Remove group members check

2016-04-07 16:36:26 -03:00 · 2016-04-07 16:36:26 -03:00 · 09c8cf9de6
commit 09c8cf9de6
parent ce96d482d9
5 changed files with 14 additions and 24 deletions
--- a/app/controllers/groups/group_members_controller.rb
+++ b/app/controllers/groups/group_members_controller.rb
@ -1,7 +1,6 @@
 class Groups::GroupMembersController < Groups::ApplicationController
  # Authorize
  before_action :authorize_admin_group_member!, except: [:index, :leave]
-  before_action :authorize_read_group_members!, only: [:index]

  def index
    @project = @group.projects.find(params[:project_id]) if params[:project_id]
@ -80,10 +79,4 @@ class Groups::GroupMembersController < Groups::ApplicationController
  def member_params
    params.require(:group_member).permit(:access_level, :user_id)
  end
-
-  private
-
-  def authorize_read_group_members!
-    render_404 unless can?(current_user, :read_group_members, @group)
-  end
 end
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@ -57,6 +57,7 @@ class Ability
          :read_label,
          :read_milestone,
          :read_project_snippet,
+          :read_project_member,
          :read_merge_request,
          :read_note,
          :read_commit_status,
@ -91,10 +92,7 @@ class Ability
                subject.group
              end

-      if group.public?
-        rules << :read_group
-        rules << :read_group_members unless restricted_public_level?
-      end
+      rules << :read_group if group.public?

      rules
    end
@ -293,7 +291,7 @@ class Ability

    def group_abilities(user, group)
      rules = []
-      rules << [:read_group, :read_group_members] if can_read_group?(user, group)
+      rules << :read_group if can_read_group?(user, group)

      # Only group masters and group owners can create new projects
      if group.has_master?(user) || group.has_owner?(user) || user.admin?
--- a/app/views/layouts/nav/_group.html.haml
+++ b/app/views/layouts/nav/_group.html.haml
@ -36,14 +36,11 @@
        Merge Requests
        - merge_requests = MergeRequestsFinder.new(current_user, group_id: @group.id, state: 'opened').execute
        %span.count= number_with_delimiter(merge_requests.count)
-
-  - if can?(current_user, :read_group_members, @group)
-    = nav_link(controller: [:group_members]) do
-      = link_to group_group_members_path(@group), title: 'Members' do
-        = icon('users fw')
-        %span
-          Members
-
+  = nav_link(controller: [:group_members]) do
+    = link_to group_group_members_path(@group), title: 'Members' do
+      = icon('users fw')
+      %span
+        Members
  - if can?(current_user, :admin_group, @group)
    = nav_link(html_options: { class: "separate-item" }) do
      = link_to edit_group_path(@group), title: 'Settings' do
--- a/app/views/layouts/nav/_project.html.haml
+++ b/app/views/layouts/nav/_project.html.haml
@ -77,7 +77,7 @@
          Merge Requests
          %span.count.merge_counter= number_with_delimiter(@project.merge_requests.opened.count)

-  - if project_nav_tab?(:settings)
+  - if project_nav_tab? :settings
    = nav_link(controller: [:project_members, :teams]) do
      = link_to namespace_project_project_members_path(@project.namespace, @project), title: 'Members', class: 'team-tab tab' do
        = icon('users fw')
--- a/spec/controllers/groups/group_members_controller_spec.rb
+++ b/spec/controllers/groups/group_members_controller_spec.rb
@ -4,15 +4,17 @@ describe Groups::GroupMembersController do
  let(:user)  { create(:user) }
  let(:group) { create(:group) }

-  context "when public visibility level is restricted" do
+  context "index" do
    before do
      group.add_owner(user)
      stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
    end

-    it 'does not show group members' do
+    it 'renders index with group members' do
      get :index, group_id: group.path
-      expect(response.status).to eq(404)
+
+      expect(response.status).to eq(200)
+      expect(response).to render_template(:index)
    end
  end
 end