diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-02-24 19:37:13 +0000 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-02-24 19:37:13 +0000 |
| commit | 79dd7beebdfe2d729bfdc39ffaffc264a1a84f67 (patch) | |
| tree | 3e7dfcd0057598d9298b51186ea4c2a8e8ae9749 /spec/features | |
| parent | 86e25595c8766a41b31fef61c7bde6cf98826641 (diff) | |
| parent | 2f69213e3f32e2e4222f6335e790e2c778069014 (diff) | |
| download | gitlab-ce-79dd7beebdfe2d729bfdc39ffaffc264a1a84f67.tar.gz | |
Merge branch 'feature/public_groups' into 'master'
Public Groups
This is the initial work (meaning no tests) for making groups public if they have a public project (or internal for logged in users). This allows issues and merge requests to be viewed, but _not_ group membership. As part of this I have also added back the link in the public project title section (it was removed as it didn't make sense before).
This addesses the following suggestions/issues:
http://feedback.gitlab.com/forums/176466-general/suggestions/5314461-groups-containing-one-or-more-public-projects-shou
Issue #32
https://github.com/gitlabhq/gitlabhq/issues/5203
as well as a few closed issues.
This also changes the public user page to only show groups that are accessible to the user in some manner.
Diffstat (limited to 'spec/features')
| -rw-r--r-- | spec/features/security/group/group_access_spec.rb (renamed from spec/features/security/group_access_spec.rb) | 6 | ||||
| -rw-r--r-- | spec/features/security/group/internal_group_access_spec.rb | 87 | ||||
| -rw-r--r-- | spec/features/security/group/mixed_group_access_spec.rb | 88 | ||||
| -rw-r--r-- | spec/features/security/group/public_group_access_spec.rb | 87 |
4 files changed, 268 insertions, 0 deletions
diff --git a/spec/features/security/group_access_spec.rb b/spec/features/security/group/group_access_spec.rb index dea957962a8..7ef372c9199 100644 --- a/spec/features/security/group_access_spec.rb +++ b/spec/features/security/group/group_access_spec.rb @@ -14,6 +14,7 @@ describe "Group access" do let(:master) { create(:user) } let(:reporter) { create(:user) } let(:guest) { create(:user) } + let(:nonmember) { create(:user) } before do group.add_user(owner, Gitlab::Access::OWNER) @@ -21,6 +22,11 @@ describe "Group access" do group.add_user(reporter, Gitlab::Access::REPORTER) group.add_user(guest, Gitlab::Access::GUEST) end + + describe "Group should not have accessible projects" do + it { group.has_projects_accessible_to?(nil).should be_false } + it { group.has_projects_accessible_to?(nonmember).should be_false } + end describe "GET /groups/:path" do subject { group_path(group) } diff --git a/spec/features/security/group/internal_group_access_spec.rb b/spec/features/security/group/internal_group_access_spec.rb new file mode 100644 index 00000000000..26b05b667a9 --- /dev/null +++ b/spec/features/security/group/internal_group_access_spec.rb @@ -0,0 +1,87 @@ +require 'spec_helper' + +describe "Group with internal project access" do + describe "Group" do + let(:group) { create(:group) } + + let(:owner) { create(:owner) } + let(:master) { create(:user) } + let(:reporter) { create(:user) } + let(:guest) { create(:user) } + let(:nonmember) { create(:user) } + + before do + group.add_user(owner, Gitlab::Access::OWNER) + group.add_user(master, Gitlab::Access::MASTER) + group.add_user(reporter, Gitlab::Access::REPORTER) + group.add_user(guest, Gitlab::Access::GUEST) + + create(:project, group: group, visibility_level: Gitlab::VisibilityLevel::INTERNAL) + end + + describe "Group should have accessible projects for users" do + it { group.has_projects_accessible_to?(nil).should be_false } + it { group.has_projects_accessible_to?(nonmember).should be_true } + end + + describe "GET /groups/:path" do + subject { group_path(group) } + + it { should be_allowed_for owner } + it { should be_allowed_for master } + it { should be_allowed_for reporter } + it { should be_allowed_for :admin } + it { should be_allowed_for guest } + it { should be_allowed_for :user } + it { should be_denied_for :visitor } + end + + describe "GET /groups/:path/issues" do + subject { issues_group_path(group) } + + it { should be_allowed_for owner } + it { should be_allowed_for master } + it { should be_allowed_for reporter } + it { should be_allowed_for :admin } + it { should be_allowed_for guest } + it { should be_allowed_for :user } + it { should be_denied_for :visitor } + end + + describe "GET /groups/:path/merge_requests" do + subject { merge_requests_group_path(group) } + + it { should be_allowed_for owner } + it { should be_allowed_for master } + it { should be_allowed_for reporter } + it { should be_allowed_for :admin } + it { should be_allowed_for guest } + it { should be_allowed_for :user } + it { should be_denied_for :visitor } + end + + describe "GET /groups/:path/members" do + subject { members_group_path(group) } + + it { should be_allowed_for owner } + it { should be_allowed_for master } + it { should be_allowed_for reporter } + it { should be_allowed_for :admin } + it { should be_allowed_for guest } + it { should be_allowed_for :user } + it { should be_denied_for :visitor } + end + + describe "GET /groups/:path/edit" do + subject { edit_group_path(group) } + + it { should be_allowed_for owner } + it { should be_denied_for master } + it { should be_denied_for reporter } + it { should be_allowed_for :admin } + it { should be_denied_for guest } + it { should be_denied_for :user } + it { should be_denied_for :visitor } + end + end +end diff --git a/spec/features/security/group/mixed_group_access_spec.rb b/spec/features/security/group/mixed_group_access_spec.rb new file mode 100644 index 00000000000..9cae49157a4 --- /dev/null +++ b/spec/features/security/group/mixed_group_access_spec.rb @@ -0,0 +1,88 @@ +require 'spec_helper' + +describe "Group access" do + describe "Group" do + let(:group) { create(:group) } + + let(:owner) { create(:owner) } + let(:master) { create(:user) } + let(:reporter) { create(:user) } + let(:guest) { create(:user) } + let(:nonmember) { create(:user) } + + before do + group.add_user(owner, Gitlab::Access::OWNER) + group.add_user(master, Gitlab::Access::MASTER) + group.add_user(reporter, Gitlab::Access::REPORTER) + group.add_user(guest, Gitlab::Access::GUEST) + + create(:project, path: "internal_project", group: group, visibility_level: Gitlab::VisibilityLevel::INTERNAL) + create(:project, path: "public_project", group: group, visibility_level: Gitlab::VisibilityLevel::PUBLIC) + end + + describe "Group should have accessible projects" do + it { group.has_projects_accessible_to?(nil).should be_true } + it { group.has_projects_accessible_to?(nonmember).should be_true } + end + + describe "GET /groups/:path" do + subject { group_path(group) } + + it { should be_allowed_for owner } + it { should be_allowed_for master } + it { should be_allowed_for reporter } + it { should be_allowed_for :admin } + it { should be_allowed_for guest } + it { should be_allowed_for :user } + it { should be_allowed_for :visitor } + end + + describe "GET /groups/:path/issues" do + subject { issues_group_path(group) } + + it { should be_allowed_for owner } + it { should be_allowed_for master } + it { should be_allowed_for reporter } + it { should be_allowed_for :admin } + it { should be_allowed_for guest } + it { should be_allowed_for :user } + it { should be_allowed_for :visitor } + end + + describe "GET /groups/:path/merge_requests" do + subject { merge_requests_group_path(group) } + + it { should be_allowed_for owner } + it { should be_allowed_for master } + it { should be_allowed_for reporter } + it { should be_allowed_for :admin } + it { should be_allowed_for guest } + it { should be_allowed_for :user } + it { should be_allowed_for :visitor } + end + + describe "GET /groups/:path/members" do + subject { members_group_path(group) } + + it { should be_allowed_for owner } + it { should be_allowed_for master } + it { should be_allowed_for reporter } + it { should be_allowed_for :admin } + it { should be_allowed_for guest } + it { should be_allowed_for :user } + it { should be_allowed_for :visitor } + end + + describe "GET /groups/:path/edit" do + subject { edit_group_path(group) } + + it { should be_allowed_for owner } + it { should be_denied_for master } + it { should be_denied_for reporter } + it { should be_allowed_for :admin } + it { should be_denied_for guest } + it { should be_denied_for :user } + it { should be_denied_for :visitor } + end + end +end diff --git a/spec/features/security/group/public_group_access_spec.rb b/spec/features/security/group/public_group_access_spec.rb new file mode 100644 index 00000000000..d64be437b7a --- /dev/null +++ b/spec/features/security/group/public_group_access_spec.rb @@ -0,0 +1,87 @@ +require 'spec_helper' + +describe "Group with public project access" do + describe "Group" do + let(:group) { create(:group) } + + let(:owner) { create(:owner) } + let(:master) { create(:user) } + let(:reporter) { create(:user) } + let(:guest) { create(:user) } + let(:nonmember) { create(:user) } + + before do + group.add_user(owner, Gitlab::Access::OWNER) + group.add_user(master, Gitlab::Access::MASTER) + group.add_user(reporter, Gitlab::Access::REPORTER) + group.add_user(guest, Gitlab::Access::GUEST) + + create(:project, group: group, visibility_level: Gitlab::VisibilityLevel::PUBLIC) + end + + describe "Group should have accessible projects" do + it { group.has_projects_accessible_to?(nil).should be_true } + it { group.has_projects_accessible_to?(nonmember).should be_true } + end + + describe "GET /groups/:path" do + subject { group_path(group) } + + it { should be_allowed_for owner } + it { should be_allowed_for master } + it { should be_allowed_for reporter } + it { should be_allowed_for :admin } + it { should be_allowed_for guest } + it { should be_allowed_for :user } + it { should be_allowed_for :visitor } + end + + describe "GET /groups/:path/issues" do + subject { issues_group_path(group) } + + it { should be_allowed_for owner } + it { should be_allowed_for master } + it { should be_allowed_for reporter } + it { should be_allowed_for :admin } + it { should be_allowed_for guest } + it { should be_allowed_for :user } + it { should be_allowed_for :visitor } + end + + describe "GET /groups/:path/merge_requests" do + subject { merge_requests_group_path(group) } + + it { should be_allowed_for owner } + it { should be_allowed_for master } + it { should be_allowed_for reporter } + it { should be_allowed_for :admin } + it { should be_allowed_for guest } + it { should be_allowed_for :user } + it { should be_allowed_for :visitor } + end + + describe "GET /groups/:path/members" do + subject { members_group_path(group) } + + it { should be_allowed_for owner } + it { should be_allowed_for master } + it { should be_allowed_for reporter } + it { should be_allowed_for :admin } + it { should be_allowed_for guest } + it { should be_allowed_for :user } + it { should be_allowed_for :visitor } + end + + describe "GET /groups/:path/edit" do + subject { edit_group_path(group) } + + it { should be_allowed_for owner } + it { should be_denied_for master } + it { should be_denied_for reporter } + it { should be_allowed_for :admin } + it { should be_denied_for guest } + it { should be_denied_for :user } + it { should be_denied_for :visitor } + end + end +end |