Code fixes
This commit is contained in:
Felipe Artur
parent
147879ae66
commit
07b38c3b38
5 changed files with 14 additions and 28 deletions
|
|
@ -1,7 +1,6 @@
|
|||
class Projects::ProjectMembersController < Projects::ApplicationController
|
||||
# Authorize
|
||||
before_action :authorize_admin_project_member!, except: :leave
|
||||
before_action :authorize_read_project_members, only: :index
|
||||
|
||||
def index
|
||||
@project_members = @project.project_members
|
||||
|
|
@ -113,10 +112,4 @@ class Projects::ProjectMembersController < Projects::ApplicationController
|
|||
def member_params
|
||||
params.require(:project_member).permit(:user_id, :access_level)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def authorize_read_project_members
|
||||
can?(current_user, :read_project_members, @project)
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
class UsersController < ApplicationController
|
||||
skip_before_action :authenticate_user!
|
||||
before_action :set_user, except: [:show]
|
||||
before_action :user
|
||||
before_action :authorize_read_user!, only: [:show]
|
||||
|
||||
def show
|
||||
|
|
@ -77,26 +77,25 @@ class UsersController < ApplicationController
|
|||
private
|
||||
|
||||
def authorize_read_user!
|
||||
set_user
|
||||
render_404 unless can?(current_user, :read_user, @user)
|
||||
render_404 unless can?(current_user, :read_user, user)
|
||||
end
|
||||
|
||||
def set_user
|
||||
@user = User.find_by_username!(params[:username])
|
||||
def user
|
||||
@user ||= User.find_by_username!(params[:username])
|
||||
end
|
||||
|
||||
def contributed_projects
|
||||
ContributedProjectsFinder.new(@user).execute(current_user)
|
||||
ContributedProjectsFinder.new(user).execute(current_user)
|
||||
end
|
||||
|
||||
def contributions_calendar
|
||||
@contributions_calendar ||= Gitlab::ContributionsCalendar.
|
||||
new(contributed_projects, @user)
|
||||
new(contributed_projects, user)
|
||||
end
|
||||
|
||||
def load_events
|
||||
# Get user activity feed for projects common for both users
|
||||
@events = @user.recent_events.
|
||||
@events = user.recent_events.
|
||||
merge(projects_for_current_user).
|
||||
references(:project).
|
||||
with_associations.
|
||||
|
|
@ -105,16 +104,16 @@ class UsersController < ApplicationController
|
|||
|
||||
def load_projects
|
||||
@projects =
|
||||
PersonalProjectsFinder.new(@user).execute(current_user)
|
||||
PersonalProjectsFinder.new(user).execute(current_user)
|
||||
.page(params[:page])
|
||||
end
|
||||
|
||||
def load_contributed_projects
|
||||
@contributed_projects = contributed_projects.joined(@user)
|
||||
@contributed_projects = contributed_projects.joined(user)
|
||||
end
|
||||
|
||||
def load_groups
|
||||
@groups = JoinedGroupsFinder.new(@user).execute(current_user)
|
||||
@groups = JoinedGroupsFinder.new(user).execute(current_user)
|
||||
end
|
||||
|
||||
def projects_for_current_user
|
||||
|
|
|
|||
|
|
@ -1,5 +1,4 @@
|
|||
class Ability
|
||||
|
||||
class << self
|
||||
def allowed(user, subject)
|
||||
return anonymous_abilities(user, subject) if user.nil?
|
||||
|
|
@ -58,7 +57,6 @@ class Ability
|
|||
:read_label,
|
||||
:read_milestone,
|
||||
:read_project_snippet,
|
||||
:read_project_member,
|
||||
:read_merge_request,
|
||||
:read_note,
|
||||
:read_commit_status,
|
||||
|
|
@ -71,8 +69,6 @@ class Ability
|
|||
# Allow to read issues by anonymous user if issue is not confidential
|
||||
rules << :read_issue unless subject.is_a?(Issue) && subject.confidential?
|
||||
|
||||
rules << :read_project_member unless restricted_public_level?
|
||||
|
||||
rules - project_disabled_features_rules(project)
|
||||
else
|
||||
[]
|
||||
|
|
@ -96,9 +92,8 @@ class Ability
|
|||
end
|
||||
|
||||
if group
|
||||
rules << [:read_group] if group.public?
|
||||
|
||||
rules << [:read_group_members] unless restricted_public_level?
|
||||
rules << :read_group if group.public?
|
||||
rules << :read_group_members unless restricted_public_level?
|
||||
end
|
||||
|
||||
rules
|
||||
|
|
@ -156,7 +151,6 @@ class Ability
|
|||
rules -= project_archived_rules
|
||||
end
|
||||
|
||||
rules << :read_project_members
|
||||
rules - project_disabled_features_rules(project)
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -77,7 +77,7 @@
|
|||
Merge Requests
|
||||
%span.count.merge_counter= number_with_delimiter(@project.merge_requests.opened.count)
|
||||
|
||||
- if project_nav_tab?(:settings) && can?(current_user, :read_project_members, @project)
|
||||
- if project_nav_tab?(:settings)
|
||||
= nav_link(controller: [:project_members, :teams]) do
|
||||
= link_to namespace_project_project_members_path(@project.namespace, @project), title: 'Members', class: 'team-tab tab' do
|
||||
= icon('users fw')
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ describe UsersController do
|
|||
end
|
||||
end
|
||||
|
||||
context 'When public visibility level is restricted' do
|
||||
context 'when public visibility level is restricted' do
|
||||
before do
|
||||
stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in a new issue