Show project members only for members
This commit is contained in:
parent
17b60d6818
commit
62f6601c59
5 changed files with 49 additions and 3 deletions
|
@ -1,6 +1,7 @@
|
|||
class Projects::ProjectMembersController < Projects::ApplicationController
|
||||
# Authorize
|
||||
before_action :authorize_admin_project_member!, except: :leave
|
||||
before_action :authorize_admin_project_member!, except: [:leave, :index]
|
||||
before_action :authorize_read_members_list!, only: [:index]
|
||||
|
||||
def index
|
||||
@project_members = @project.project_members
|
||||
|
@ -112,4 +113,8 @@ class Projects::ProjectMembersController < Projects::ApplicationController
|
|||
def member_params
|
||||
params.require(:project_member).permit(:user_id, :access_level)
|
||||
end
|
||||
|
||||
def authorize_read_members_list!
|
||||
render_403 unless can?(current_user, :read_members_list , @project)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -144,6 +144,10 @@ module ProjectsHelper
|
|||
nav_tabs << :settings
|
||||
end
|
||||
|
||||
if can?(current_user, :read_members_list, project)
|
||||
nav_tabs << :team
|
||||
end
|
||||
|
||||
if can?(current_user, :read_issue, project)
|
||||
nav_tabs << :issues
|
||||
end
|
||||
|
|
|
@ -154,9 +154,17 @@ class Ability
|
|||
end
|
||||
end
|
||||
|
||||
def project_member_rules(team, user)
|
||||
all_members_rules = []
|
||||
|
||||
#Rules only for members which does not include public behavior
|
||||
all_members_rules << :read_members_list if team.members.include?(user)
|
||||
all_members_rules
|
||||
end
|
||||
|
||||
def project_team_rules(team, user)
|
||||
# Rules based on role in project
|
||||
if team.master?(user)
|
||||
filtered_rules = if team.master?(user)
|
||||
project_master_rules
|
||||
elsif team.developer?(user)
|
||||
project_dev_rules
|
||||
|
@ -165,6 +173,8 @@ class Ability
|
|||
elsif team.guest?(user)
|
||||
project_guest_rules
|
||||
end
|
||||
|
||||
Array(filtered_rules) + project_member_rules(team, user)
|
||||
end
|
||||
|
||||
def public_project_rules
|
||||
|
|
|
@ -77,7 +77,7 @@
|
|||
Merge Requests
|
||||
%span.count.merge_counter= number_with_delimiter(@project.merge_requests.opened.count)
|
||||
|
||||
- if project_nav_tab? :settings
|
||||
- if project_nav_tab? :team
|
||||
= nav_link(controller: [:project_members, :teams]) do
|
||||
= link_to namespace_project_project_members_path(@project.namespace, @project), title: 'Members', class: 'team-tab tab' do
|
||||
= icon('users fw')
|
||||
|
|
|
@ -46,4 +46,31 @@ describe Projects::ProjectMembersController do
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'index' do
|
||||
let(:project) { create(:project, :internal) }
|
||||
|
||||
context 'when user is member' do
|
||||
let(:member) { create(:user) }
|
||||
|
||||
before do
|
||||
project.team << [member, :guest]
|
||||
sign_in(member)
|
||||
get :index, namespace_id: project.namespace.to_param, project_id: project.to_param
|
||||
end
|
||||
|
||||
it { expect(response.status).to eq(200) }
|
||||
end
|
||||
|
||||
context 'when user is not member' do
|
||||
let(:not_member) { create(:user) }
|
||||
|
||||
before do
|
||||
sign_in(not_member)
|
||||
get :index, namespace_id: project.namespace.to_param, project_id: project.to_param
|
||||
end
|
||||
|
||||
it { expect(response.status).to eq(403) }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue