Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
e8a77c0a
Commit
e8a77c0a
authored
Mar 31, 2016
by
Felipe Artur
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix code
parent
668d6ffa
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
8 additions
and
12 deletions
+8
-12
app/controllers/groups/group_members_controller.rb
app/controllers/groups/group_members_controller.rb
+2
-2
app/controllers/users_controller.rb
app/controllers/users_controller.rb
+3
-3
app/models/ability.rb
app/models/ability.rb
+0
-4
spec/controllers/groups/group_members_controller_spec.rb
spec/controllers/groups/group_members_controller_spec.rb
+1
-2
spec/controllers/users_controller_spec.rb
spec/controllers/users_controller_spec.rb
+2
-1
No files found.
app/controllers/groups/group_members_controller.rb
View file @
e8a77c0a
class
Groups::GroupMembersController
<
Groups
::
ApplicationController
class
Groups::GroupMembersController
<
Groups
::
ApplicationController
# Authorize
# Authorize
before_action
:authorize_admin_group_member!
,
except:
[
:index
,
:leave
]
before_action
:authorize_admin_group_member!
,
except:
[
:index
,
:leave
]
before_action
:authorize_read_group_members
,
only:
[
:index
]
before_action
:authorize_read_group_members
!
,
only:
[
:index
]
def
index
def
index
@project
=
@group
.
projects
.
find
(
params
[
:project_id
])
if
params
[
:project_id
]
@project
=
@group
.
projects
.
find
(
params
[
:project_id
])
if
params
[
:project_id
]
...
@@ -83,7 +83,7 @@ class Groups::GroupMembersController < Groups::ApplicationController
...
@@ -83,7 +83,7 @@ class Groups::GroupMembersController < Groups::ApplicationController
private
private
def
authorize_read_group_members
def
authorize_read_group_members
!
render_404
unless
can?
(
current_user
,
:read_group_members
,
@group
)
render_404
unless
can?
(
current_user
,
:read_group_members
,
@group
)
end
end
end
end
app/controllers/users_controller.rb
View file @
e8a77c0a
class
UsersController
<
ApplicationController
class
UsersController
<
ApplicationController
skip_before_action
:authenticate_user!
skip_before_action
:authenticate_user!
#TODO felipe_artur: Remove this "set_user" before action. It is not good to use before filters for loading database records.
before_action
:set_user
,
except:
[
:show
]
before_action
:set_user
,
except:
[
:show
]
before_action
:authorize_read_user
,
only:
[
:show
]
before_action
:authorize_read_user
!
,
only:
[
:show
]
def
show
def
show
respond_to
do
|
format
|
respond_to
do
|
format
|
...
@@ -76,7 +75,8 @@ class UsersController < ApplicationController
...
@@ -76,7 +75,8 @@ class UsersController < ApplicationController
end
end
private
private
def
authorize_read_user
def
authorize_read_user!
set_user
set_user
render_404
unless
can?
(
current_user
,
:read_user
,
@user
)
render_404
unless
can?
(
current_user
,
:read_user
,
@user
)
end
end
...
...
app/models/ability.rb
View file @
e8a77c0a
class
Ability
class
Ability
@public_restricted
=
nil
class
<<
self
class
<<
self
def
allowed
(
user
,
subject
)
def
allowed
(
user
,
subject
)
...
@@ -72,7 +71,6 @@ class Ability
...
@@ -72,7 +71,6 @@ class Ability
# Allow to read issues by anonymous user if issue is not confidential
# Allow to read issues by anonymous user if issue is not confidential
rules
<<
:read_issue
unless
subject
.
is_a?
(
Issue
)
&&
subject
.
confidential?
rules
<<
:read_issue
unless
subject
.
is_a?
(
Issue
)
&&
subject
.
confidential?
# Allow anonymous users to read project members if public is not a restricted level
rules
<<
:read_project_member
unless
restricted_public_level?
rules
<<
:read_project_member
unless
restricted_public_level?
rules
-
project_disabled_features_rules
(
project
)
rules
-
project_disabled_features_rules
(
project
)
...
@@ -100,7 +98,6 @@ class Ability
...
@@ -100,7 +98,6 @@ class Ability
if
group
if
group
rules
<<
[
:read_group
]
if
group
.
public?
rules
<<
[
:read_group
]
if
group
.
public?
# Allow anonymous users to read project members if public is not a restricted level
rules
<<
[
:read_group_members
]
unless
restricted_public_level?
rules
<<
[
:read_group_members
]
unless
restricted_public_level?
end
end
...
@@ -493,7 +490,6 @@ class Ability
...
@@ -493,7 +490,6 @@ class Ability
def
restricted_public_level?
def
restricted_public_level?
@public_restricted
||=
current_application_settings
.
restricted_visibility_levels
.
include?
(
Gitlab
::
VisibilityLevel
::
PUBLIC
)
@public_restricted
||=
current_application_settings
.
restricted_visibility_levels
.
include?
(
Gitlab
::
VisibilityLevel
::
PUBLIC
)
@public_restricted
end
end
def
named_abilities
(
name
)
def
named_abilities
(
name
)
...
...
spec/controllers/groups/group_members_controller_spec.rb
View file @
e8a77c0a
...
@@ -4,8 +4,7 @@ describe Groups::GroupMembersController do
...
@@ -4,8 +4,7 @@ describe Groups::GroupMembersController do
let
(
:user
)
{
create
(
:user
)
}
let
(
:user
)
{
create
(
:user
)
}
let
(
:group
)
{
create
(
:group
)
}
let
(
:group
)
{
create
(
:group
)
}
context
"when public visibility level is restricted"
do
context
"When public visibility level is restricted"
do
before
do
before
do
group
.
add_owner
(
user
)
group
.
add_owner
(
user
)
stub_application_setting
(
restricted_visibility_levels:
[
Gitlab
::
VisibilityLevel
::
PUBLIC
])
stub_application_setting
(
restricted_visibility_levels:
[
Gitlab
::
VisibilityLevel
::
PUBLIC
])
...
...
spec/controllers/users_controller_spec.rb
View file @
e8a77c0a
...
@@ -54,9 +54,10 @@ describe UsersController do
...
@@ -54,9 +54,10 @@ describe UsersController do
context
'when logged in'
do
context
'when logged in'
do
before
{
sign_in
(
user
)
}
before
{
sign_in
(
user
)
}
it
'renders
404
'
do
it
'renders
show
'
do
get
:show
,
username:
user
.
username
get
:show
,
username:
user
.
username
expect
(
response
.
status
).
to
eq
(
200
)
expect
(
response
.
status
).
to
eq
(
200
)
expect
(
response
).
to
render_template
(
'show'
)
end
end
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment