Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
44261a5d
Commit
44261a5d
authored
Sep 09, 2015
by
Valery Sizov
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
integration with gitlab auth
parent
81f9ee48
Changes
21
Hide whitespace changes
Inline
Side-by-side
Showing
21 changed files
with
51 additions
and
170 deletions
+51
-170
app/controllers/ci/application_controller.rb
app/controllers/ci/application_controller.rb
+16
-45
app/controllers/ci/builds_controller.rb
app/controllers/ci/builds_controller.rb
+1
-1
app/controllers/ci/commits_controller.rb
app/controllers/ci/commits_controller.rb
+1
-1
app/controllers/ci/projects_controller.rb
app/controllers/ci/projects_controller.rb
+7
-4
app/controllers/ci/user_sessions_controller.rb
app/controllers/ci/user_sessions_controller.rb
+0
-10
app/helpers/ci/commits_helper.rb
app/helpers/ci/commits_helper.rb
+1
-1
app/models/ability.rb
app/models/ability.rb
+1
-0
app/models/ci/user.rb
app/models/ci/user.rb
+1
-31
app/views/ci/builds/_build.html.haml
app/views/ci/builds/_build.html.haml
+1
-1
app/views/ci/builds/show.html.haml
app/views/ci/builds/show.html.haml
+6
-6
app/views/ci/commits/_commit.html.haml
app/views/ci/commits/_commit.html.haml
+1
-1
app/views/ci/commits/show.html.haml
app/views/ci/commits/show.html.haml
+2
-2
app/views/ci/projects/_gl_projects.html.haml
app/views/ci/projects/_gl_projects.html.haml
+1
-1
app/views/ci/projects/gitlab.html.haml
app/views/ci/projects/gitlab.html.haml
+0
-4
app/views/ci/projects/show.html.haml
app/views/ci/projects/show.html.haml
+1
-1
app/views/ci/user_sessions/show.html.haml
app/views/ci/user_sessions/show.html.haml
+1
-1
app/views/layouts/ci/_info.html.haml
app/views/layouts/ci/_info.html.haml
+1
-1
app/views/layouts/ci/_nav.html.haml
app/views/layouts/ci/_nav.html.haml
+3
-3
app/views/layouts/ci/project.html.haml
app/views/layouts/ci/project.html.haml
+1
-1
lib/ci/api/projects.rb
lib/ci/api/projects.rb
+5
-5
spec/models/ci/user_spec.rb
spec/models/ci/user_spec.rb
+0
-50
No files found.
app/controllers/ci/application_controller.rb
View file @
44261a5d
module
Ci
module
Ci
class
ApplicationController
<
ActionController
::
Base
class
ApplicationController
<
::
ApplicationController
def
self
.
railtie_helpers_paths
def
self
.
railtie_helpers_paths
"app/helpers/ci"
"app/helpers/ci"
end
end
...
@@ -9,49 +9,19 @@ module Ci
...
@@ -9,49 +9,19 @@ module Ci
rescue_from
Ci
::
Network
::
UnauthorizedError
,
with: :invalid_token
rescue_from
Ci
::
Network
::
UnauthorizedError
,
with: :invalid_token
before_filter
:default_headers
before_filter
:default_headers
#before_filter :check_config
#before_filter :check_config
helper_method
:gl_project
protect_from_forgery
protect_from_forgery
helper_method
:current_user
before_filter
:reset_cache
private
private
def
current_user
@current_user
||=
session
[
:ci_current_user
]
end
def
sign_in
(
user
)
session
[
:ci_current_user
]
=
user
end
def
sign_out
reset_session
end
def
authenticate_user!
unless
current_user
redirect_to
new_ci_user_sessions_path
return
end
end
def
authenticate_admin!
unless
current_user
&&
current_user
.
is_admin
redirect_to
new_ci_user_sessions_path
return
end
end
def
authenticate_public_page!
def
authenticate_public_page!
unless
project
.
public
unless
project
.
public
unless
current_user
unless
current_user
redirect_to
(
new_
ci_user_sessions_path
(
state:
generate_oauth_state
(
request
.
fullpath
))
)
and
return
redirect_to
(
new_
user_sessions_path
)
and
return
end
end
unless
current_user
.
can_access_project?
(
project
.
gitlab_id
)
return
access_denied!
unless
can?
(
current_user
,
:read_project
,
gl_project
)
page_404
and
return
end
end
end
end
end
...
@@ -62,19 +32,23 @@ module Ci
...
@@ -62,19 +32,23 @@ module Ci
end
end
def
authorize_access_project!
def
authorize_access_project!
unless
c
urrent_user
.
can_access_project?
(
@project
.
gitlab_id
)
unless
c
an?
(
current_user
,
:read_project
,
gl_project
)
return
page_404
return
page_404
end
end
end
end
def
authorize_
project_developer
!
def
authorize_
manage_builds
!
unless
c
urrent_user
.
has_developer_access?
(
@project
.
gitlab_id
)
unless
c
an?
(
current_user
,
:manage_builds
,
gl_project
)
return
page_404
return
page_404
end
end
end
end
def
authenticate_admin!
return
render_404
unless
current_user
.
is_admin?
end
def
authorize_manage_project!
def
authorize_manage_project!
unless
c
urrent_user
.
can_manage_project?
(
@project
.
gitlab_id
)
unless
c
an?
(
current_user
,
:manage_project
,
gl_project
)
return
page_404
return
page_404
end
end
end
end
...
@@ -83,13 +57,6 @@ module Ci
...
@@ -83,13 +57,6 @@ module Ci
render
file:
"
#{
Rails
.
root
}
/public/404.html"
,
status:
404
,
layout:
false
render
file:
"
#{
Rails
.
root
}
/public/404.html"
,
status:
404
,
layout:
false
end
end
# Reset user cache every day for security purposes
def
reset_cache
if
current_user
&&
current_user
.
sync_at
<
(
Time
.
zone
.
now
-
24
.
hours
)
current_user
.
reset_cache
end
end
def
default_headers
def
default_headers
headers
[
'X-Frame-Options'
]
=
'DENY'
headers
[
'X-Frame-Options'
]
=
'DENY'
headers
[
'X-XSS-Protection'
]
=
'1; mode=block'
headers
[
'X-XSS-Protection'
]
=
'1; mode=block'
...
@@ -129,5 +96,9 @@ module Ci
...
@@ -129,5 +96,9 @@ module Ci
reset_session
reset_session
redirect_to
ci_root_path
redirect_to
ci_root_path
end
end
def
gl_project
::
Project
.
find
(
@project
.
gitlab_id
)
end
end
end
end
end
app/controllers/ci/builds_controller.rb
View file @
44261a5d
...
@@ -5,7 +5,7 @@ module Ci
...
@@ -5,7 +5,7 @@ module Ci
before_filter
:project
before_filter
:project
before_filter
:authorize_access_project!
,
except:
[
:status
,
:show
]
before_filter
:authorize_access_project!
,
except:
[
:status
,
:show
]
before_filter
:authorize_manage_project!
,
except:
[
:status
,
:show
,
:retry
,
:cancel
]
before_filter
:authorize_manage_project!
,
except:
[
:status
,
:show
,
:retry
,
:cancel
]
before_filter
:authorize_
project_developer
!
,
only:
[
:retry
,
:cancel
]
before_filter
:authorize_
manage_builds
!
,
only:
[
:retry
,
:cancel
]
before_filter
:build
,
except:
[
:show
]
before_filter
:build
,
except:
[
:show
]
def
show
def
show
...
...
app/controllers/ci/commits_controller.rb
View file @
44261a5d
...
@@ -4,7 +4,7 @@ module Ci
...
@@ -4,7 +4,7 @@ module Ci
before_filter
:authenticate_public_page!
,
only: :show
before_filter
:authenticate_public_page!
,
only: :show
before_filter
:project
before_filter
:project
before_filter
:authorize_access_project!
,
except:
[
:status
,
:show
,
:cancel
]
before_filter
:authorize_access_project!
,
except:
[
:status
,
:show
,
:cancel
]
before_filter
:authorize_
project_developer
!
,
only:
[
:cancel
]
before_filter
:authorize_
manage_builds
!
,
only:
[
:cancel
]
before_filter
:commit
,
only: :show
before_filter
:commit
,
only: :show
def
show
def
show
...
...
app/controllers/ci/projects_controller.rb
View file @
44261a5d
...
@@ -21,12 +21,15 @@ module Ci
...
@@ -21,12 +21,15 @@ module Ci
@limit
,
@offset
=
(
params
[
:limit
]
||
PROJECTS_BATCH
).
to_i
,
(
params
[
:offset
]
||
0
).
to_i
@limit
,
@offset
=
(
params
[
:limit
]
||
PROJECTS_BATCH
).
to_i
,
(
params
[
:offset
]
||
0
).
to_i
@page
=
@offset
==
0
?
1
:
(
@offset
/
@limit
+
1
)
@page
=
@offset
==
0
?
1
:
(
@offset
/
@limit
+
1
)
current_user
.
reset_cache
if
params
[
:reset_cache
]
@gl_projects
=
current_user
.
authorized_projects
@gl_projects
=
@gl_projects
.
where
(
"name LIKE %?%"
,
params
[
:search
])
if
params
[
:search
]
@gl_projects
=
@gl_projects
.
page
(
@page
).
per
(
@limit
)
@gl_projects
=
current_user
.
gitlab_projects
(
params
[
:search
],
@page
,
@limit
)
@projects
=
Ci
::
Project
.
where
(
gitlab_id:
@gl_projects
.
map
(
&
:id
)).
ordered_by_last_commit_date
@projects
=
Ci
::
Project
.
where
(
gitlab_id:
@gl_projects
.
map
(
&
:id
)).
ordered_by_last_commit_date
@total_count
=
@gl_projects
.
size
@total_count
=
@gl_projects
.
size
@gl_projects
.
reject!
{
|
gl_project
|
@projects
.
map
(
&
:gitlab_id
).
include?
(
gl_project
.
id
)
}
@gl_projects
=
@gl_projects
.
where
.
not
(
id:
@projects
.
map
(
&
:gitlab_id
))
respond_to
do
|
format
|
respond_to
do
|
format
|
format
.
json
do
format
.
json
do
pager_json
(
"ci/projects/gitlab"
,
@total_count
)
pager_json
(
"ci/projects/gitlab"
,
@total_count
)
...
@@ -52,7 +55,7 @@ module Ci
...
@@ -52,7 +55,7 @@ module Ci
def
create
def
create
project_data
=
OpenStruct
.
new
(
JSON
.
parse
(
params
[
"project"
]))
project_data
=
OpenStruct
.
new
(
JSON
.
parse
(
params
[
"project"
]))
unless
c
urrent_user
.
can_manage_project?
(
project_data
.
id
)
unless
c
an?
(
current_user
,
:manage_project
,
::
Project
.
find
(
project_data
.
id
)
)
return
redirect_to
ci_root_path
,
alert:
'You have to have at least master role to enable CI for this project'
return
redirect_to
ci_root_path
,
alert:
'You have to have at least master role to enable CI for this project'
end
end
...
...
app/controllers/ci/user_sessions_controller.rb
View file @
44261a5d
...
@@ -10,11 +10,6 @@ module Ci
...
@@ -10,11 +10,6 @@ module Ci
end
end
def
auth
def
auth
unless
is_oauth_state_valid?
(
params
[
:state
])
redirect_to
new_ci_user_sessions_path
return
end
redirect_to
client
.
auth_code
.
authorize_url
({
redirect_to
client
.
auth_code
.
authorize_url
({
redirect_uri:
callback_ci_user_sessions_url
,
redirect_uri:
callback_ci_user_sessions_url
,
state:
params
[
:state
]
state:
params
[
:state
]
...
@@ -22,11 +17,6 @@ module Ci
...
@@ -22,11 +17,6 @@ module Ci
end
end
def
callback
def
callback
unless
is_oauth_state_valid?
(
params
[
:state
])
redirect_to
new_ci_user_sessions_path
return
end
token
=
client
.
auth_code
.
get_token
(
params
[
:code
],
redirect_uri:
callback_ci_user_sessions_url
).
token
token
=
client
.
auth_code
.
get_token
(
params
[
:code
],
redirect_uri:
callback_ci_user_sessions_url
).
token
@user_session
=
Ci
::
UserSession
.
new
@user_session
=
Ci
::
UserSession
.
new
...
...
app/helpers/ci/commits_helper.rb
View file @
44261a5d
...
@@ -16,7 +16,7 @@ module Ci
...
@@ -16,7 +16,7 @@ module Ci
end
end
def
commit_link
(
commit
)
def
commit_link
(
commit
)
link_to
(
commit
.
short_sha
,
ci_project_ref_commit_path
(
commit
.
project
,
commit
.
ref
,
commit
.
sha
))
link_to
(
commit
.
short_sha
,
ci_project_ref_commit
s
_path
(
commit
.
project
,
commit
.
ref
,
commit
.
sha
))
end
end
def
truncate_first_line
(
message
,
length
=
50
)
def
truncate_first_line
(
message
,
length
=
50
)
...
...
app/models/ability.rb
View file @
44261a5d
...
@@ -149,6 +149,7 @@ class Ability
...
@@ -149,6 +149,7 @@ class Ability
:admin_merge_request
,
:admin_merge_request
,
:create_merge_request
,
:create_merge_request
,
:create_wiki
,
:create_wiki
,
:manage_builds
,
:push_code
:push_code
]
]
end
end
...
...
app/models/ci/user.rb
View file @
44261a5d
...
@@ -39,43 +39,13 @@ module Ci
...
@@ -39,43 +39,13 @@ module Ci
@sync_at
=
Time
.
now
@sync_at
=
Time
.
now
end
end
def
can_access_project?
(
project_gitlab_id
)
!!
project_info
(
project_gitlab_id
)
end
# Indicate if user has developer access or higher
def
has_developer_access?
(
project_gitlab_id
)
data
=
project_info
(
project_gitlab_id
)
return
false
unless
data
&&
data
[
"permissions"
]
permissions
=
data
[
"permissions"
]
if
permissions
[
"project_access"
]
&&
permissions
[
"project_access"
][
"access_level"
]
>=
DEVELOPER_ACCESS
return
true
end
if
permissions
[
"group_access"
]
&&
permissions
[
"group_access"
][
"access_level"
]
>=
DEVELOPER_ACCESS
return
true
end
end
def
can_manage_project?
(
project_gitlab_id
)
Rails
.
cache
.
fetch
(
cache_key
(
'manage'
,
project_gitlab_id
,
sync_at
))
do
!!
Ci
::
Network
.
new
.
project_hooks
(
authenticate_options
,
project_gitlab_id
)
end
end
def
authorized_runners
def
authorized_runners
Ci
::
Runner
.
specific
.
includes
(
:runner_projects
).
Ci
::
Runner
.
specific
.
includes
(
:runner_projects
).
where
(
Ci
::
RunnerProject
.
table_name
=>
{
project_id:
authorized_projects
}
)
where
(
Ci
::
RunnerProject
.
table_name
=>
{
project_id:
authorized_projects
}
)
end
end
def
authorized_projects
def
authorized_projects
Ci
::
Project
.
where
(
gitlab_id:
gitlab_projects
.
map
(
&
:id
)).
select
do
|
project
|
Ci
::
Project
.
where
(
gitlab_id:
current_user
.
authorized_projects
.
map
(
&
:id
))
# This is slow: it makes request to GitLab for each project to verify manage permission
can_manage_project?
(
project
.
gitlab_id
)
end
end
end
def
authenticate_options
def
authenticate_options
...
...
app/views/ci/builds/_build.html.haml
View file @
44261a5d
...
@@ -35,7 +35,7 @@
...
@@ -35,7 +35,7 @@
#{
build
.
coverage
}
%
#{
build
.
coverage
}
%
%td
%td
-
if
defined?
(
controls
)
&&
current_user
&&
c
urrent_user
.
has_developer_access?
(
@project
.
gitlab_id
)
-
if
defined?
(
controls
)
&&
current_user
&&
c
an?
(
current_user
,
:manage_builds
,
gl_project
)
.pull-right
.pull-right
-
if
build
.
active?
-
if
build
.
active?
=
link_to
cancel_ci_project_build_path
(
build
.
project
,
build
,
return_to:
request
.
original_url
),
title:
'Cancel build'
do
=
link_to
cancel_ci_project_build_path
(
build
.
project
,
build
,
return_to:
request
.
original_url
),
title:
'Cancel build'
do
...
...
app/views/ci/builds/show.html.haml
View file @
44261a5d
%h4
.page-title
%h4
.page-title
=
link_to
@project
.
name
,
@project
=
link_to
ci_project_path
(
@project
)
@
@
=
@commit
.
short_sha
=
@commit
.
short_sha
%p
%p
=
link_to
ci_project_ref_commit_path
(
@project
,
@commit
.
ref
,
@commit
.
sha
)
do
=
link_to
ci_project_ref_commit
s
_path
(
@project
,
@commit
.
ref
,
@commit
.
sha
)
do
←
Back to project commit
←
Back to project commit
%hr
%hr
#up-build-trace
#up-build-trace
...
@@ -12,7 +12,7 @@
...
@@ -12,7 +12,7 @@
%ul
.nav.nav-tabs.append-bottom-10
%ul
.nav.nav-tabs.append-bottom-10
-
@commit
.
builds_without_retry_sorted
.
each
do
|
build
|
-
@commit
.
builds_without_retry_sorted
.
each
do
|
build
|
%li
{
class:
(
'active'
if
build
==
@build
)
}
%li
{
class:
(
'active'
if
build
==
@build
)
}
=
link_to
ci_
build_url
(
build
)
do
=
link_to
ci_
project_build_url
(
@project
,
build
)
do
%i
{
class:
build_icon_css_class
(
build
)}
%i
{
class:
build_icon_css_class
(
build
)}
%span
%span
Build ##{build.id}
Build ##{build.id}
...
@@ -84,7 +84,7 @@
...
@@ -84,7 +84,7 @@
.build-widget
.build-widget
%h4
.title
%h4
.title
Build
Build
-
if
current_user
&&
c
urrent_user
.
has_developer_access?
(
@project
.
gitlab_id
)
-
if
current_user
&&
c
an?
(
current_user
,
:manage_builds
,
gl_project
)
.pull-right
.pull-right
-
if
@build
.
active?
-
if
@build
.
active?
=
link_to
"Cancel"
,
cancel_ci_project_build_path
(
@project
,
@build
),
class:
'btn btn-sm btn-danger'
=
link_to
"Cancel"
,
cancel_ci_project_build_path
(
@project
,
@build
),
class:
'btn btn-sm btn-danger'
...
@@ -161,7 +161,7 @@
...
@@ -161,7 +161,7 @@
-
@builds
.
each_with_index
do
|
build
,
i
|
-
@builds
.
each_with_index
do
|
build
,
i
|
%tr
.build.alert
{
class:
build_status_alert_class
(
build
)}
%tr
.build.alert
{
class:
build_status_alert_class
(
build
)}
%td
%td
=
link_to
ci_
build_url
(
build
)
do
=
link_to
ci_
project_build_url
(
@project
,
build
)
do
%span
##{build.id}
%span
##{build.id}
%td
%td
-
if
build
.
name
-
if
build
.
name
...
@@ -173,4 +173,4 @@
...
@@ -173,4 +173,4 @@
:javascript
:javascript
new
CiBuild
(
"
#{
ci_
build_url
(
@build
)
}
"
,
"
#{
@build
.
status
}
"
)
new
CiBuild
(
"
#{
ci_
project_build_url
(
@project
,
@build
)
}
"
,
"
#{
@build
.
status
}
"
)
app/views/ci/commits/_commit.html.haml
View file @
44261a5d
...
@@ -7,7 +7,7 @@
...
@@ -7,7 +7,7 @@
%td
.build-link
%td
.build-link
=
link_to
ci_project_ref_commit_path
(
commit
.
project
,
commit
.
ref
,
commit
.
sha
)
do
=
link_to
ci_project_ref_commit
s
_path
(
commit
.
project
,
commit
.
ref
,
commit
.
sha
)
do
%strong
#{
commit
.
short_sha
}
%strong
#{
commit
.
short_sha
}
%td
.build-message
%td
.build-message
...
...
app/views/ci/commits/show.html.haml
View file @
44261a5d
...
@@ -33,10 +33,10 @@
...
@@ -33,10 +33,10 @@
%span
.attr-name
Created at:
%span
.attr-name
Created at:
#{
@commit
.
created_at
.
to_s
(
:short
)
}
#{
@commit
.
created_at
.
to_s
(
:short
)
}
-
if
current_user
&&
c
urrent_user
.
has_developer_access?
(
@project
.
gitlab_id
)
-
if
current_user
&&
c
an?
(
current_user
,
:manage_builds
,
gl_project
)
.pull-right
.pull-right
-
if
@commit
.
builds
.
running_or_pending
.
any?
-
if
@commit
.
builds
.
running_or_pending
.
any?
=
link_to
"Cancel"
,
cancel_ci_project_ref_commit_path
(
@project
,
@commit
.
ref
,
@commit
.
sha
),
class:
'btn btn-sm btn-danger'
=
link_to
"Cancel"
,
cancel_ci_project_ref_commit
s
_path
(
@project
,
@commit
.
ref
,
@commit
.
sha
),
class:
'btn btn-sm btn-danger'
-
if
@commit
.
yaml_errors
.
present?
-
if
@commit
.
yaml_errors
.
present?
...
...
app/views/ci/projects/_gl_projects.html.haml
View file @
44261a5d
...
@@ -11,5 +11,5 @@
...
@@ -11,5 +11,5 @@
Added
Added
-
else
-
else
=
form_tag
ci_projects_path
do
=
form_tag
ci_projects_path
do
=
hidden_field_tag
:project
,
project
.
to_
h
.
to_
json
=
hidden_field_tag
:project
,
project
.
to_json
=
submit_tag
'Add project to CI'
,
class:
'btn btn-default btn-sm'
=
submit_tag
'Add project to CI'
,
class:
'btn btn-default btn-sm'
app/views/ci/projects/gitlab.html.haml
View file @
44261a5d
...
@@ -4,10 +4,6 @@
...
@@ -4,10 +4,6 @@
Fetched from GitLab (
#{
link_to
GitlabCi
.
config
.
gitlab_server
.
url
,
GitlabCi
.
config
.
gitlab_server
.
url
,
no_turbolink
}
)
Fetched from GitLab (
#{
link_to
GitlabCi
.
config
.
gitlab_server
.
url
,
GitlabCi
.
config
.
gitlab_server
.
url
,
no_turbolink
}
)
-
if
params
[
:search
].
present?
-
if
params
[
:search
].
present?
by keyword: "
#{
params
[
:search
]
}
",
by keyword: "
#{
params
[
:search
]
}
",
#{
time_ago_in_words
(
current_user
.
sync_at
)
}
ago.
=
link_to
gitlab_ci_projects_path
(
reset_cache:
true
,
search:
params
[
:search
]),
class:
'sync-now btn btn-sm btn-default reset-cache'
do
%i
.fa.fa-refresh
Sync now
%br
%br
.pull-right
.pull-right
...
...
app/views/ci/projects/show.html.haml
View file @
44261a5d
=
render
'ci/shared/guide'
unless
@project
.
setup_finished?
=
render
'ci/shared/guide'
unless
@project
.
setup_finished?
-
if
current_user
&&
c
urrent_user
.
can_manage_project?
(
@project
.
gitlab_id
)
&&
!
@project
.
any_runners?
-
if
current_user
&&
c
an?
(
current_user
,
:manage_project
,
gl_project
)
&&
!
@project
.
any_runners?
.alert.alert-danger
.alert.alert-danger
Builds for this project wont be served unless you configure runners on
Builds for this project wont be served unless you configure runners on
=
link_to
"Runners page"
,
ci_project_runners_path
(
@project
)
=
link_to
"Runners page"
,
ci_project_runners_path
(
@project
)
...
...
app/views/ci/user_sessions/show.html.haml
View file @
44261a5d
...
@@ -2,7 +2,7 @@
...
@@ -2,7 +2,7 @@
%h3
%h3
Hi,
#{
@user
.
name
}
Hi,
#{
@user
.
name
}
-
if
@user
.
is_admin
-
if
@user
.
is_admin
?
%span
.label.label-success
Admin
%span
.label.label-success
Admin
.profile-block
.profile-block
...
...
app/views/layouts/ci/_info.html.haml
View file @
44261a5d
...
@@ -5,5 +5,5 @@
...
@@ -5,5 +5,5 @@
-
if
notice
-
if
notice
.alert.alert-info
=
notice
.alert.alert-info
=
notice
-
if
current_user
&&
current_user
.
is_admin
&&
Ci
::
Runner
.
count
.
zero?
-
if
current_user
&&
current_user
.
is_admin
?
&&
Ci
::
Runner
.
count
.
zero?
=
render
'ci/shared/no_runners'
=
render
'ci/shared/no_runners'
app/views/layouts/ci/_nav.html.haml
View file @
44261a5d
...
@@ -9,7 +9,7 @@
...
@@ -9,7 +9,7 @@
.collapse.navbar-collapse
.collapse.navbar-collapse
%ul
.nav.navbar-nav
%ul
.nav.navbar-nav
-
if
current_user
&&
current_user
.
is_admin
-
if
current_user
&&
current_user
.
is_admin
?
%li
%li
=
link_to
ci_admin_projects_path
do
=
link_to
ci_admin_projects_path
do
Admin
Admin
...
@@ -19,12 +19,12 @@
...
@@ -19,12 +19,12 @@
%ul
.nav.navbar-nav.pull-right
%ul
.nav.navbar-nav.pull-right
-
if
current_user
-
if
current_user
%li
%li
=
link_to
ci_user_sessions
_path
do
=
link_to
new_user_session
_path
do
.profile-holder
.profile-holder
=
image_tag
user_avatar_url
(
current_user
,
64
),
class:
'avatar s32'
,
alt:
''
=
image_tag
user_avatar_url
(
current_user
,
64
),
class:
'avatar s32'
,
alt:
''
%span
=
current_user
.
name
%span
=
current_user
.
name
%li
%li
=
link_to
ci_user_sessions
_path
,
class:
"logout"
,
method: :delete
do
=
link_to
destroy_user_session
_path
,
class:
"logout"
,
method: :delete
do
%i
.fa.fa-signout
%i
.fa.fa-signout
Logout
Logout
-
else
-
else
...
...
app/views/layouts/ci/project.html.haml
View file @
44261a5d
...
@@ -16,7 +16,7 @@
...
@@ -16,7 +16,7 @@
=
link_to
'View on GitLab'
,
@project
.
gitlab_url
,
no_turbolink
.
merge
(
class:
'btn btn-sm'
)
=
link_to
'View on GitLab'
,
@project
.
gitlab_url
,
no_turbolink
.
merge
(
class:
'btn btn-sm'
)
%hr
%hr
.container
.container
-
if
current_user
&&
c
urrent_user
.
can_manage_project?
(
@project
.
gitlab_id
)
-
if
current_user
&&
c
an?
(
current_user
,
:manage_project
,
gl_project
)
.row
.row
.col-md-2.append-bottom-20
.col-md-2.append-bottom-20
=
render
'layouts/ci/nav_project'
=
render
'layouts/ci/nav_project'
...
...
lib/ci/api/projects.rb
View file @
44261a5d
...
@@ -66,7 +66,7 @@ module Ci
...
@@ -66,7 +66,7 @@ module Ci
get
":id"
do
get
":id"
do
project
=
Ci
::
Project
.
find
(
params
[
:id
])
project
=
Ci
::
Project
.
find
(
params
[
:id
])
unauthorized!
unless
c
urrent_user
.
can_access_project?
(
project
.
gitlab_id
)
unauthorized!
unless
c
an?
(
current_user
,
:read_project
,
gl_project
)
present
project
,
with:
Entities
::
Project
present
project
,
with:
Entities
::
Project
end
end
...
@@ -118,7 +118,7 @@ module Ci
...
@@ -118,7 +118,7 @@ module Ci
put
":id"
do
put
":id"
do
project
=
Ci
::
Project
.
find
(
params
[
:id
])
project
=
Ci
::
Project
.
find
(
params
[
:id
])
unauthorized!
unless
c
urrent_user
.
can_manage_project?
(
project
.
gitlab_id
)
unauthorized!
unless
c
an?
(
current_user
,
:manage_project
,
gl_project
)
attrs
=
attributes_for_keys
[
:name
,
:gitlab_id
,
:path
,
:gitlab_url
,
:default_ref
,
:ssh_url_to_repo
]
attrs
=
attributes_for_keys
[
:name
,
:gitlab_id
,
:path
,
:gitlab_url
,
:default_ref
,
:ssh_url_to_repo
]
...
@@ -144,7 +144,7 @@ module Ci
...
@@ -144,7 +144,7 @@ module Ci
delete
":id"
do
delete
":id"
do
project
=
Ci
::
Project
.
find
(
params
[
:id
])
project
=
Ci
::
Project
.
find
(
params
[
:id
])
unauthorized!
unless
c
urrent_user
.
can_manage_project?
(
project
.
gitlab_id
)
unauthorized!
unless
c
an?
(
current_user
,
:manage_project
,
gl_project
)
project
.
destroy
project
.
destroy
end
end
...
@@ -160,7 +160,7 @@ module Ci
...
@@ -160,7 +160,7 @@ module Ci
project
=
Ci
::
Project
.
find
(
params
[
:id
])
project
=
Ci
::
Project
.
find
(
params
[
:id
])
runner
=
Ci
::
Runner
.
find
(
params
[
:runner_id
])
runner
=
Ci
::
Runner
.
find
(
params
[
:runner_id
])
unauthorized!
unless
c
urrent_user
.
can_manage_project?
(
project
.
gitlab_id
)
unauthorized!
unless
c
an?
(
current_user
,
:manage_project
,
gl_project
)
options
=
{
options
=
{
project_id:
project
.
id
,
project_id:
project
.
id
,
...
@@ -188,7 +188,7 @@ module Ci
...
@@ -188,7 +188,7 @@ module Ci
project
=
Ci
::
Project
.
find
(
params
[
:id
])
project
=
Ci
::
Project
.
find
(
params
[
:id
])
runner
=
Ci
::
Runner
.
find
(
params
[
:runner_id
])
runner
=
Ci
::
Runner
.
find
(
params
[
:runner_id
])
unauthorized!
unless
c
urrent_user
.
can_manage_project?
(
project
.
gitlab_id
)
unauthorized!
unless
c
an?
(
current_user
,
:manage_project
,
gl_project
)
options
=
{
options
=
{
project_id:
project
.
id
,
project_id:
project
.
id
,
...
...
spec/models/ci/user_spec.rb
View file @
44261a5d
...
@@ -2,56 +2,6 @@ require 'spec_helper'
...
@@ -2,56 +2,6 @@ require 'spec_helper'
describe
Ci
::
User
do
describe
Ci
::
User
do
describe
"has_developer_access?"
do
before
do
@user
=
User
.
new
({})
end
let
(
:project_with_owner_access
)
do
{
"name"
=>
"gitlab-shell"
,
"permissions"
=>
{
"project_access"
=>
{
"access_level"
=>
10
,
"notification_level"
=>
3
},
"group_access"
=>
{
"access_level"
=>
50
,
"notification_level"
=>
3
}
}
}
end
let
(
:project_with_reporter_access
)
do
{
"name"
=>
"gitlab-shell"
,
"permissions"
=>
{
"project_access"
=>
{
"access_level"
=>
20
,
"notification_level"
=>
3
},
"group_access"
=>
{
"access_level"
=>
10
,
"notification_level"
=>
3
}
}
}
end
it
"returns false for reporter"
do
@user
.
stub
(
:project_info
).
and_return
(
project_with_reporter_access
)
@user
.
has_developer_access?
(
1
).
should
be_false
end
it
"returns true for owner"
do
@user
.
stub
(
:project_info
).
and_return
(
project_with_owner_access
)
@user
.
has_developer_access?
(
1
).
should
be_true
end
end
describe
"authorized_projects"
do
describe
"authorized_projects"
do
let
(
:user
)
{
User
.
new
({})
}
let
(
:user
)
{
User
.
new
({})
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment