Commit f329d34f authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Fix group projects fetch

Signed-off-by: default avatarDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
parent 8f259c5e
...@@ -5,7 +5,7 @@ class GroupsController < ApplicationController ...@@ -5,7 +5,7 @@ class GroupsController < ApplicationController
# Authorize # Authorize
before_filter :authorize_read_group!, except: [:new, :create] before_filter :authorize_read_group!, except: [:new, :create]
before_filter :authorize_admin_group!, only: [:edit, :update, :destroy] before_filter :authorize_admin_group!, only: [:edit, :update, :destroy, :projects]
before_filter :authorize_create_group!, only: [:new, :create] before_filter :authorize_create_group!, only: [:new, :create]
# Load group projects # Load group projects
...@@ -108,12 +108,12 @@ class GroupsController < ApplicationController ...@@ -108,12 +108,12 @@ class GroupsController < ApplicationController
end end
def project_ids def project_ids
projects.pluck(:id) @projects.pluck(:id)
end end
# Dont allow unauthorized access to group # Dont allow unauthorized access to group
def authorize_read_group! def authorize_read_group!
unless @group and (projects.present? or can?(current_user, :read_group, @group)) unless @group and (@projects.present? or can?(current_user, :read_group, @group))
if current_user.nil? if current_user.nil?
return authenticate_user! return authenticate_user!
else else
......
...@@ -82,5 +82,17 @@ describe "Group access", feature: true do ...@@ -82,5 +82,17 @@ describe "Group access", feature: true do
it { should be_denied_for :user } it { should be_denied_for :user }
it { should be_denied_for :visitor } it { should be_denied_for :visitor }
end end
describe "GET /groups/:path/projects" do
subject { projects_group_path(group) }
it { should be_allowed_for owner }
it { should be_denied_for master }
it { should be_denied_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment