Commit 4d857c08 authored by Douwe Maan's avatar Douwe Maan Committed by Rémy Coutable

Merge branch 'fix/deprecated-ci-badge-permissions' into 'master'

Fix permissions for deprecated CI build status badge

This fixes permissions for deprecated status badge, being unavailable even if project is public.

Closes #13324

See merge request !3030
parent 26959be0
...@@ -12,6 +12,7 @@ v 8.5.2 ...@@ -12,6 +12,7 @@ v 8.5.2
- Don't show any "2FA required" message if it's not actually required - Don't show any "2FA required" message if it's not actually required
- Fix help keyboard shortcut on relative URL setups (Artem Sidorenko) - Fix help keyboard shortcut on relative URL setups (Artem Sidorenko)
- Update Rails to 4.2.5.2 - Update Rails to 4.2.5.2
- Fix permissions for deprecated CI build status badge
v 8.5.1 v 8.5.1
- Fix group projects styles - Fix group projects styles
......
...@@ -3,6 +3,7 @@ module Ci ...@@ -3,6 +3,7 @@ module Ci
before_action :project before_action :project
before_action :authorize_read_project!, except: [:badge] before_action :authorize_read_project!, except: [:badge]
before_action :no_cache, only: [:badge] before_action :no_cache, only: [:badge]
skip_before_action :authenticate_user!, only: [:badge]
protect_from_forgery protect_from_forgery
def show def show
...@@ -18,6 +19,7 @@ module Ci ...@@ -18,6 +19,7 @@ module Ci
# #
def badge def badge
return render_404 unless @project return render_404 unless @project
image = Ci::ImageForBuildService.new.execute(@project, params) image = Ci::ImageForBuildService.new.execute(@project, params)
send_file image.path, filename: image.name, disposition: 'inline', type:"image/svg+xml" send_file image.path, filename: image.name, disposition: 'inline', type:"image/svg+xml"
end end
......
require 'spec_helper'
describe Ci::ProjectsController do
let(:visibility) { :public }
let!(:project) { create(:project, visibility, ci_id: 1) }
let(:ci_id) { project.ci_id }
##
# Specs for *deprecated* CI badge
#
describe '#badge' do
shared_examples 'badge provider' do
it 'shows badge' do
expect(response.status).to eq 200
expect(response.headers)
.to include('Content-Type' => 'image/svg+xml')
end
end
context 'user not signed in' do
before { get(:badge, id: ci_id) }
context 'project has no ci_id reference' do
let(:ci_id) { 123 }
it 'returns 404' do
expect(response.status).to eq 404
end
end
context 'project is public' do
let(:visibility) { :public }
it_behaves_like 'badge provider'
end
context 'project is private' do
let(:visibility) { :private }
it_behaves_like 'badge provider'
end
end
context 'user signed in' do
let(:user) { create(:user) }
before { sign_in(user) }
before { get(:badge, id: ci_id) }
context 'private is internal' do
let(:visibility) { :internal }
it_behaves_like 'badge provider'
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment