Commit 43eeb31d authored by Sean McGivern's avatar Sean McGivern

Merge branch '3004-present-related-issues-to-anonymous-users' into 'master'

Present Related Issues widget for logged-out users when publicly available

Closes #3004

See merge request !2525
parents 18da1453 fc2b3320
......@@ -34,7 +34,7 @@ module EE
prevent :admin_issue_link
end
rule { can?(:guest_access) }.enable :read_issue_link
rule { can?(:read_issue) }.enable :read_issue_link
rule { can?(:reporter_access) }.policy do
enable :admin_board
......
---
title: Present Related Issues widget for logged-out users when available
merge_request:
author:
......@@ -25,6 +25,7 @@ The following table depicts the various user permission levels in a project.
| Create confidential issue | ✓ | ✓ | ✓ | ✓ | ✓ |
| View confidential issues | (✓) [^1] | ✓ | ✓ | ✓ | ✓ |
| Leave comments | ✓ | ✓ | ✓ | ✓ | ✓ |
| See related issues | ✓ | ✓ | ✓ | ✓ | ✓ |
| See a list of jobs | ✓ [^2] | ✓ | ✓ | ✓ | ✓ |
| See a job log | ✓ [^2] | ✓ | ✓ | ✓ | ✓ |
| Download and browse job artifacts | ✓ [^2] | ✓ | ✓ | ✓ | ✓ |
......@@ -38,6 +39,7 @@ The following table depicts the various user permission levels in a project.
| See a container registry | | ✓ | ✓ | ✓ | ✓ |
| See environments | | ✓ | ✓ | ✓ | ✓ |
| Create new environments | | | ✓ | ✓ | ✓ |
| Manage related issues | | ✓ | ✓ | ✓ | ✓ |
| Use environment terminals | | | | ✓ | ✓ |
| Stop environments | | | ✓ | ✓ | ✓ |
| See a list of merge requests | | ✓ | ✓ | ✓ | ✓ |
......
......@@ -6,8 +6,7 @@ Related issues are a bi-directional relationship between any two issues
and appear in a block below the issue description. Issues can be across groups
and projects.
The relationship only shows up in the UI if the user has write [permissions]
to see both issues (`> Guest`).
The relationship only shows up in the UI if the user can see both issues.
## Adding a related issue
......@@ -28,6 +27,11 @@ either issue.
![Removing a related issue](img/related_issues_remove.png)
Please access our [permissions] page for more information.
As an addition, you are also able to manage related issues through [our API].
[ee]: https://about.gitlab.com/gitlab-ee/
[ee-1797]: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/1797
[permissions]: ../../permissions.md
[Our API]: ../../../api/issue_links.md
......@@ -12,9 +12,114 @@ describe 'Related issues', :js do
let(:issue_project_unauthorized_a) { create(:issue, project: project_unauthorized) }
let(:user) { create(:user) }
context 'widget visibility' do
before do
stub_licensed_features(related_issues: true)
end
context 'when not logged in' do
it 'does not show widget when internal project' do
project = create :project_empty_repo, :internal
issue = create :issue, project: project
visit project_issue_path(project, issue)
expect(page).not_to have_css('.related-issues-block')
end
it 'does not show widget when private project' do
project = create :project_empty_repo, :private
issue = create :issue, project: project
visit project_issue_path(project, issue)
expect(page).not_to have_css('.related-issues-block')
end
it 'shows widget when public project' do
project = create :project_empty_repo, :public
issue = create :issue, project: project
visit project_issue_path(project, issue)
expect(page).to have_css('.related-issues-block')
end
end
context 'when logged in but not a member' do
before do
gitlab_sign_in(user)
end
it 'shows widget when internal project' do
project = create :project_empty_repo, :internal
issue = create :issue, project: project
visit project_issue_path(project, issue)
expect(page).to have_css('.related-issues-block')
end
it 'does not show widget when private project' do
project = create :project_empty_repo, :private
issue = create :issue, project: project
visit project_issue_path(project, issue)
expect(page).not_to have_css('.related-issues-block')
end
it 'shows widget when public project' do
project = create :project_empty_repo, :public
issue = create :issue, project: project
visit project_issue_path(project, issue)
expect(page).to have_css('.related-issues-block')
end
end
context 'when logged in and a member' do
before do
gitlab_sign_in(user)
end
it 'shows widget when internal project' do
project = create :project_empty_repo, :internal
issue = create :issue, project: project
project.add_guest(user)
visit project_issue_path(project, issue)
expect(page).to have_css('.related-issues-block')
end
it 'shows widget when private project' do
project = create :project_empty_repo, :private
issue = create :issue, project: project
project.add_guest(user)
visit project_issue_path(project, issue)
expect(page).to have_css('.related-issues-block')
end
it 'shows widget when public project' do
project = create :project_empty_repo, :public
issue = create :issue, project: project
project.add_guest(user)
visit project_issue_path(project, issue)
expect(page).to have_css('.related-issues-block')
end
end
end
context 'when user has no permission to update related issues' do
before do
sign_in(user)
project.add_guest(user)
gitlab_sign_in(user)
end
context 'with related_issues enabled' do
......@@ -59,7 +164,7 @@ describe 'Related issues', :js do
before do
project.add_master(user)
project_b.add_master(user)
sign_in(user)
gitlab_sign_in(user)
end
context 'with related_issues disabled' do
......
......@@ -142,7 +142,7 @@ describe ProjectPolicy do
context 'when a project has pending invites, and the current user is anonymous' do
let(:group) { create(:group, :public) }
let(:project) { create(:empty_project, :public, namespace: group) }
let(:user_permissions) { [:read_issue_link, :create_project, :create_issue, :create_note, :upload_file] }
let(:user_permissions) { [:create_project, :create_issue, :create_note, :upload_file] }
let(:anonymous_permissions) { guest_permissions - user_permissions }
subject { described_class.new(nil, project) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment