Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
46dff691
Commit
46dff691
authored
Feb 06, 2017
by
Douwe Maan
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
More backport
parent
426680de
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
178 additions
and
36 deletions
+178
-36
.flayignore
.flayignore
+1
-0
app/views/admin/users/_access_levels.html.haml
app/views/admin/users/_access_levels.html.haml
+13
-4
spec/models/user_spec.rb
spec/models/user_spec.rb
+33
-0
spec/policies/project_policy_spec.rb
spec/policies/project_policy_spec.rb
+30
-32
spec/policies/project_snippet_policy_spec.rb
spec/policies/project_snippet_policy_spec.rb
+101
-0
No files found.
.flayignore
View file @
46dff691
*.erb
lib/gitlab/sanitizers/svg/whitelist.rb
lib/gitlab/diff/position_tracer.rb
app/policies/project_policy.rb
app/views/admin/users/_access_levels.html.haml
View file @
46dff691
...
...
@@ -11,18 +11,27 @@
.form-group
=
f
.
label
:access_level
,
class:
'control-label'
.col-sm-10
=
f
.
radio_button
:access_level
,
:regular
,
disabled:
(
current_user
==
@user
&&
@user
.
is_admin?
)
-
editing_current_user
=
(
current_user
==
@user
)
=
f
.
radio_button
:access_level
,
:regular
,
disabled:
editing_current_user
=
label_tag
:regular
do
Regular
%p
.light
Regular users have access to their groups and projects
=
f
.
radio_button
:access_level
,
:admin
=
f
.
radio_button
:access_level
,
:admin
,
disabled:
editing_current_user
=
label_tag
:admin
do
Admin
%p
.light
Administrators have access to all groups, projects and users and can manage all features in this installation
-
if
editing_current_user
%p
.light
You cannot remove your own admin rights.
.form-group
=
f
.
label
:external
,
class:
'control-label'
.col-sm-10
=
f
.
check_box
:external
.col-sm-10
External users cannot see internal or private projects unless access is explicitly granted. Also, external users cannot create projects or groups.
.col-sm-10
=
f
.
check_box
:external
do
External
%p
.light
External users cannot see internal or private projects unless access is explicitly granted. Also, external users cannot create projects or groups.
spec/models/user_spec.rb
View file @
46dff691
...
...
@@ -1422,4 +1422,37 @@ describe User, models: true do
expect
(
user
.
project_authorizations
.
where
(
access_level:
Gitlab
::
Access
::
REPORTER
).
exists?
).
to
eq
(
true
)
end
end
describe
'#access_level='
do
let
(
:user
)
{
build
(
:user
)
}
it
'does nothing for an invalid access level'
do
user
.
access_level
=
:invalid_access_level
expect
(
user
.
access_level
).
to
eq
(
:regular
)
expect
(
user
.
admin
).
to
be
false
end
it
"assigns the 'admin' access level"
do
user
.
access_level
=
:admin
expect
(
user
.
access_level
).
to
eq
(
:admin
)
expect
(
user
.
admin
).
to
be
true
end
it
"doesn't clear existing access levels when an invalid access level is passed in"
do
user
.
access_level
=
:admin
user
.
access_level
=
:invalid_access_level
expect
(
user
.
access_level
).
to
eq
(
:admin
)
expect
(
user
.
admin
).
to
be
true
end
it
"accepts string values in addition to symbols"
do
user
.
access_level
=
'admin'
expect
(
user
.
access_level
).
to
eq
(
:admin
)
expect
(
user
.
admin
).
to
be
true
end
end
end
spec/policies/project_policy_spec.rb
View file @
46dff691
...
...
@@ -10,61 +10,59 @@ describe ProjectPolicy, models: true do
let
(
:project
)
{
create
(
:empty_project
,
:public
,
namespace:
owner
.
namespace
)
}
let
(
:guest_permissions
)
do
[
:read_project
,
:read_board
,
:read_list
,
:read_wiki
,
:read_issue
,
:read_label
,
:read_milestone
,
:read_project_snippet
,
:read_project_member
,
:read_note
,
:create_project
,
:create_issue
,
:create_note
,
:
upload_file
%i
[
read_project read_board read_list read_wiki read_issue read_label
read_milestone read_project_snippet read_project_member
read_note create_project create_issue create_note
upload_file
]
end
let
(
:reporter_permissions
)
do
[
:download_code
,
:fork_project
,
:create_project_snippet
,
:update_issue
,
:admin_issue
,
:admin_label
,
:admin_list
,
:read_commit_status
,
:read_build
,
:read_container_image
,
:read_pipeline
,
:read_environment
,
:read_deployment
,
:read_merge_request
,
:
download_wiki_code
%i
[
download_code fork_project create_project_snippet update_issue
admin_issue admin_label admin_list read_commit_status read_build
read_container_image read_pipeline read_environment read_deployment
read_merge_request
download_wiki_code
]
end
let
(
:team_member_reporter_permissions
)
do
[
:build_download_code
,
:build_read_container_image
]
%i[build_download_code build_read_container_image]
end
let
(
:developer_permissions
)
do
[
:admin_merge_request
,
:update_merge_request
,
:create_commit_status
,
:update_commit_status
,
:create_build
,
:update_build
,
:create_pipeline
,
:update_pipeline
,
:create_merge_request
,
:create_wiki
,
:push_code
,
:resolve_note
,
:create_container_image
,
:update_container_image
,
:create_environment
,
:
create_deployment
%i
[
admin_merge_request update_merge_request create_commit_status
update_commit_status create_build update_build create_pipeline
update_pipeline create_merge_request create_wiki push_code
resolve_note create_container_image update_container_image
create_environment
create_deployment
]
end
let
(
:master_permissions
)
do
[
:push_code_to_protected_branches
,
:update_project_snippet
,
:update_environment
,
:update_deployment
,
:admin_milestone
,
:admin_project_snippet
,
:admin_project_member
,
:admin_note
,
:admin_wiki
,
:admin_project
,
:admin_commit_status
,
:admin_build
,
:admin_container_image
,
:admin_pipeline
,
:admin_environment
,
:
admin_deployment
%i
[
push_code_to_protected_branches update_project_snippet update_environment
update_deployment admin_milestone admin_project_snippet
admin_project_member admin_note admin_wiki admin_project
admin_commit_status admin_build admin_container_image
admin_pipeline admin_environment
admin_deployment
]
end
let
(
:public_permissions
)
do
[
:download_code
,
:fork_project
,
:read_commit_status
,
:read_pipeline
,
:read_container_image
,
:build_download_code
,
:build_read_container_image
,
:
download_wiki_code
%i
[
download_code fork_project read_commit_status read_pipeline
read_container_image build_download_code build_read_container_image
download_wiki_code
]
end
let
(
:owner_permissions
)
do
[
:change_namespace
,
:change_visibility_level
,
:rename_project
,
:remove_project
,
:archive_project
,
:remove_fork_project
,
:destroy_merge_request
,
:
destroy_issue
%i
[
change_namespace change_visibility_level rename_project remove_project
archive_project remove_fork_project destroy_merge_request
destroy_issue
]
end
...
...
spec/policies/project_snippet_policy_spec.rb
0 → 100644
View file @
46dff691
require
'spec_helper'
describe
ProjectSnippetPolicy
,
models:
true
do
let
(
:current_user
)
{
create
(
:user
)
}
let
(
:author_permissions
)
do
[
:update_project_snippet
,
:admin_project_snippet
]
end
subject
{
described_class
.
abilities
(
current_user
,
project_snippet
).
to_set
}
context
'public snippet'
do
let
(
:project_snippet
)
{
create
(
:project_snippet
,
:public
)
}
context
'no user'
do
let
(
:current_user
)
{
nil
}
it
do
is_expected
.
to
include
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
end
end
context
'regular user'
do
it
do
is_expected
.
to
include
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
end
end
end
context
'internal snippet'
do
let
(
:project_snippet
)
{
create
(
:project_snippet
,
:internal
)
}
context
'no user'
do
let
(
:current_user
)
{
nil
}
it
do
is_expected
.
not_to
include
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
end
end
context
'regular user'
do
it
do
is_expected
.
to
include
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
end
end
end
context
'private snippet'
do
let
(
:project_snippet
)
{
create
(
:project_snippet
,
:private
)
}
context
'no user'
do
let
(
:current_user
)
{
nil
}
it
do
is_expected
.
not_to
include
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
end
end
context
'regular user'
do
it
do
is_expected
.
not_to
include
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
end
end
context
'snippet author'
do
let
(
:project_snippet
)
{
create
(
:project_snippet
,
:private
,
author:
current_user
)
}
it
do
is_expected
.
to
include
(
:read_project_snippet
)
is_expected
.
to
include
(
*
author_permissions
)
end
end
context
'project team member'
do
before
{
project_snippet
.
project
.
team
<<
[
current_user
,
:developer
]
}
it
do
is_expected
.
to
include
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
end
end
context
'admin user'
do
let
(
:current_user
)
{
create
(
:admin
)
}
it
do
is_expected
.
to
include
(
:read_project_snippet
)
is_expected
.
to
include
(
*
author_permissions
)
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment