Commit cabc131c authored by Phil Hughes's avatar Phil Hughes

Stop unauthized users dragging on issue boards

Closes #23763
parent f289983d
...@@ -24,6 +24,7 @@ Please view this file on the master branch, on stable branches it's out of date. ...@@ -24,6 +24,7 @@ Please view this file on the master branch, on stable branches it's out of date.
- Expire and build repository cache after project import - Expire and build repository cache after project import
- Fix 404 for group pages when GitLab setup uses relative url - Fix 404 for group pages when GitLab setup uses relative url
- Simpler arguments passed to named_route on toggle_award_url helper method - Simpler arguments passed to named_route on toggle_award_url helper method
- Fix unauthorized users dragging on issue boards
- Better handle when no users were selected for adding to group or project. (Linus Thiel) - Better handle when no users were selected for adding to group or project. (Linus Thiel)
- Only show register tab if signup enabled. - Only show register tab if signup enabled.
......
...@@ -5,7 +5,7 @@ module BoardsHelper ...@@ -5,7 +5,7 @@ module BoardsHelper
{ {
endpoint: namespace_project_boards_path(@project.namespace, @project), endpoint: namespace_project_boards_path(@project.namespace, @project),
board_id: board.id, board_id: board.id,
disabled: !can?(current_user, :admin_list, @project), disabled: "#{!can?(current_user, :admin_list, @project)}",
issue_link_base: namespace_project_issues_path(@project.namespace, @project) issue_link_base: namespace_project_issues_path(@project.namespace, @project)
} }
end end
......
...@@ -624,6 +624,10 @@ describe 'Issue Boards', feature: true, js: true do ...@@ -624,6 +624,10 @@ describe 'Issue Boards', feature: true, js: true do
it 'does not show create new list' do it 'does not show create new list' do
expect(page).not_to have_selector('.js-new-board-list') expect(page).not_to have_selector('.js-new-board-list')
end end
it 'does not allow dragging' do
expect(page).not_to have_selector('.user-can-drag')
end
end end
context 'as guest user' do context 'as guest user' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment