Commit dbdeccdd authored by Robert Speicher's avatar Robert Speicher Committed by Robert Speicher

Merge branch 'fix-access-to-pipelines-for-anonymous' into 'master'

Allow anonymous user to access pipelines

## What does this MR do?

It fixes an issue where the Pipelines is shown for the Anonymous users,
but they get 404 when clicked. Their session is then logged out.

Fixes #17717.

See merge request !4233
parent c2911ca4
...@@ -2,6 +2,7 @@ Please view this file on the master branch, on stable branches it's out of date. ...@@ -2,6 +2,7 @@ Please view this file on the master branch, on stable branches it's out of date.
v 8.8.1 v 8.8.1
- Add documentation for the "Health Check" feature - Add documentation for the "Health Check" feature
- Allow anonymous users to access a public project's pipelines
- Fix MySQL compatibility in zero downtime migrations helpers - Fix MySQL compatibility in zero downtime migrations helpers
- Fix the CI login to Container Registry (the gitlab-ci-token user) - Fix the CI login to Container Registry (the gitlab-ci-token user)
......
...@@ -144,6 +144,10 @@ module ProjectsHelper ...@@ -144,6 +144,10 @@ module ProjectsHelper
nav_tabs << :merge_requests nav_tabs << :merge_requests
end end
if can?(current_user, :read_pipeline, project)
nav_tabs << :pipelines
end
if can?(current_user, :read_build, project) if can?(current_user, :read_build, project)
nav_tabs << :builds nav_tabs << :builds
end end
......
...@@ -60,6 +60,7 @@ class Ability ...@@ -60,6 +60,7 @@ class Ability
:read_project_member, :read_project_member,
:read_merge_request, :read_merge_request,
:read_note, :read_note,
:read_pipeline,
:read_commit_status, :read_commit_status,
:read_container_image, :read_container_image,
:download_code :download_code
......
...@@ -38,7 +38,7 @@ ...@@ -38,7 +38,7 @@
%span %span
Commits Commits
- if project_nav_tab? :builds - if project_nav_tab? :pipelines
= nav_link(controller: :pipelines) do = nav_link(controller: :pipelines) do
= link_to project_pipelines_path(@project), title: 'Pipelines', class: 'shortcuts-pipelines' do = link_to project_pipelines_path(@project), title: 'Pipelines', class: 'shortcuts-pipelines' do
= icon('ship fw') = icon('ship fw')
...@@ -46,6 +46,7 @@ ...@@ -46,6 +46,7 @@
Pipelines Pipelines
%span.count.ci_counter= number_with_delimiter(@project.ci_commits.running_or_pending.count) %span.count.ci_counter= number_with_delimiter(@project.ci_commits.running_or_pending.count)
- if project_nav_tab? :builds
= nav_link(controller: %w(builds)) do = nav_link(controller: %w(builds)) do
= link_to project_builds_path(@project), title: 'Builds', class: 'shortcuts-builds' do = link_to project_builds_path(@project), title: 'Builds', class: 'shortcuts-builds' do
= icon('cubes fw') = icon('cubes fw')
......
...@@ -24,6 +24,12 @@ describe "Pipelines" do ...@@ -24,6 +24,12 @@ describe "Pipelines" do
end end
end end
context 'anonymous access' do
before { visit namespace_project_pipelines_path(project.namespace, project) }
it { expect(page).to have_http_status(:success) }
end
context 'cancelable pipeline' do context 'cancelable pipeline' do
let!(:running) { create(:ci_build, :running, commit: pipeline, stage: 'test', commands: 'test') } let!(:running) { create(:ci_build, :running, commit: pipeline, stage: 'test', commands: 'test') }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment