Commit 633e9f31 authored by Grzegorz Bizon's avatar Grzegorz Bizon

Merge branch '54850-pages-domain-show-view-is-not-protected-by-access-control' into 'master'

Fix access to pages domain settings

Closes #54850

See merge request gitlab-org/gitlab-ce!24926
parents a68ff6d6 13d2d198
...@@ -4,7 +4,7 @@ class Projects::PagesDomainsController < Projects::ApplicationController ...@@ -4,7 +4,7 @@ class Projects::PagesDomainsController < Projects::ApplicationController
layout 'project_settings' layout 'project_settings'
before_action :require_pages_enabled! before_action :require_pages_enabled!
before_action :authorize_update_pages!, except: [:show] before_action :authorize_update_pages!
before_action :domain, except: [:new, :create] before_action :domain, except: [:new, :create]
def show def show
......
---
title: Require maintainer access to show pages domain settings
merge_request: 24926
author:
type: fixed
...@@ -23,12 +23,27 @@ describe Projects::PagesDomainsController do ...@@ -23,12 +23,27 @@ describe Projects::PagesDomainsController do
end end
describe 'GET show' do describe 'GET show' do
it "displays the 'show' page" do def make_request
get(:show, params: request_params.merge(id: pages_domain.domain)) get(:show, params: request_params.merge(id: pages_domain.domain))
end
it "displays the 'show' page" do
make_request
expect(response).to have_gitlab_http_status(200) expect(response).to have_gitlab_http_status(200)
expect(response).to render_template('show') expect(response).to render_template('show')
end end
context 'when user is developer' do
before do
project.add_developer(user)
end
it 'renders 404 page' do
make_request
expect(response).to have_gitlab_http_status(404)
end
end
end end
describe 'GET new' do describe 'GET new' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment