From b5b448934563b0b3237b6b2e6e168c012b012097 Mon Sep 17 00:00:00 2001
From: Mark Fletcher <mark@gitlab.com>
Date: Mon, 2 Jan 2017 20:51:57 +0000
Subject: Don't show links to tag a commit for non permitted users

* Show tag link for users that can push code
* Don't show tag link for guests and non-authenticated users
---
 app/views/projects/commit/_commit_box.html.haml    |  5 ++--
 .../26188-tag-creation-404-for-guests.yml          |  4 ++++
 .../projects/commit/_commit_box.html.haml_spec.rb  | 28 ++++++++++++++++++++++
 3 files changed, 35 insertions(+), 2 deletions(-)
 create mode 100644 changelogs/unreleased/26188-tag-creation-404-for-guests.yml

diff --git a/app/views/projects/commit/_commit_box.html.haml b/app/views/projects/commit/_commit_box.html.haml
index 4d0b7a5ca85..d001e01609a 100644
--- a/app/views/projects/commit/_commit_box.html.haml
+++ b/app/views/projects/commit/_commit_box.html.haml
@@ -34,8 +34,9 @@
             = revert_commit_link(@commit, namespace_project_commit_path(@project.namespace, @project, @commit.id), has_tooltip: false)
         %li.clearfix
           = cherry_pick_commit_link(@commit, namespace_project_commit_path(@project.namespace, @project, @commit.id), has_tooltip: false)
-        %li.clearfix
-          = link_to "Tag", new_namespace_project_tag_path(@project.namespace, @project, ref: @commit)
+        - if can_collaborate_with_project?
+          %li.clearfix
+            = link_to "Tag", new_namespace_project_tag_path(@project.namespace, @project, ref: @commit)
         %li.divider
         %li.dropdown-header
           Download
diff --git a/changelogs/unreleased/26188-tag-creation-404-for-guests.yml b/changelogs/unreleased/26188-tag-creation-404-for-guests.yml
new file mode 100644
index 00000000000..fb00d46ea1f
--- /dev/null
+++ b/changelogs/unreleased/26188-tag-creation-404-for-guests.yml
@@ -0,0 +1,4 @@
+---
+title: Don't show links to tag a commit for users that are not permitted
+merge_request: 8407
+author:
diff --git a/spec/views/projects/commit/_commit_box.html.haml_spec.rb b/spec/views/projects/commit/_commit_box.html.haml_spec.rb
index e741e3cf9b6..f2919f20e85 100644
--- a/spec/views/projects/commit/_commit_box.html.haml_spec.rb
+++ b/spec/views/projects/commit/_commit_box.html.haml_spec.rb
@@ -3,11 +3,13 @@ require 'spec_helper'
 describe 'projects/commit/_commit_box.html.haml' do
   include Devise::Test::ControllerHelpers
 
+  let(:user) { create(:user) }
   let(:project) { create(:project) }
 
   before do
     assign(:project, project)
     assign(:commit, project.commit)
+    allow(view).to receive(:can_collaborate_with_project?).and_return(false)
   end
 
   it 'shows the commit SHA' do
@@ -25,4 +27,30 @@ describe 'projects/commit/_commit_box.html.haml' do
 
     expect(rendered).to have_text("Pipeline ##{third_pipeline.id} for #{Commit.truncate_sha(project.commit.sha)} failed")
   end
+
+  context 'viewing a commit' do
+    context 'as a developer' do
+      before do
+        expect(view).to receive(:can_collaborate_with_project?).and_return(true)
+      end
+
+      it 'has a link to create a new tag' do
+        render
+
+        expect(rendered).to have_link('Tag')
+      end
+    end
+
+    context 'as a non-developer' do
+      before do
+        expect(view).to receive(:can_collaborate_with_project?).and_return(false)
+      end
+
+      it 'does not have a link to create a new tag' do
+        render
+
+        expect(rendered).not_to have_link('Tag')
+      end
+    end
+  end
 end
-- 
cgit v1.2.1