Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
617f43c7
Commit
617f43c7
authored
Oct 13, 2016
by
Z.J. van de Weg
Committed by
Z.J. van de Weg
Dec 04, 2016
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Guests can read builds if those are public
Fixes #18448
parent
bd674591
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
95 additions
and
10 deletions
+95
-10
app/policies/ci/build_policy.rb
app/policies/ci/build_policy.rb
+2
-0
app/policies/project_policy.rb
app/policies/project_policy.rb
+5
-0
changelogs/unreleased/zj-guest-reads-public-builds.yml
changelogs/unreleased/zj-guest-reads-public-builds.yml
+4
-0
spec/features/projects/guest_navigation_menu_spec.rb
spec/features/projects/guest_navigation_menu_spec.rb
+2
-2
spec/features/security/project/private_access_spec.rb
spec/features/security/project/private_access_spec.rb
+52
-0
spec/policies/project_policy_spec.rb
spec/policies/project_policy_spec.rb
+29
-7
spec/requests/api/builds_spec.rb
spec/requests/api/builds_spec.rb
+1
-1
No files found.
app/policies/ci/build_policy.rb
View file @
617f43c7
module
Ci
module
Ci
class
BuildPolicy
<
CommitStatusPolicy
class
BuildPolicy
<
CommitStatusPolicy
def
rules
def
rules
can!
:read_build
if
@subject
.
project
.
public_builds?
super
super
# If we can't read build we should also not have that
# If we can't read build we should also not have that
...
...
app/policies/project_policy.rb
View file @
617f43c7
...
@@ -46,6 +46,11 @@ class ProjectPolicy < BasePolicy
...
@@ -46,6 +46,11 @@ class ProjectPolicy < BasePolicy
can!
:create_note
can!
:create_note
can!
:upload_file
can!
:upload_file
can!
:read_cycle_analytics
can!
:read_cycle_analytics
if
project
.
public_builds?
can!
:read_pipeline
can!
:read_build
end
end
end
def
reporter_access!
def
reporter_access!
...
...
changelogs/unreleased/zj-guest-reads-public-builds.yml
0 → 100644
View file @
617f43c7
---
title
:
Guests can read builds when public
merge_request
:
6842
author
:
spec/features/projects/guest_navigation_menu_spec.rb
View file @
617f43c7
require
'spec_helper'
require
'spec_helper'
describe
"Guest navigation menu"
do
describe
"Guest navigation menu"
do
let
(
:project
)
{
create
:empty_project
,
:private
}
let
(
:project
)
{
create
(
:empty_project
,
:private
,
public_builds:
false
)
}
let
(
:guest
)
{
create
:user
}
let
(
:guest
)
{
create
(
:user
)
}
before
do
before
do
project
.
team
<<
[
guest
,
:guest
]
project
.
team
<<
[
guest
,
:guest
]
...
...
spec/features/security/project/private_access_spec.rb
View file @
617f43c7
...
@@ -260,6 +260,19 @@ describe "Private Project Access", feature: true do
...
@@ -260,6 +260,19 @@ describe "Private Project Access", feature: true do
it
{
is_expected
.
to
be_denied_for
(
:user
)
}
it
{
is_expected
.
to
be_denied_for
(
:user
)
}
it
{
is_expected
.
to
be_denied_for
(
:external
)
}
it
{
is_expected
.
to
be_denied_for
(
:external
)
}
it
{
is_expected
.
to
be_denied_for
(
:visitor
)
}
it
{
is_expected
.
to
be_denied_for
(
:visitor
)
}
context
'when public builds is enabled'
do
it
{
is_expected
.
to
be_allowed_for
guest
}
end
context
'when public buils are disabled'
do
before
do
project
.
public_builds
=
false
project
.
save
end
it
{
is_expected
.
to
be_denied_for
guest
}
end
end
end
describe
"GET /:project_path/pipelines/:id"
do
describe
"GET /:project_path/pipelines/:id"
do
...
@@ -275,6 +288,19 @@ describe "Private Project Access", feature: true do
...
@@ -275,6 +288,19 @@ describe "Private Project Access", feature: true do
it
{
is_expected
.
to
be_denied_for
(
:user
)
}
it
{
is_expected
.
to
be_denied_for
(
:user
)
}
it
{
is_expected
.
to
be_denied_for
(
:external
)
}
it
{
is_expected
.
to
be_denied_for
(
:external
)
}
it
{
is_expected
.
to
be_denied_for
(
:visitor
)
}
it
{
is_expected
.
to
be_denied_for
(
:visitor
)
}
context
'when public builds is enabled'
do
it
{
is_expected
.
to
be_allowed_for
guest
}
end
context
'when public buils are disabled'
do
before
do
project
.
public_builds
=
false
project
.
save
end
it
{
is_expected
.
to
be_denied_for
guest
}
end
end
end
describe
"GET /:project_path/builds"
do
describe
"GET /:project_path/builds"
do
...
@@ -289,6 +315,19 @@ describe "Private Project Access", feature: true do
...
@@ -289,6 +315,19 @@ describe "Private Project Access", feature: true do
it
{
is_expected
.
to
be_denied_for
(
:user
)
}
it
{
is_expected
.
to
be_denied_for
(
:user
)
}
it
{
is_expected
.
to
be_denied_for
(
:external
)
}
it
{
is_expected
.
to
be_denied_for
(
:external
)
}
it
{
is_expected
.
to
be_denied_for
(
:visitor
)
}
it
{
is_expected
.
to
be_denied_for
(
:visitor
)
}
context
'when public builds is enabled'
do
it
{
is_expected
.
to
be_allowed_for
guest
}
end
context
'when public buils are disabled'
do
before
do
project
.
public_builds
=
false
project
.
save
end
it
{
is_expected
.
to
be_denied_for
guest
}
end
end
end
describe
"GET /:project_path/builds/:id"
do
describe
"GET /:project_path/builds/:id"
do
...
@@ -305,6 +344,19 @@ describe "Private Project Access", feature: true do
...
@@ -305,6 +344,19 @@ describe "Private Project Access", feature: true do
it
{
is_expected
.
to
be_denied_for
(
:user
)
}
it
{
is_expected
.
to
be_denied_for
(
:user
)
}
it
{
is_expected
.
to
be_denied_for
(
:external
)
}
it
{
is_expected
.
to
be_denied_for
(
:external
)
}
it
{
is_expected
.
to
be_denied_for
(
:visitor
)
}
it
{
is_expected
.
to
be_denied_for
(
:visitor
)
}
context
'when public builds is enabled'
do
it
{
is_expected
.
to
be_allowed_for
guest
}
end
context
'when public buils are disabled'
do
before
do
project
.
public_builds
=
false
project
.
save
end
it
{
is_expected
.
to
be_denied_for
guest
}
end
end
end
describe
"GET /:project_path/environments"
do
describe
"GET /:project_path/environments"
do
...
...
spec/policies/project_policy_spec.rb
View file @
617f43c7
...
@@ -111,13 +111,35 @@ describe ProjectPolicy, models: true do
...
@@ -111,13 +111,35 @@ describe ProjectPolicy, models: true do
context
'guests'
do
context
'guests'
do
let
(
:current_user
)
{
guest
}
let
(
:current_user
)
{
guest
}
it
do
context
'public builds enabled'
do
is_expected
.
to
include
(
*
guest_permissions
)
let
(
:reporter_public_build_permissions
)
do
is_expected
.
not_to
include
(
*
reporter_permissions
)
reporter_permissions
-
[
:read_build
,
:read_pipeline
]
is_expected
.
not_to
include
(
*
team_member_reporter_permissions
)
end
is_expected
.
not_to
include
(
*
developer_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
it
do
is_expected
.
not_to
include
(
*
owner_permissions
)
is_expected
.
to
include
(
*
guest_permissions
)
is_expected
.
not_to
include
(
*
reporter_public_build_permissions
)
is_expected
.
not_to
include
(
*
team_member_reporter_permissions
)
is_expected
.
not_to
include
(
*
developer_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
end
end
context
'public builds disabled'
do
before
do
project
.
public_builds
=
false
project
.
save
end
it
do
is_expected
.
to
include
(
*
guest_permissions
)
is_expected
.
not_to
include
(
*
reporter_permissions
)
is_expected
.
not_to
include
(
*
team_member_reporter_permissions
)
is_expected
.
not_to
include
(
*
developer_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
end
end
end
end
end
...
...
spec/requests/api/builds_spec.rb
View file @
617f43c7
...
@@ -5,7 +5,7 @@ describe API::Builds, api: true do
...
@@ -5,7 +5,7 @@ describe API::Builds, api: true do
let
(
:user
)
{
create
(
:user
)
}
let
(
:user
)
{
create
(
:user
)
}
let
(
:api_user
)
{
user
}
let
(
:api_user
)
{
user
}
let!
(
:project
)
{
create
(
:project
,
creator_id:
user
.
id
)
}
let!
(
:project
)
{
create
(
:project
,
creator_id:
user
.
id
,
public_builds:
false
)
}
let!
(
:developer
)
{
create
(
:project_member
,
:developer
,
user:
user
,
project:
project
)
}
let!
(
:developer
)
{
create
(
:project_member
,
:developer
,
user:
user
,
project:
project
)
}
let
(
:reporter
)
{
create
(
:project_member
,
:reporter
,
project:
project
)
}
let
(
:reporter
)
{
create
(
:project_member
,
:reporter
,
project:
project
)
}
let
(
:guest
)
{
create
(
:project_member
,
:guest
,
project:
project
)
}
let
(
:guest
)
{
create
(
:project_member
,
:guest
,
project:
project
)
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment