diff options
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | app/models/ability.rb | 2 | ||||
-rw-r--r-- | features/snippets/snippets.feature | 13 | ||||
-rw-r--r-- | features/steps/shared/authentication.rb | 4 | ||||
-rw-r--r-- | features/steps/snippets/snippets.rb | 20 | ||||
-rw-r--r-- | spec/support/login_helpers.rb | 5 |
6 files changed, 43 insertions, 2 deletions
diff --git a/CHANGELOG b/CHANGELOG index 2d03cd1d763..9453f315325 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -10,6 +10,7 @@ v 7.13.0 (unreleased) - Update ssl_ciphers in Nginx example to remove DHE settings. This will deny forward secrecy for Android 2.3.7, Java 6 and OpenSSL 0.9.8 v 7.12.0 (unreleased) + - Fix Error 500 when one user attempts to access a personal, internal snippet (Stan Hu) - Fix post-receive errors on a push when an external issue tracker is configured (Stan Hu) - Update oauth button logos for Twitter and Google to recommended assets - Fix hooks for web based events with external issue references (Daniel Gerhardt) diff --git a/app/models/ability.rb b/app/models/ability.rb index bcd2adee00b..a5db22040e0 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -263,7 +263,7 @@ class Ability :"modify_#{name}", ] else - if subject.respond_to?(:project) + if subject.respond_to?(:project) && subject.project project_abilities(user, subject.project) else [] diff --git a/features/snippets/snippets.feature b/features/snippets/snippets.feature index 6e8019c326f..4f617b6bed8 100644 --- a/features/snippets/snippets.feature +++ b/features/snippets/snippets.feature @@ -25,4 +25,15 @@ Feature: Snippets Scenario: I destroy "Personal snippet one" Given I visit snippet page "Personal snippet one" And I click link "Destroy" - Then I should not see "Personal snippet one" in snippets
\ No newline at end of file + Then I should not see "Personal snippet one" in snippets + + Scenario: I create new internal snippet + Given I logout directly + And I sign in as an admin + Then I visit new snippet page + And I submit new internal snippet + Then I visit snippet page "Internal personal snippet one" + And I logout directly + Then I sign in as a user + Given I visit new snippet page + Then I visit snippet page "Internal personal snippet one" diff --git a/features/steps/shared/authentication.rb b/features/steps/shared/authentication.rb index 3c0f2a9406a..735e0ef6108 100644 --- a/features/steps/shared/authentication.rb +++ b/features/steps/shared/authentication.rb @@ -28,6 +28,10 @@ module SharedAuthentication logout end + step "I logout directly" do + logout_direct + end + def current_user @user || User.first end diff --git a/features/steps/snippets/snippets.rb b/features/steps/snippets/snippets.rb index 09fdd1b5a13..426da2918ea 100644 --- a/features/steps/snippets/snippets.rb +++ b/features/steps/snippets/snippets.rb @@ -31,6 +31,18 @@ class Spinach::Features::Snippets < Spinach::FeatureSteps click_button "Create snippet" end + step 'I submit new internal snippet' do + fill_in "personal_snippet_title", :with => "Internal personal snippet one" + fill_in "personal_snippet_file_name", :with => "my_snippet.rb" + choose 'personal_snippet_visibility_level_10' + + page.within('.file-editor') do + find(:xpath, "//input[@id='personal_snippet_content']").set 'Content of internal snippet' + end + + click_button "Create snippet" + end + step 'I should see snippet "Personal snippet three"' do expect(page).to have_content "Personal snippet three" expect(page).to have_content "Content of snippet three" @@ -58,7 +70,15 @@ class Spinach::Features::Snippets < Spinach::FeatureSteps visit snippet_path(snippet) end + step 'I visit snippet page "Internal personal snippet one"' do + visit snippet_path(internal_snippet) + end + def snippet @snippet ||= PersonalSnippet.find_by!(title: "Personal snippet one") end + + def internal_snippet + @snippet ||= PersonalSnippet.find_by!(title: "Internal personal snippet one") + end end diff --git a/spec/support/login_helpers.rb b/spec/support/login_helpers.rb index 1bd68552012..ffe30a4246c 100644 --- a/spec/support/login_helpers.rb +++ b/spec/support/login_helpers.rb @@ -39,4 +39,9 @@ module LoginHelpers def logout find(:css, ".fa.fa-sign-out").click end + + # Logout without JavaScript driver + def logout_direct + page.driver.submit :delete, '/users/sign_out', {} + end end |