Add CI setting: allow_guest_to_access_builds
Add the `read_build` ability if user is anonymous or guest and allow_guest_to_access_builds is enabled.
This commit is contained in:
parent
055afab5c7
commit
627909c2a4
6 changed files with 47 additions and 25 deletions
|
@ -227,6 +227,7 @@ class ProjectsController < ApplicationController
|
|||
:issues_enabled, :merge_requests_enabled, :snippets_enabled, :issues_tracker_id, :default_branch,
|
||||
:wiki_enabled, :visibility_level, :import_url, :last_activity_at, :namespace_id, :avatar,
|
||||
:builds_enabled, :build_allow_git_fetch, :build_timeout_in_minutes, :build_coverage_regex,
|
||||
:allow_guest_to_access_builds,
|
||||
)
|
||||
end
|
||||
|
||||
|
|
|
@ -53,12 +53,11 @@ class Ability
|
|||
:read_merge_request,
|
||||
:read_note,
|
||||
:read_commit_status,
|
||||
:read_build,
|
||||
:download_code
|
||||
]
|
||||
|
||||
if project.restrict_builds?
|
||||
rules -= :read_build
|
||||
if project.allow_guest_to_access_builds?
|
||||
rules += :read_build
|
||||
end
|
||||
|
||||
rules - project_disabled_features_rules(project)
|
||||
|
@ -114,13 +113,17 @@ class Ability
|
|||
|
||||
elsif team.guest?(user)
|
||||
rules.push(*project_guest_rules)
|
||||
|
||||
if project.allow_guest_to_access_builds?
|
||||
rules += :read_build
|
||||
end
|
||||
end
|
||||
|
||||
if project.public? || project.internal?
|
||||
rules.push(*public_project_rules)
|
||||
|
||||
if team.guest?(user) && project.restrict_builds?
|
||||
rules -= named_abilities('build')
|
||||
if project.allow_guest_to_access_builds?
|
||||
rules += :read_build
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -145,7 +148,6 @@ class Ability
|
|||
:download_code,
|
||||
:fork_project,
|
||||
:read_commit_status,
|
||||
:read_build,
|
||||
]
|
||||
end
|
||||
|
||||
|
|
|
@ -157,8 +157,12 @@
|
|||
%li
|
||||
phpunit --coverage-text --colors=never (PHP) -
|
||||
%code ^\s*Lines:\s*\d+.\d+\%
|
||||
|
||||
|
||||
.form-group
|
||||
.col-sm-offset-2.col-sm-10
|
||||
.checkbox
|
||||
= f.label :allow_guest_to_access_builds do
|
||||
= f.check_box :allow_guest_to_access_builds
|
||||
Allow guest to access builds (including build logs and artifacts)
|
||||
%fieldset.features
|
||||
%legend
|
||||
Advanced settings
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
class AddAllowGuestToAccessBuildsProject < ActiveRecord::Migration
|
||||
def change
|
||||
add_column :projects, :allow_guest_to_access_builds, :boolean, default: true, null: false
|
||||
end
|
||||
end
|
|
@ -11,7 +11,7 @@
|
|||
#
|
||||
# It's strongly recommended that you check this file into your version control system.
|
||||
|
||||
ActiveRecord::Schema.define(version: 20160128233227) do
|
||||
ActiveRecord::Schema.define(version: 20160202164642) do
|
||||
|
||||
# These are extensions that must be enabled in order to support this database
|
||||
enable_extension "plpgsql"
|
||||
|
@ -678,6 +678,7 @@ ActiveRecord::Schema.define(version: 20160128233227) do
|
|||
t.boolean "build_allow_git_fetch", default: true, null: false
|
||||
t.integer "build_timeout", default: 3600, null: false
|
||||
t.boolean "pending_delete", default: false
|
||||
t.boolean "allow_guest_to_access_builds", default: true, null: false
|
||||
end
|
||||
|
||||
add_index "projects", ["builds_enabled", "shared_runners_enabled"], name: "index_projects_on_builds_enabled_and_shared_runners_enabled", using: :btree
|
||||
|
|
|
@ -18,6 +18,9 @@ documentation](../workflow/add-user/add-user.md).
|
|||
|---------------------------------------|---------|------------|-------------|----------|--------|
|
||||
| Create new issue | ✓ | ✓ | ✓ | ✓ | ✓ |
|
||||
| Leave comments | ✓ | ✓ | ✓ | ✓ | ✓ |
|
||||
| See a list of builds | ✓ [^1] | ✓ | ✓ | ✓ | ✓ |
|
||||
| See a build log | ✓ [^1] | ✓ | ✓ | ✓ | ✓ |
|
||||
| Download and browse build artifacts | ✓ [^1] | ✓ | ✓ | ✓ | ✓ |
|
||||
| Pull project code | | ✓ | ✓ | ✓ | ✓ |
|
||||
| Download project | | ✓ | ✓ | ✓ | ✓ |
|
||||
| Create code snippets | | ✓ | ✓ | ✓ | ✓ |
|
||||
|
@ -31,6 +34,7 @@ documentation](../workflow/add-user/add-user.md).
|
|||
| Remove non-protected branches | | | ✓ | ✓ | ✓ |
|
||||
| Add tags | | | ✓ | ✓ | ✓ |
|
||||
| Write a wiki | | | ✓ | ✓ | ✓ |
|
||||
| Cancel and retry builds | | | ✓ | ✓ | ✓ |
|
||||
| Create new milestones | | | | ✓ | ✓ |
|
||||
| Add new team members | | | | ✓ | ✓ |
|
||||
| Push to protected branches | | | | ✓ | ✓ |
|
||||
|
@ -40,12 +44,17 @@ documentation](../workflow/add-user/add-user.md).
|
|||
| Edit project | | | | ✓ | ✓ |
|
||||
| Add deploy keys to project | | | | ✓ | ✓ |
|
||||
| Configure project hooks | | | | ✓ | ✓ |
|
||||
| Manage runners | | | | ✓ | ✓ |
|
||||
| Manage build triggers | | | | ✓ | ✓ |
|
||||
| Manage variables | | | | ✓ | ✓ |
|
||||
| Switch visibility level | | | | | ✓ |
|
||||
| Transfer project to another namespace | | | | | ✓ |
|
||||
| Remove project | | | | | ✓ |
|
||||
| Force push to protected branches | | | | | |
|
||||
| Remove protected branches | | | | | |
|
||||
|
||||
[^1]: If **Allow guest to access builds** is enabled in CI settings
|
||||
|
||||
## Group
|
||||
|
||||
In order for a group to appear as public and be browsable, it must contain at
|
||||
|
|
Loading…
Reference in a new issue