Fix 403 Access Denied error messages when accessing Labels section in a project that has MRs disabled but issues enabled
Closes #1813
This commit is contained in:
parent
89bcc1baf0
commit
07efb17e10
|
@ -140,11 +140,6 @@ class ApplicationController < ActionController::Base
|
||||||
return access_denied! unless can?(current_user, action, project)
|
return access_denied! unless can?(current_user, action, project)
|
||||||
end
|
end
|
||||||
|
|
||||||
def authorize_labels!
|
|
||||||
# Labels should be accessible for issues and/or merge requests
|
|
||||||
authorize_read_issue! || authorize_read_merge_request!
|
|
||||||
end
|
|
||||||
|
|
||||||
def access_denied!
|
def access_denied!
|
||||||
render "errors/access_denied", layout: "errors", status: 404
|
render "errors/access_denied", layout: "errors", status: 404
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
class Projects::LabelsController < Projects::ApplicationController
|
class Projects::LabelsController < Projects::ApplicationController
|
||||||
before_action :module_enabled
|
before_action :module_enabled
|
||||||
before_action :label, only: [:edit, :update, :destroy]
|
before_action :label, only: [:edit, :update, :destroy]
|
||||||
before_action :authorize_labels!
|
before_action :authorize_read_label!
|
||||||
before_action :authorize_admin_labels!, except: [:index]
|
before_action :authorize_admin_labels!, except: [:index]
|
||||||
|
|
||||||
respond_to :js, :html
|
respond_to :js, :html
|
||||||
|
|
|
@ -138,6 +138,7 @@ class Ability
|
||||||
:read_project,
|
:read_project,
|
||||||
:read_wiki,
|
:read_wiki,
|
||||||
:read_issue,
|
:read_issue,
|
||||||
|
:read_label,
|
||||||
:read_milestone,
|
:read_milestone,
|
||||||
:read_project_snippet,
|
:read_project_snippet,
|
||||||
:read_project_member,
|
:read_project_member,
|
||||||
|
|
|
@ -30,4 +30,44 @@ describe ApplicationController do
|
||||||
controller.send(:check_password_expiration)
|
controller.send(:check_password_expiration)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'check labels authorization' do
|
||||||
|
let(:project) { create(:project) }
|
||||||
|
let(:user) { create(:user) }
|
||||||
|
let(:controller) { ApplicationController.new }
|
||||||
|
|
||||||
|
before do
|
||||||
|
project.team << [user, :guest]
|
||||||
|
allow(controller).to receive(:current_user).and_return(user)
|
||||||
|
allow(controller).to receive(:project).and_return(project)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should succeed if issues and MRs are enabled' do
|
||||||
|
project.issues_enabled = true
|
||||||
|
project.merge_requests_enabled = true
|
||||||
|
controller.send(:authorize_read_label!)
|
||||||
|
expect(response.status).to eq(200)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should succeed if issues are enabled, MRs are disabled' do
|
||||||
|
project.issues_enabled = true
|
||||||
|
project.merge_requests_enabled = false
|
||||||
|
controller.send(:authorize_read_label!)
|
||||||
|
expect(response.status).to eq(200)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should succeed if issues are disabled, MRs are enabled' do
|
||||||
|
project.issues_enabled = false
|
||||||
|
project.merge_requests_enabled = true
|
||||||
|
controller.send(:authorize_read_label!)
|
||||||
|
expect(response.status).to eq(200)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should fail if issues and MRs are disabled' do
|
||||||
|
project.issues_enabled = false
|
||||||
|
project.merge_requests_enabled = false
|
||||||
|
expect(controller).to receive(:access_denied!)
|
||||||
|
controller.send(:authorize_read_label!)
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue