Merge branch 'boards-dropdown-hide-options' into 'master'

Hides multiple board actions if user doesnt have permissions Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23678 See merge request !816

Merge branch 'boards-dropdown-hide-options' into 'master'
Hides multiple board actions if user doesnt have permissions Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23678 See merge request !816
2724a950 · Sean McGivern · dee938f1 · bf786eb5 · 2724a950 · 2724a950
Commit 2724a950 authored Oct 25, 2016 by Sean McGivern
4 changed files
--- a/CHANGELOG-EE.md
+++ b/CHANGELOG-EE.md
@@ -3,6 +3,7 @@ Please view this file on the master branch, on stable branches it's out of date.
 ## 8.13.1
  - Fix Elasticsearch::Transport::Transport::Errors::BadRequest when ES is enabled. #21036
+  - Hides multiple board actions if user doesnt have permissions
 ## 8.13.0 (2016-10-22)

--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -58,6 +58,7 @@ class ProjectPolicy < BasePolicy
    can! :update_issue
    can! :admin_issue
    can! :admin_label
+    can! :admin_board
    can! :admin_list
    can! :read_commit_status
    can! :read_build

--- a/app/views/projects/boards/_title.html.haml
+++ b/app/views/projects/boards/_title.html.haml
@@ -23,39 +23,41 @@
              {{ board.name }}
      .dropdown-loading{ "v-if" => "loading" }
        = icon("spin spinner")
-      %board-selector-form{ "inline-template" => true,
+      - if can?(current_user, :admin_board, @project)
-        "v-if" => "currentPage === 'edit'",
+        %board-selector-form{ "inline-template" => true,
-        "type" => "edit",
+          "v-if" => "currentPage === 'edit'",
-        ":current-board.sync" => "currentBoard",
+          "type" => "edit",
-        ":current-page.sync" => "currentPage",
+          ":current-board.sync" => "currentBoard",
-        ":reload.sync" => "reload" }
+          ":current-page.sync" => "currentPage",
-        = render "projects/boards/components/form"
+          ":reload.sync" => "reload" }
-      %board-selector-form{ "inline-template" => true,
+          = render "projects/boards/components/form"
-        "v-if" => "currentPage === 'new'",
+        %board-selector-form{ "inline-template" => true,
-        "type" => "new",
+          "v-if" => "currentPage === 'new'",
-        ":current-page.sync" => "currentPage",
+          "type" => "new",
-        ":reload.sync" => "reload" }
+          ":current-page.sync" => "currentPage",
-        = render "projects/boards/components/form"
+          ":reload.sync" => "reload" }
-      .dropdown-content.board-selector-page-two{ "v-if" => "currentPage === 'delete'" }
+          = render "projects/boards/components/form"
-        %p
+        .dropdown-content.board-selector-page-two{ "v-if" => "currentPage === 'delete'" }
-          Are you sure you want to delete this board?
+          %p
-        .board-delete-btns.clearfix
+            Are you sure you want to delete this board?
-          = link_to "",
+          .board-delete-btns.clearfix
-            class: "btn btn-danger pull-left",
+            = link_to "",
-            method: :delete,
+              class: "btn btn-danger pull-left",
-            ":href" => "'#{namespace_project_boards_path(@project.namespace, @project)}/' + currentBoard.id" do
+              method: :delete,
-            Delete
+              ":href" => "'#{namespace_project_boards_path(@project.namespace, @project)}/' + currentBoard.id" do
-          %button.btn.btn-default.pull-right{ type: "button",
+              Delete
-            "@click.stop.prevent" => "currentPage = ''" }
+            %button.btn.btn-default.pull-right{ type: "button",
-            Cancel
+              "@click.stop.prevent" => "currentPage = ''" }
-      .dropdown-footer{ "v-if" => "currentPage === ''" }
+              Cancel
-        %ul.dropdown-footer-list
+      - if can?(current_user, :admin_board, @project)
-          %li
+        .dropdown-footer{ "v-if" => "currentPage === ''" }
-            %a{ "href" => "#", "@click.stop.prevent" => "showPage('new')" }
+          %ul.dropdown-footer-list
-              Create new board
+            %li
-          %li
+              %a{ "href" => "#", "@click.stop.prevent" => "showPage('new')" }
-            %a{ "href" => "#", "@click.stop.prevent" => "showPage('edit')" }
+                Create new board
-              Edit board name
+            %li
-          %li{ "v-if" => "showDelete" }
+              %a{ "href" => "#", "@click.stop.prevent" => "showPage('edit')" }
-            %a.text-danger{ "href" => "#", "@click.stop.prevent" => "showPage('delete')" }
+                Edit board name
-              Delete board
+            %li{ "v-if" => "showDelete" }
+              %a.text-danger{ "href" => "#", "@click.stop.prevent" => "showPage('delete')" }
+                Delete board
--- a/spec/features/boards/multiple_boards_spec.rb
+++ b/spec/features/boards/multiple_boards_spec.rb
@@ -10,136 +10,155 @@ describe 'Multiple Issue Boards', feature: true, js: true do
  let!(:board)    { create(:board, project: project) }
  let!(:board2)   { create(:board, project: project) }
-  before do
+  context 'authorized user' do
-    project.team << [user, :master]
+    before do
+      project.team << [user, :master]
-    login_as(user)
+      login_as(user)
-    visit namespace_project_boards_path(project.namespace, project)
+      visit namespace_project_boards_path(project.namespace, project)
-    wait_for_vue_resource
+      wait_for_vue_resource
-  end
+    end
-  it 'shows current board name' do
+    it 'shows current board name' do
-    page.within('.boards-switcher') do
+      page.within('.boards-switcher') do
-      expect(page).to have_content(board.name)
+        expect(page).to have_content(board.name)
+      end
    end
-  end
-  it 'shows a list of boards' do
+    it 'shows a list of boards' do
-    click_button board.name
+      click_button board.name
-    page.within('.boards-title-holder .dropdown-menu') do
+      page.within('.boards-title-holder .dropdown-menu') do
-      expect(page).to have_content(board.name)
+        expect(page).to have_content(board.name)
-      expect(page).to have_content(board2.name)
+        expect(page).to have_content(board2.name)
+      end
    end
-  end
-  it 'switches current board' do
+    it 'switches current board' do
-    click_button board.name
+      click_button board.name
-    page.within('.boards-title-holder .dropdown-menu') do
+      page.within('.boards-title-holder .dropdown-menu') do
-      click_link board2.name
+        click_link board2.name
-    end
+      end
-    wait_for_vue_resource
+      wait_for_vue_resource
-    page.within('.boards-switcher') do
+      page.within('.boards-switcher') do
-      expect(page).to have_content(board2.name)
+        expect(page).to have_content(board2.name)
+      end
    end
-  end
-  it 'creates new board' do
+    it 'creates new board' do
-    click_button board.name
+      click_button board.name
-    page.within('.boards-title-holder .dropdown-menu') do
+      page.within('.boards-title-holder .dropdown-menu') do
-      click_link 'Edit board name'
+        click_link 'Edit board name'
-      fill_in 'board-new-name', with: 'Testing'
+        fill_in 'board-new-name', with: 'Testing'
-      click_button 'Save'
+        click_button 'Save'
-    end
+      end
-    wait_for_vue_resource
+      wait_for_vue_resource
-    page.within('.boards-title-holder .dropdown-menu') do
+      page.within('.boards-title-holder .dropdown-menu') do
-      expect(page).to have_content('Testing')
+        expect(page).to have_content('Testing')
+      end
    end
-  end
-  it 'edits board name' do
+    it 'edits board name' do
-    click_button board.name
+      click_button board.name
-    page.within('.boards-title-holder .dropdown-menu') do
+      page.within('.boards-title-holder .dropdown-menu') do
-      click_link 'Edit board name'
+        click_link 'Edit board name'
-      fill_in 'board-new-name', with: 'Testing'
+        fill_in 'board-new-name', with: 'Testing'
-      click_button 'Save'
+        click_button 'Save'
-    end
+      end
-    wait_for_vue_resource
+      wait_for_vue_resource
-    page.within('.boards-title-holder .dropdown-menu') do
+      page.within('.boards-title-holder .dropdown-menu') do
-      expect(page).to have_content('Testing')
+        expect(page).to have_content('Testing')
+      end
    end
-  end
-  it 'deletes board' do
+    it 'deletes board' do
-    click_button board.name
+      click_button board.name
-    wait_for_vue_resource
+      wait_for_vue_resource
-    page.within('.boards-title-holder .dropdown-menu') do
+      page.within('.boards-title-holder .dropdown-menu') do
-      click_link 'Delete board'
+        click_link 'Delete board'
-      page.within('.dropdown-title') do
+        page.within('.dropdown-title') do
-        expect(page).to have_content('Delete board')
+          expect(page).to have_content('Delete board')
+        end
+        click_link 'Delete'
      end
-      click_link 'Delete'
+      click_button board2.name
+      page.within('.boards-title-holder .dropdown-menu') do
+        expect(page).not_to have_content(board.name)
+        expect(page).to have_content(board2.name)
+      end
    end
-    click_button board2.name
+    it 'adds a list to the none default board' do
+      click_button board.name
-    page.within('.boards-title-holder .dropdown-menu') do
+      page.within('.boards-title-holder .dropdown-menu') do
-      expect(page).not_to have_content(board.name)
+        click_link board2.name
-      expect(page).to have_content(board2.name)
+      end
-    end
-  end
-  it 'adds a list to the none default board' do
+      wait_for_vue_resource
-    click_button board.name
-    page.within('.boards-title-holder .dropdown-menu') do
+      page.within('.boards-switcher') do
-      click_link board2.name
+        expect(page).to have_content(board2.name)
-    end
+      end
-    wait_for_vue_resource
+      click_button 'Create new list'
-    page.within('.boards-switcher') do
+      wait_for_ajax
-      expect(page).to have_content(board2.name)
-    end
-    click_button 'Create new list'
+      page.within '.dropdown-menu-issues-board-new' do
+        click_link planning.title
+      end
-    wait_for_ajax
+      wait_for_vue_resource
-    page.within '.dropdown-menu-issues-board-new' do
+      expect(page).to have_selector('.board', count: 3)
-      click_link planning.title
-    end
-    wait_for_vue_resource
+      click_button board2.name
+      page.within('.boards-title-holder .dropdown-menu') do
+        click_link board.name
+      end
-    expect(page).to have_selector('.board', count: 3)
+      wait_for_vue_resource
-    click_button board2.name
+      expect(page).to have_selector('.board', count: 2)
+    end
+  end
-    page.within('.boards-title-holder .dropdown-menu') do
+  context 'unauthorized user' do
-      click_link board.name
+    before do
+      visit namespace_project_boards_path(project.namespace, project)
+      wait_for_vue_resource
    end
-    wait_for_vue_resource
+    it 'does not show action links' do
+      click_button board.name
-    expect(page).to have_selector('.board', count: 2)
+      page.within('.boards-title-holder .dropdown-menu') do
+        expect(page).not_to have_content('Create new board')
+        expect(page).not_to have_content('Edit board name')
+        expect(page).not_to have_content('Delete board')
+      end
+    end
  end
 end