Add CI setting: allow_guest_to_access_builds

Add the `read_build` ability if user is anonymous or guest and allow_guest_to_access_builds is enabled.
This commit is contained in:
Kamil Trzcinski 2016-02-02 17:59:37 +01:00
parent 055afab5c7
commit 627909c2a4
6 changed files with 47 additions and 25 deletions

View file

@ -227,6 +227,7 @@ class ProjectsController < ApplicationController
:issues_enabled, :merge_requests_enabled, :snippets_enabled, :issues_tracker_id, :default_branch,
:wiki_enabled, :visibility_level, :import_url, :last_activity_at, :namespace_id, :avatar,
:builds_enabled, :build_allow_git_fetch, :build_timeout_in_minutes, :build_coverage_regex,
:allow_guest_to_access_builds,
)
end

View file

@ -53,12 +53,11 @@ class Ability
:read_merge_request,
:read_note,
:read_commit_status,
:read_build,
:download_code
]
if project.restrict_builds?
rules -= :read_build
if project.allow_guest_to_access_builds?
rules += :read_build
end
rules - project_disabled_features_rules(project)
@ -114,13 +113,17 @@ class Ability
elsif team.guest?(user)
rules.push(*project_guest_rules)
if project.allow_guest_to_access_builds?
rules += :read_build
end
end
if project.public? || project.internal?
rules.push(*public_project_rules)
if team.guest?(user) && project.restrict_builds?
rules -= named_abilities('build')
if project.allow_guest_to_access_builds?
rules += :read_build
end
end
@ -145,7 +148,6 @@ class Ability
:download_code,
:fork_project,
:read_commit_status,
:read_build,
]
end

View file

@ -157,8 +157,12 @@
%li
phpunit --coverage-text --colors=never (PHP) -
%code ^\s*Lines:\s*\d+.\d+\%
.form-group
.col-sm-offset-2.col-sm-10
.checkbox
= f.label :allow_guest_to_access_builds do
= f.check_box :allow_guest_to_access_builds
Allow guest to access builds (including build logs and artifacts)
%fieldset.features
%legend
Advanced settings

View file

@ -0,0 +1,5 @@
class AddAllowGuestToAccessBuildsProject < ActiveRecord::Migration
def change
add_column :projects, :allow_guest_to_access_builds, :boolean, default: true, null: false
end
end

View file

@ -11,7 +11,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20160128233227) do
ActiveRecord::Schema.define(version: 20160202164642) do
# These are extensions that must be enabled in order to support this database
enable_extension "plpgsql"
@ -678,6 +678,7 @@ ActiveRecord::Schema.define(version: 20160128233227) do
t.boolean "build_allow_git_fetch", default: true, null: false
t.integer "build_timeout", default: 3600, null: false
t.boolean "pending_delete", default: false
t.boolean "allow_guest_to_access_builds", default: true, null: false
end
add_index "projects", ["builds_enabled", "shared_runners_enabled"], name: "index_projects_on_builds_enabled_and_shared_runners_enabled", using: :btree

View file

@ -18,6 +18,9 @@ documentation](../workflow/add-user/add-user.md).
|---------------------------------------|---------|------------|-------------|----------|--------|
| Create new issue | ✓ | ✓ | ✓ | ✓ | ✓ |
| Leave comments | ✓ | ✓ | ✓ | ✓ | ✓ |
| See a list of builds | ✓ [^1] | ✓ | ✓ | ✓ | ✓ |
| See a build log | ✓ [^1] | ✓ | ✓ | ✓ | ✓ |
| Download and browse build artifacts | ✓ [^1] | ✓ | ✓ | ✓ | ✓ |
| Pull project code | | ✓ | ✓ | ✓ | ✓ |
| Download project | | ✓ | ✓ | ✓ | ✓ |
| Create code snippets | | ✓ | ✓ | ✓ | ✓ |
@ -31,6 +34,7 @@ documentation](../workflow/add-user/add-user.md).
| Remove non-protected branches | | | ✓ | ✓ | ✓ |
| Add tags | | | ✓ | ✓ | ✓ |
| Write a wiki | | | ✓ | ✓ | ✓ |
| Cancel and retry builds | | | ✓ | ✓ | ✓ |
| Create new milestones | | | | ✓ | ✓ |
| Add new team members | | | | ✓ | ✓ |
| Push to protected branches | | | | ✓ | ✓ |
@ -40,12 +44,17 @@ documentation](../workflow/add-user/add-user.md).
| Edit project | | | | ✓ | ✓ |
| Add deploy keys to project | | | | ✓ | ✓ |
| Configure project hooks | | | | ✓ | ✓ |
| Manage runners | | | | ✓ | ✓ |
| Manage build triggers | | | | ✓ | ✓ |
| Manage variables | | | | ✓ | ✓ |
| Switch visibility level | | | | | ✓ |
| Transfer project to another namespace | | | | | ✓ |
| Remove project | | | | | ✓ |
| Force push to protected branches | | | | | |
| Remove protected branches | | | | | |
[^1]: If **Allow guest to access builds** is enabled in CI settings
## Group
In order for a group to appear as public and be browsable, it must contain at