Commit e71ce77e authored by Rémy Coutable's avatar Rémy Coutable

Ensure group/project owners can see their members' access_level

When you are the last owner of a group or the owner of a project,
you don't have the :update_<source>_member / :destroy_<source>_member
abilities, but you do have the :admin_<source>_member so you should
be able to see your members access levels.
Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
parent b2dc9176
...@@ -6,6 +6,12 @@ module MembersHelper ...@@ -6,6 +6,12 @@ module MembersHelper
"#{action}_#{member.type.underscore}".to_sym "#{action}_#{member.type.underscore}".to_sym
end end
def default_show_roles(member)
can?(current_user, action_member_permission(:update, member), member) ||
can?(current_user, action_member_permission(:destroy, member), member) ||
can?(current_user, action_member_permission(:admin, member), member.source)
end
def remove_member_message(member, user: nil) def remove_member_message(member, user: nil)
user = current_user if defined?(current_user) user = current_user if defined?(current_user)
......
- default_show_roles = can?(current_user, action_member_permission(:update, member), member) || can?(current_user, action_member_permission(:destroy, member), member) - show_roles = local_assigns.fetch(:show_roles, default_show_roles(member))
- show_roles = local_assigns.fetch(:show_roles, default_show_roles)
- show_controls = local_assigns.fetch(:show_controls, true) - show_controls = local_assigns.fetch(:show_controls, true)
- user = member.user - user = member.user
......
...@@ -9,6 +9,54 @@ describe MembersHelper do ...@@ -9,6 +9,54 @@ describe MembersHelper do
it { expect(action_member_permission(:admin, group_member)).to eq :admin_group_member } it { expect(action_member_permission(:admin, group_member)).to eq :admin_group_member }
end end
describe '#default_show_roles' do
let(:user) { double }
let(:member) { build(:project_member) }
before do
allow(helper).to receive(:current_user).and_return(user)
allow(helper).to receive(:can?).with(user, :update_project_member, member).and_return(false)
allow(helper).to receive(:can?).with(user, :destroy_project_member, member).and_return(false)
allow(helper).to receive(:can?).with(user, :admin_project_member, member.source).and_return(false)
end
context 'when the current cannot update, destroy or admin the passed member' do
it 'returns false' do
expect(helper.default_show_roles(member)).to be_falsy
end
end
context 'when the current can update the passed member' do
before do
allow(helper).to receive(:can?).with(user, :update_project_member, member).and_return(true)
end
it 'returns true' do
expect(helper.default_show_roles(member)).to be_truthy
end
end
context 'when the current can destroy the passed member' do
before do
allow(helper).to receive(:can?).with(user, :destroy_project_member, member).and_return(true)
end
it 'returns true' do
expect(helper.default_show_roles(member)).to be_truthy
end
end
context 'when the current can admin the passed member source' do
before do
allow(helper).to receive(:can?).with(user, :admin_project_member, member.source).and_return(true)
end
it 'returns true' do
expect(helper.default_show_roles(member)).to be_truthy
end
end
end
describe '#remove_member_message' do describe '#remove_member_message' do
let(:requester) { build(:user) } let(:requester) { build(:user) }
let(:project) { create(:project) } let(:project) { create(:project) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment