Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
c887045c
Commit
c887045c
authored
Nov 26, 2015
by
Douwe Maan
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'dbalexandre/gitlab-ce-fix-raw-personal-snippet-access-workflow'
parents
1befbbf5
8dcef120
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
117 additions
and
1 deletion
+117
-1
CHANGELOG
CHANGELOG
+1
-0
app/controllers/snippets_controller.rb
app/controllers/snippets_controller.rb
+1
-1
spec/controllers/snippets_controller_spec.rb
spec/controllers/snippets_controller_spec.rb
+115
-0
No files found.
CHANGELOG
View file @
c887045c
...
...
@@ -3,6 +3,7 @@ Please view this file on the master branch, on stable branches it's out of date.
v 8.3.0 (unreleased)
- Fix: Assignee selector is empty when 'Unassigned' is selected (Jose Corcuera)
- Fix 500 error when update group member permission
- Fix: Raw private snippets access workflow
v 8.2.1
- Forcefully update builds that didn't want to update with state machine
...
...
app/controllers/snippets_controller.rb
View file @
c887045c
...
...
@@ -2,7 +2,7 @@ class SnippetsController < ApplicationController
before_action
:snippet
,
only:
[
:show
,
:edit
,
:destroy
,
:update
,
:raw
]
# Allow read snippet
before_action
:authorize_read_snippet!
,
only:
[
:show
]
before_action
:authorize_read_snippet!
,
only:
[
:show
,
:raw
]
# Allow modify snippet
before_action
:authorize_update_snippet!
,
only:
[
:edit
,
:update
]
...
...
spec/controllers/snippets_controller_spec.rb
View file @
c887045c
...
...
@@ -115,4 +115,119 @@ describe SnippetsController do
end
end
end
describe
'GET #raw'
do
let
(
:user
)
{
create
(
:user
)
}
context
'when the personal snippet is private'
do
let
(
:personal_snippet
)
{
create
(
:personal_snippet
,
:private
,
author:
user
)
}
context
'when signed in'
do
before
do
sign_in
(
user
)
end
context
'when signed in user is not the author'
do
let
(
:other_author
)
{
create
(
:author
)
}
let
(
:other_personal_snippet
)
{
create
(
:personal_snippet
,
:private
,
author:
other_author
)
}
it
'responds with status 404'
do
get
:raw
,
id:
other_personal_snippet
.
to_param
expect
(
response
.
status
).
to
eq
(
404
)
end
end
context
'when signed in user is the author'
do
it
'renders the raw snippet'
do
get
:raw
,
id:
personal_snippet
.
to_param
expect
(
assigns
(
:snippet
)).
to
eq
(
personal_snippet
)
expect
(
response
.
status
).
to
eq
(
200
)
end
end
end
context
'when not signed in'
do
it
'redirects to the sign in page'
do
get
:raw
,
id:
personal_snippet
.
to_param
expect
(
response
).
to
redirect_to
(
new_user_session_path
)
end
end
end
context
'when the personal snippet is internal'
do
let
(
:personal_snippet
)
{
create
(
:personal_snippet
,
:internal
,
author:
user
)
}
context
'when signed in'
do
before
do
sign_in
(
user
)
end
it
'renders the raw snippet'
do
get
:raw
,
id:
personal_snippet
.
to_param
expect
(
assigns
(
:snippet
)).
to
eq
(
personal_snippet
)
expect
(
response
.
status
).
to
eq
(
200
)
end
end
context
'when not signed in'
do
it
'redirects to the sign in page'
do
get
:raw
,
id:
personal_snippet
.
to_param
expect
(
response
).
to
redirect_to
(
new_user_session_path
)
end
end
end
context
'when the personal snippet is public'
do
let
(
:personal_snippet
)
{
create
(
:personal_snippet
,
:public
,
author:
user
)
}
context
'when signed in'
do
before
do
sign_in
(
user
)
end
it
'renders the raw snippet'
do
get
:raw
,
id:
personal_snippet
.
to_param
expect
(
assigns
(
:snippet
)).
to
eq
(
personal_snippet
)
expect
(
response
.
status
).
to
eq
(
200
)
end
end
context
'when not signed in'
do
it
'renders the raw snippet'
do
get
:raw
,
id:
personal_snippet
.
to_param
expect
(
assigns
(
:snippet
)).
to
eq
(
personal_snippet
)
expect
(
response
.
status
).
to
eq
(
200
)
end
end
end
context
'when the personal snippet does not exist'
do
context
'when signed in'
do
before
do
sign_in
(
user
)
end
it
'responds with status 404'
do
get
:raw
,
id:
'doesntexist'
expect
(
response
.
status
).
to
eq
(
404
)
end
end
context
'when not signed in'
do
it
'responds with status 404'
do
get
:raw
,
id:
'doesntexist'
expect
(
response
.
status
).
to
eq
(
404
)
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment