given group "TestGroup" has internal project "Internal"
+    Given group "TestGroup" has public project "Community"
+    And "John Doe" is owner of group "TestGroup"
+    When I sign in as a user
+    And I visit group "TestGroup" members page
+    Then I should see group member "John Doe"
+    And I should not see member roles
diff --git a/features/steps/public/groups_feature.rb b/features/steps/public/groups_feature.rb
new file mode 100644
index 00000000000..015deca5427
--- /dev/null
+++ b/features/steps/public/groups_feature.rb
@@ -0,0 +1,93 @@
+class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps
+  include SharedAuthentication
+  include SharedPaths
+  include SharedGroup
+  include SharedProject
+
+  step 'group "TestGroup" has private project "Enterprise"' do
+    group_has_project("TestGroup", "Enterprise", Gitlab::VisibilityLevel::PRIVATE)
+  end
+
+  step 'group "TestGroup" has internal project "Internal"' do
+    group_has_project("TestGroup", "Internal", Gitlab::VisibilityLevel::INTERNAL)
+  end
+
+  step 'group "TestGroup" has public project "Community"' do
+    group_has_project("TestGroup", "Community", Gitlab::VisibilityLevel::PUBLIC)
+  end
+  
+  step '"John Doe" is owner of group "TestGroup"' do
+    group = Group.find_by(name: "TestGroup") || create(:group, name: "TestGroup")
+    user = create(:user, name: "John Doe")
+    group.add_user(user, Gitlab::Access::OWNER)
+  end
+
+  step 'I visit group "TestGroup" page' do
+    visit group_path(Group.find_by(name: "TestGroup"))
+  end
+
+  step 'I visit group "TestGroup" issues page' do
+    visit issues_group_path(Group.find_by(name: "TestGroup"))
+  end
+
+  step 'I visit group "TestGroup" merge requests page' do
+    visit merge_requests_group_path(Group.find_by(name: "TestGroup"))
+  end
+
+  step 'I visit group "TestGroup" members page' do
+    visit members_group_path(Group.find_by(name: "TestGroup"))
+  end
+  
+  step 'I should not see project "Enterprise" items' do
+    page.should_not have_content "Enterprise"
+  end
+  
+  step 'I should see project "Internal" items' do
+    page.should have_content "Internal"
+  end
+  
+  step 'I should not see project "Internal" items' do
+    page.should_not have_content "Internal"
+  end
+  
+  step 'I should see project "Community" items' do
+    page.should have_content "Community"
+  end
+  
+  step 'I change filter to Everyone\'s' do
+    click_link "Everyone's"
+  end
+  
+  step 'I should see group member "John Doe"' do
+    page.should have_content "John Doe"
+  end
+  
+  step 'I should not see member roles' do
+    page.body.should_not match(%r{owner|developer|reporter|guest}i)
+  end
+
+  protected
+
+  def group_has_project(groupname, projectname, visibility_level)
+    group = Group.find_by(name: groupname) || create(:group, name: groupname)
+    project = create(:project,
+      namespace: group,
+      name: projectname,
+      path: "#{groupname}-#{projectname}",
+      visibility_level: visibility_level
+    )
+    create(:issue,
+      title: "#{projectname} feature",
+      project: project
+    )
+    create(:merge_request,
+      title: "#{projectname} feature implemented",
+      source_project: project,
+      target_project: project
+    )
+    create(:closed_issue_event,
+      project: project
+    )
+  end
+end
+