Merge branch 'issue_13648' into 'master'

Reuse query from ProjectsFinder to get projects accessible to current user. Fixes #13648 This is a refactor to reuse the existing query from our `ProjectsFinder` class See merge request !3049
2016-03-03 14:28:25 +00:00 · 2016-03-03 14:28:25 +00:00 · 1cb4f810a5
commit 1cb4f810a5
parent 0ca056eb99 49e4ef3b41
2 changed files with 73 additions and 8 deletions
--- a/app/controllers/projects/forks_controller.rb
+++ b/app/controllers/projects/forks_controller.rb
@ -6,14 +6,7 @@ class Projects::ForksController < Projects::ApplicationController
  def index
    base_query = project.forks.includes(:creator)

-    @forks = if current_user
-               base_query.where('projects.visibility_level IN (?) OR projects.id IN (?)',
-                                Project.public_and_internal_levels,
-                                current_user.authorized_projects.pluck(:id))
-             else
-               base_query.where('projects.visibility_level = ?', Project::PUBLIC)
-             end
-
+    @forks               = base_query.merge(ProjectsFinder.new.execute(current_user))
    @total_forks_count   = base_query.size
    @private_forks_count = @total_forks_count - @forks.size
    @public_forks_count  = @total_forks_count - @private_forks_count
--- a/spec/controllers/projects/forks_controller_spec.rb
+++ b/spec/controllers/projects/forks_controller_spec.rb
@ -0,0 +1,72 @@
+require 'spec_helper'
+
+describe Projects::ForksController do
+  let(:user) { create(:user) }
+  let(:project) { create(:project, visibility_level: Project::PUBLIC) }
+  let(:forked_project) { Projects::ForkService.new(project, user).execute }
+  let(:group) { create(:group, owner: forked_project.creator) }
+
+  describe 'GET index' do
+    def get_forks
+      get :index,
+        namespace_id: project.namespace.to_param,
+        project_id: project.to_param
+    end
+
+    context 'when fork is public' do
+      before { forked_project.update_attribute(:visibility_level, Project::PUBLIC) }
+
+      it 'should be visible for non logged in users' do
+        get_forks
+
+        expect(assigns[:forks]).to be_present
+      end
+    end
+
+    context 'when fork is private' do
+      before do
+        forked_project.update_attributes(visibility_level: Project::PRIVATE, group: group)
+      end
+
+      it 'should not be visible for non logged in users' do
+        get_forks
+
+        expect(assigns[:forks]).to be_blank
+      end
+
+      context 'when user is logged in' do
+        before { sign_in(project.creator) }
+
+        context 'when user is not a Project member neither a group member' do
+          it 'should not see the Project listed' do
+            get_forks
+
+            expect(assigns[:forks]).to be_blank
+          end
+        end
+
+        context 'when user is a member of the Project' do
+          before { forked_project.team << [project.creator, :developer] }
+
+          it 'should see the project listed' do
+            get_forks
+
+            expect(assigns[:forks]).to be_present
+          end
+        end
+
+        context 'when user is a member of the Group' do
+          before { forked_project.group.add_developer(project.creator) }
+
+          it 'should see the project listed' do
+            get_forks
+
+            expect(assigns[:forks]).to be_present
+          end
+        end
+
+      end
+    end
+  end
+
+end