More backport
This commit is contained in:
Douwe Maan
parent
426680def4
commit
46dff6910d
|
|
@ -1,3 +1,4 @@
|
|||
*.erb
|
||||
lib/gitlab/sanitizers/svg/whitelist.rb
|
||||
lib/gitlab/diff/position_tracer.rb
|
||||
app/policies/project_policy.rb
|
||||
|
|
|
|||
|
|
@ -11,18 +11,27 @@
|
|||
.form-group
|
||||
= f.label :access_level, class: 'control-label'
|
||||
.col-sm-10
|
||||
= f.radio_button :access_level, :regular, disabled: (current_user == @user && @user.is_admin?)
|
||||
- editing_current_user = (current_user == @user)
|
||||
|
||||
= f.radio_button :access_level, :regular, disabled: editing_current_user
|
||||
= label_tag :regular do
|
||||
Regular
|
||||
%p.light
|
||||
Regular users have access to their groups and projects
|
||||
= f.radio_button :access_level, :admin
|
||||
|
||||
= f.radio_button :access_level, :admin, disabled: editing_current_user
|
||||
= label_tag :admin do
|
||||
Admin
|
||||
%p.light
|
||||
Administrators have access to all groups, projects and users and can manage all features in this installation
|
||||
- if editing_current_user
|
||||
%p.light
|
||||
You cannot remove your own admin rights.
|
||||
|
||||
.form-group
|
||||
= f.label :external, class: 'control-label'
|
||||
.col-sm-10= f.check_box :external
|
||||
.col-sm-10 External users cannot see internal or private projects unless access is explicitly granted. Also, external users cannot create projects or groups.
|
||||
.col-sm-10
|
||||
= f.check_box :external do
|
||||
External
|
||||
%p.light
|
||||
External users cannot see internal or private projects unless access is explicitly granted. Also, external users cannot create projects or groups.
|
||||
|
|
|
|||
|
|
@ -1422,4 +1422,37 @@ describe User, models: true do
|
|||
expect(user.project_authorizations.where(access_level: Gitlab::Access::REPORTER).exists?).to eq(true)
|
||||
end
|
||||
end
|
||||
|
||||
describe '#access_level=' do
|
||||
let(:user) { build(:user) }
|
||||
|
||||
it 'does nothing for an invalid access level' do
|
||||
user.access_level = :invalid_access_level
|
||||
|
||||
expect(user.access_level).to eq(:regular)
|
||||
expect(user.admin).to be false
|
||||
end
|
||||
|
||||
it "assigns the 'admin' access level" do
|
||||
user.access_level = :admin
|
||||
|
||||
expect(user.access_level).to eq(:admin)
|
||||
expect(user.admin).to be true
|
||||
end
|
||||
|
||||
it "doesn't clear existing access levels when an invalid access level is passed in" do
|
||||
user.access_level = :admin
|
||||
user.access_level = :invalid_access_level
|
||||
|
||||
expect(user.access_level).to eq(:admin)
|
||||
expect(user.admin).to be true
|
||||
end
|
||||
|
||||
it "accepts string values in addition to symbols" do
|
||||
user.access_level = 'admin'
|
||||
|
||||
expect(user.access_level).to eq(:admin)
|
||||
expect(user.admin).to be true
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -10,61 +10,59 @@ describe ProjectPolicy, models: true do
|
|||
let(:project) { create(:empty_project, :public, namespace: owner.namespace) }
|
||||
|
||||
let(:guest_permissions) do
|
||||
[
|
||||
:read_project, :read_board, :read_list, :read_wiki, :read_issue, :read_label,
|
||||
:read_milestone, :read_project_snippet, :read_project_member,
|
||||
:read_note, :create_project, :create_issue, :create_note,
|
||||
:upload_file
|
||||
%i[
|
||||
read_project read_board read_list read_wiki read_issue read_label
|
||||
read_milestone read_project_snippet read_project_member
|
||||
read_note create_project create_issue create_note
|
||||
upload_file
|
||||
]
|
||||
end
|
||||
|
||||
let(:reporter_permissions) do
|
||||
[
|
||||
:download_code, :fork_project, :create_project_snippet, :update_issue,
|
||||
:admin_issue, :admin_label, :admin_list, :read_commit_status, :read_build,
|
||||
:read_container_image, :read_pipeline, :read_environment, :read_deployment,
|
||||
:read_merge_request, :download_wiki_code
|
||||
%i[
|
||||
download_code fork_project create_project_snippet update_issue
|
||||
admin_issue admin_label admin_list read_commit_status read_build
|
||||
read_container_image read_pipeline read_environment read_deployment
|
||||
read_merge_request download_wiki_code
|
||||
]
|
||||
end
|
||||
|
||||
let(:team_member_reporter_permissions) do
|
||||
[
|
||||
:build_download_code, :build_read_container_image
|
||||
]
|
||||
%i[build_download_code build_read_container_image]
|
||||
end
|
||||
|
||||
let(:developer_permissions) do
|
||||
[
|
||||
:admin_merge_request, :update_merge_request, :create_commit_status,
|
||||
:update_commit_status, :create_build, :update_build, :create_pipeline,
|
||||
:update_pipeline, :create_merge_request, :create_wiki, :push_code,
|
||||
:resolve_note, :create_container_image, :update_container_image,
|
||||
:create_environment, :create_deployment
|
||||
%i[
|
||||
admin_merge_request update_merge_request create_commit_status
|
||||
update_commit_status create_build update_build create_pipeline
|
||||
update_pipeline create_merge_request create_wiki push_code
|
||||
resolve_note create_container_image update_container_image
|
||||
create_environment create_deployment
|
||||
]
|
||||
end
|
||||
|
||||
let(:master_permissions) do
|
||||
[
|
||||
:push_code_to_protected_branches, :update_project_snippet, :update_environment,
|
||||
:update_deployment, :admin_milestone, :admin_project_snippet,
|
||||
:admin_project_member, :admin_note, :admin_wiki, :admin_project,
|
||||
:admin_commit_status, :admin_build, :admin_container_image,
|
||||
:admin_pipeline, :admin_environment, :admin_deployment
|
||||
%i[
|
||||
push_code_to_protected_branches update_project_snippet update_environment
|
||||
update_deployment admin_milestone admin_project_snippet
|
||||
admin_project_member admin_note admin_wiki admin_project
|
||||
admin_commit_status admin_build admin_container_image
|
||||
admin_pipeline admin_environment admin_deployment
|
||||
]
|
||||
end
|
||||
|
||||
let(:public_permissions) do
|
||||
[
|
||||
:download_code, :fork_project, :read_commit_status, :read_pipeline,
|
||||
:read_container_image, :build_download_code, :build_read_container_image,
|
||||
:download_wiki_code
|
||||
%i[
|
||||
download_code fork_project read_commit_status read_pipeline
|
||||
read_container_image build_download_code build_read_container_image
|
||||
download_wiki_code
|
||||
]
|
||||
end
|
||||
|
||||
let(:owner_permissions) do
|
||||
[
|
||||
:change_namespace, :change_visibility_level, :rename_project, :remove_project,
|
||||
:archive_project, :remove_fork_project, :destroy_merge_request, :destroy_issue
|
||||
%i[
|
||||
change_namespace change_visibility_level rename_project remove_project
|
||||
archive_project remove_fork_project destroy_merge_request destroy_issue
|
||||
]
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,101 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe ProjectSnippetPolicy, models: true do
|
||||
let(:current_user) { create(:user) }
|
||||
|
||||
let(:author_permissions) do
|
||||
[
|
||||
:update_project_snippet,
|
||||
:admin_project_snippet
|
||||
]
|
||||
end
|
||||
|
||||
subject { described_class.abilities(current_user, project_snippet).to_set }
|
||||
|
||||
context 'public snippet' do
|
||||
let(:project_snippet) { create(:project_snippet, :public) }
|
||||
|
||||
context 'no user' do
|
||||
let(:current_user) { nil }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_project_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
context 'regular user' do
|
||||
it do
|
||||
is_expected.to include(:read_project_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'internal snippet' do
|
||||
let(:project_snippet) { create(:project_snippet, :internal) }
|
||||
|
||||
context 'no user' do
|
||||
let(:current_user) { nil }
|
||||
|
||||
it do
|
||||
is_expected.not_to include(:read_project_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
context 'regular user' do
|
||||
it do
|
||||
is_expected.to include(:read_project_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'private snippet' do
|
||||
let(:project_snippet) { create(:project_snippet, :private) }
|
||||
|
||||
context 'no user' do
|
||||
let(:current_user) { nil }
|
||||
|
||||
it do
|
||||
is_expected.not_to include(:read_project_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
context 'regular user' do
|
||||
it do
|
||||
is_expected.not_to include(:read_project_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
context 'snippet author' do
|
||||
let(:project_snippet) { create(:project_snippet, :private, author: current_user) }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_project_snippet)
|
||||
is_expected.to include(*author_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
context 'project team member' do
|
||||
before { project_snippet.project.team << [current_user, :developer] }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_project_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
context 'admin user' do
|
||||
let(:current_user) { create(:admin) }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_project_snippet)
|
||||
is_expected.to include(*author_permissions)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
Loading…
Reference in New Issue