summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG1
-rw-r--r--app/models/ability.rb2
-rw-r--r--features/snippets/snippets.feature13
-rw-r--r--features/steps/shared/authentication.rb4
-rw-r--r--features/steps/snippets/snippets.rb20
-rw-r--r--spec/support/login_helpers.rb5
6 files changed, 43 insertions, 2 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 2d03cd1d763..9453f315325 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -10,6 +10,7 @@ v 7.13.0 (unreleased)
- Update ssl_ciphers in Nginx example to remove DHE settings. This will deny forward secrecy for Android 2.3.7, Java 6 and OpenSSL 0.9.8
v 7.12.0 (unreleased)
+ - Fix Error 500 when one user attempts to access a personal, internal snippet (Stan Hu)
- Fix post-receive errors on a push when an external issue tracker is configured (Stan Hu)
- Update oauth button logos for Twitter and Google to recommended assets
- Fix hooks for web based events with external issue references (Daniel Gerhardt)
diff --git a/app/models/ability.rb b/app/models/ability.rb
index bcd2adee00b..a5db22040e0 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -263,7 +263,7 @@ class Ability
:"modify_#{name}",
]
else
- if subject.respond_to?(:project)
+ if subject.respond_to?(:project) && subject.project
project_abilities(user, subject.project)
else
[]
diff --git a/features/snippets/snippets.feature b/features/snippets/snippets.feature
index 6e8019c326f..4f617b6bed8 100644
--- a/features/snippets/snippets.feature
+++ b/features/snippets/snippets.feature
@@ -25,4 +25,15 @@ Feature: Snippets
Scenario: I destroy "Personal snippet one"
Given I visit snippet page "Personal snippet one"
And I click link "Destroy"
- Then I should not see "Personal snippet one" in snippets \ No newline at end of file
+ Then I should not see "Personal snippet one" in snippets
+
+ Scenario: I create new internal snippet
+ Given I logout directly
+ And I sign in as an admin
+ Then I visit new snippet page
+ And I submit new internal snippet
+ Then I visit snippet page "Internal personal snippet one"
+ And I logout directly
+ Then I sign in as a user
+ Given I visit new snippet page
+ Then I visit snippet page "Internal personal snippet one"
diff --git a/features/steps/shared/authentication.rb b/features/steps/shared/authentication.rb
index 3c0f2a9406a..735e0ef6108 100644
--- a/features/steps/shared/authentication.rb
+++ b/features/steps/shared/authentication.rb
@@ -28,6 +28,10 @@ module SharedAuthentication
logout
end
+ step "I logout directly" do
+ logout_direct
+ end
+
def current_user
@user || User.first
end
diff --git a/features/steps/snippets/snippets.rb b/features/steps/snippets/snippets.rb
index 09fdd1b5a13..426da2918ea 100644
--- a/features/steps/snippets/snippets.rb
+++ b/features/steps/snippets/snippets.rb
@@ -31,6 +31,18 @@ class Spinach::Features::Snippets < Spinach::FeatureSteps
click_button "Create snippet"
end
+ step 'I submit new internal snippet' do
+ fill_in "personal_snippet_title", :with => "Internal personal snippet one"
+ fill_in "personal_snippet_file_name", :with => "my_snippet.rb"
+ choose 'personal_snippet_visibility_level_10'
+
+ page.within('.file-editor') do
+ find(:xpath, "//input[@id='personal_snippet_content']").set 'Content of internal snippet'
+ end
+
+ click_button "Create snippet"
+ end
+
step 'I should see snippet "Personal snippet three"' do
expect(page).to have_content "Personal snippet three"
expect(page).to have_content "Content of snippet three"
@@ -58,7 +70,15 @@ class Spinach::Features::Snippets < Spinach::FeatureSteps
visit snippet_path(snippet)
end
+ step 'I visit snippet page "Internal personal snippet one"' do
+ visit snippet_path(internal_snippet)
+ end
+
def snippet
@snippet ||= PersonalSnippet.find_by!(title: "Personal snippet one")
end
+
+ def internal_snippet
+ @snippet ||= PersonalSnippet.find_by!(title: "Internal personal snippet one")
+ end
end
diff --git a/spec/support/login_helpers.rb b/spec/support/login_helpers.rb
index 1bd68552012..ffe30a4246c 100644
--- a/spec/support/login_helpers.rb
+++ b/spec/support/login_helpers.rb
@@ -39,4 +39,9 @@ module LoginHelpers
def logout
find(:css, ".fa.fa-sign-out").click
end
+
+ # Logout without JavaScript driver
+ def logout_direct
+ page.driver.submit :delete, '/users/sign_out', {}
+ end
end