Skip to content

G
gitlab-ce
Commit e2be8c82 authored by Nourdin el Bacha's avatar Nourdin el Bacha Committed by Markus Koller
Browse files
Options

Conditionally render create project button 

This commit checks whether the current user is allowed to create a
project prior to rendering the button.
It also return a `404` error for the Project#new method when the current
user is not allowed to create a new project.

Closes https://gitlab.com/gitlab-org/gitlab/-/issues/333450

Changelog: fixed
parent 2afa9308
Show whitespace changes
Inline Side-by-side
Showing with 33 additions and 1 deletion
app/controllers/projects_controller.rb
View file @ e2be8c82
...@@ -54,6 +54,8 @@ class ProjectsController < Projects::ApplicationController ...@@ -54,6 +54,8 @@ class ProjectsController < Projects::ApplicationController
# rubocop: disable CodeReuse/ActiveRecord # rubocop: disable CodeReuse/ActiveRecord
def new def new
return access_denied! unless current_user.can_create_project?
@namespace = Namespace.find_by(id: params[:namespace_id]) if params[:namespace_id] @namespace = Namespace.find_by(id: params[:namespace_id]) if params[:namespace_id]
return access_denied! if @namespace && !can?(current_user, :create_projects, @namespace) return access_denied! if @namespace && !can?(current_user, :create_projects, @namespace)
......
app/helpers/nav/top_nav_helper.rb
View file @ e2be8c82
...@@ -267,7 +267,11 @@ module Nav ...@@ -267,7 +267,11 @@ module Nav
builder.add_primary_menu_item(id: 'your', title: _('Your projects'), href: dashboard_projects_path) builder.add_primary_menu_item(id: 'your', title: _('Your projects'), href: dashboard_projects_path)
builder.add_primary_menu_item(id: 'starred', title: _('Starred projects'), href: starred_dashboard_projects_path) builder.add_primary_menu_item(id: 'starred', title: _('Starred projects'), href: starred_dashboard_projects_path)
builder.add_primary_menu_item(id: 'explore', title: _('Explore projects'), href: explore_root_path) builder.add_primary_menu_item(id: 'explore', title: _('Explore projects'), href: explore_root_path)
if current_user.can_create_project?
builder.add_secondary_menu_item(id: 'create', title: _('Create new project'), href: new_project_path) builder.add_secondary_menu_item(id: 'create', title: _('Create new project'), href: new_project_path)
end
builder.build builder.build
end end
......
spec/controllers/projects_controller_spec.rb
View file @ e2be8c82
...@@ -42,6 +42,32 @@ RSpec.describe ProjectsController do ...@@ -42,6 +42,32 @@ RSpec.describe ProjectsController do
expect(response).not_to render_template('new') expect(response).not_to render_template('new')
end end
end end
context 'when user is an external user' do
let_it_be(:user) { create(:user, external: true) }
it 'responds with status 404' do
group.add_owner(user)
get :new, params: { namespace_id: group.id }
expect(response).to have_gitlab_http_status(:not_found)
expect(response).not_to render_template('new')
end
end
context 'when user is a group guest' do
let_it_be(:user) { create(:user) }
it 'responds with status 404' do
group.add_guest(user)
get :new, params: { namespace_id: group.id }
expect(response).to have_gitlab_http_status(:not_found)
expect(response).not_to render_template('new')
end
end
end end
end end
end end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7