Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
2879da8c
Commit
2879da8c
authored
Oct 10, 2016
by
Yorick Peterse
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch '22373-reduce-queries-in-api-helpers-find_project' into 'master'
Improve project policy specs See merge request !6442
parents
434d98b2
1d35c5b3
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
143 additions
and
22 deletions
+143
-22
app/policies/project_policy.rb
app/policies/project_policy.rb
+12
-6
spec/policies/project_policy_spec.rb
spec/policies/project_policy_spec.rb
+131
-16
No files found.
app/policies/project_policy.rb
View file @
2879da8c
...
@@ -98,7 +98,6 @@ class ProjectPolicy < BasePolicy
...
@@ -98,7 +98,6 @@ class ProjectPolicy < BasePolicy
can!
:admin_milestone
can!
:admin_milestone
can!
:admin_project_snippet
can!
:admin_project_snippet
can!
:admin_project_member
can!
:admin_project_member
can!
:admin_merge_request
can!
:admin_note
can!
:admin_note
can!
:admin_wiki
can!
:admin_wiki
can!
:admin_project
can!
:admin_project
...
@@ -139,11 +138,18 @@ class ProjectPolicy < BasePolicy
...
@@ -139,11 +138,18 @@ class ProjectPolicy < BasePolicy
def
team_access!
(
user
)
def
team_access!
(
user
)
access
=
project
.
team
.
max_member_access
(
user
.
id
)
access
=
project
.
team
.
max_member_access
(
user
.
id
)
guest_access!
if
access
>=
Gitlab
::
Access
::
GUEST
return
if
access
<
Gitlab
::
Access
::
GUEST
reporter_access!
if
access
>=
Gitlab
::
Access
::
REPORTER
guest_access!
team_member_reporter_access!
if
access
>=
Gitlab
::
Access
::
REPORTER
developer_access!
if
access
>=
Gitlab
::
Access
::
DEVELOPER
return
if
access
<
Gitlab
::
Access
::
REPORTER
master_access!
if
access
>=
Gitlab
::
Access
::
MASTER
reporter_access!
team_member_reporter_access!
return
if
access
<
Gitlab
::
Access
::
DEVELOPER
developer_access!
return
if
access
<
Gitlab
::
Access
::
MASTER
master_access!
end
end
def
archived_access!
def
archived_access!
...
...
spec/policies/project_policy_spec.rb
View file @
2879da8c
require
'spec_helper'
require
'spec_helper'
describe
ProjectPolicy
,
models:
true
do
describe
ProjectPolicy
,
models:
true
do
let
(
:project
)
{
create
(
:empty_project
,
:public
)
}
let
(
:guest
)
{
create
(
:user
)
}
let
(
:guest
)
{
create
(
:user
)
}
let
(
:reporter
)
{
create
(
:user
)
}
let
(
:reporter
)
{
create
(
:user
)
}
let
(
:dev
)
{
create
(
:user
)
}
let
(
:dev
)
{
create
(
:user
)
}
let
(
:master
)
{
create
(
:user
)
}
let
(
:master
)
{
create
(
:user
)
}
let
(
:owner
)
{
create
(
:user
)
}
let
(
:owner
)
{
create
(
:user
)
}
let
(
:
admin
)
{
create
(
:admin
)
}
let
(
:
project
)
{
create
(
:empty_project
,
:public
,
namespace:
owner
.
namespace
)
}
let
(
:users_ordered_by_permissions
)
do
let
(
:guest_permissions
)
do
[
nil
,
guest
,
reporter
,
dev
,
master
,
owner
,
admin
]
[
:read_project
,
:read_board
,
:read_list
,
:read_wiki
,
:read_issue
,
:read_label
,
:read_milestone
,
:read_project_snippet
,
:read_project_member
,
:read_merge_request
,
:read_note
,
:create_project
,
:create_issue
,
:create_note
,
:upload_file
]
end
end
let
(
:users_permissions
)
do
let
(
:reporter_permissions
)
do
users_ordered_by_permissions
.
map
{
|
u
|
Ability
.
allowed
(
u
,
project
).
size
}
[
:download_code
,
:fork_project
,
:create_project_snippet
,
:update_issue
,
:admin_issue
,
:admin_label
,
:admin_list
,
:read_commit_status
,
:read_build
,
:read_container_image
,
:read_pipeline
,
:read_environment
,
:read_deployment
]
end
let
(
:team_member_reporter_permissions
)
do
[
:build_download_code
,
:build_read_container_image
]
end
let
(
:developer_permissions
)
do
[
:admin_merge_request
,
:update_merge_request
,
:create_commit_status
,
:update_commit_status
,
:create_build
,
:update_build
,
:create_pipeline
,
:update_pipeline
,
:create_merge_request
,
:create_wiki
,
:push_code
,
:resolve_note
,
:create_container_image
,
:update_container_image
,
:create_environment
,
:create_deployment
]
end
let
(
:master_permissions
)
do
[
:push_code_to_protected_branches
,
:update_project_snippet
,
:update_environment
,
:update_deployment
,
:admin_milestone
,
:admin_project_snippet
,
:admin_project_member
,
:admin_note
,
:admin_wiki
,
:admin_project
,
:admin_commit_status
,
:admin_build
,
:admin_container_image
,
:admin_pipeline
,
:admin_environment
,
:admin_deployment
]
end
let
(
:public_permissions
)
do
[
:download_code
,
:fork_project
,
:read_commit_status
,
:read_pipeline
,
:read_container_image
,
:build_download_code
,
:build_read_container_image
]
end
let
(
:owner_permissions
)
do
[
:change_namespace
,
:change_visibility_level
,
:rename_project
,
:remove_project
,
:archive_project
,
:remove_fork_project
,
:destroy_merge_request
,
:destroy_issue
]
end
end
before
do
before
do
...
@@ -22,16 +70,6 @@ describe ProjectPolicy, models: true do
...
@@ -22,16 +70,6 @@ describe ProjectPolicy, models: true do
project
.
team
<<
[
master
,
:master
]
project
.
team
<<
[
master
,
:master
]
project
.
team
<<
[
dev
,
:developer
]
project
.
team
<<
[
dev
,
:developer
]
project
.
team
<<
[
reporter
,
:reporter
]
project
.
team
<<
[
reporter
,
:reporter
]
group
=
create
(
:group
)
project
.
project_group_links
.
create
(
group:
group
,
group_access:
Gitlab
::
Access
::
MASTER
)
group
.
add_owner
(
owner
)
end
it
'returns increasing permissions for each level'
do
expect
(
users_permissions
).
to
eq
(
users_permissions
.
sort
.
uniq
)
end
end
it
'does not include the read_issue permission when the issue author is not a member of the private project'
do
it
'does not include the read_issue permission when the issue author is not a member of the private project'
do
...
@@ -46,4 +84,81 @@ describe ProjectPolicy, models: true do
...
@@ -46,4 +84,81 @@ describe ProjectPolicy, models: true do
expect
(
Ability
.
allowed?
(
user
,
:read_issue
,
project
)).
to
be_falsy
expect
(
Ability
.
allowed?
(
user
,
:read_issue
,
project
)).
to
be_falsy
end
end
context
'abilities for non-public projects'
do
let
(
:project
)
{
create
(
:empty_project
,
namespace:
owner
.
namespace
)
}
subject
{
described_class
.
abilities
(
current_user
,
project
).
to_set
}
context
'with no user'
do
let
(
:current_user
)
{
nil
}
it
{
is_expected
.
to
be_empty
}
end
context
'guests'
do
let
(
:current_user
)
{
guest
}
it
do
is_expected
.
to
include
(
*
guest_permissions
)
is_expected
.
not_to
include
(
*
reporter_permissions
)
is_expected
.
not_to
include
(
*
team_member_reporter_permissions
)
is_expected
.
not_to
include
(
*
developer_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
end
end
context
'reporter'
do
let
(
:current_user
)
{
reporter
}
it
do
is_expected
.
to
include
(
*
guest_permissions
)
is_expected
.
to
include
(
*
reporter_permissions
)
is_expected
.
to
include
(
*
team_member_reporter_permissions
)
is_expected
.
not_to
include
(
*
developer_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
end
end
context
'developer'
do
let
(
:current_user
)
{
dev
}
it
do
is_expected
.
to
include
(
*
guest_permissions
)
is_expected
.
to
include
(
*
reporter_permissions
)
is_expected
.
to
include
(
*
team_member_reporter_permissions
)
is_expected
.
to
include
(
*
developer_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
end
end
context
'master'
do
let
(
:current_user
)
{
master
}
it
do
is_expected
.
to
include
(
*
guest_permissions
)
is_expected
.
to
include
(
*
reporter_permissions
)
is_expected
.
to
include
(
*
team_member_reporter_permissions
)
is_expected
.
to
include
(
*
developer_permissions
)
is_expected
.
to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
end
end
context
'owner'
do
let
(
:current_user
)
{
owner
}
it
do
is_expected
.
to
include
(
*
guest_permissions
)
is_expected
.
to
include
(
*
reporter_permissions
)
is_expected
.
not_to
include
(
*
team_member_reporter_permissions
)
is_expected
.
to
include
(
*
developer_permissions
)
is_expected
.
to
include
(
*
master_permissions
)
is_expected
.
to
include
(
*
owner_permissions
)
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment