Merge branch 'bugfix/dragging_milestones' into 'master'
Stop unauthorized users dragging on milestone page Closes #13670 See merge request !7113
This commit is contained in:
commit
8487af81db
|
@ -14,6 +14,7 @@ Please view this file on the master branch, on stable branches it's out of date.
|
||||||
- Fix sidekiq stats in admin area (blackst0ne)
|
- Fix sidekiq stats in admin area (blackst0ne)
|
||||||
- API: Fix booleans not recognized as such when using the `to_boolean` helper
|
- API: Fix booleans not recognized as such when using the `to_boolean` helper
|
||||||
- Removed delete branch tooltip !6954
|
- Removed delete branch tooltip !6954
|
||||||
|
- Stop unauthorized users dragging on milestone page (blackst0ne)
|
||||||
- Escape ref and path for relative links !6050 (winniehell)
|
- Escape ref and path for relative links !6050 (winniehell)
|
||||||
- Fixed link typo on /help/ui to Alerts section. !6915 (Sam Rose)
|
- Fixed link typo on /help/ui to Alerts section. !6915 (Sam Rose)
|
||||||
- Fix filtering of milestones with quotes in title (airatshigapov)
|
- Fix filtering of milestones with quotes in title (airatshigapov)
|
||||||
|
|
|
@ -38,7 +38,7 @@
|
||||||
|
|
||||||
&.smoke { background-color: $background-color; }
|
&.smoke { background-color: $background-color; }
|
||||||
|
|
||||||
&:hover {
|
&:not(.ui-sort-disabled):hover {
|
||||||
background: $row-hover;
|
background: $row-hover;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -3,8 +3,9 @@
|
||||||
- assignee = issuable.assignee
|
- assignee = issuable.assignee
|
||||||
- issuable_type = issuable.class.table_name
|
- issuable_type = issuable.class.table_name
|
||||||
- base_url_args = [project.namespace.becomes(Namespace), project, issuable_type]
|
- base_url_args = [project.namespace.becomes(Namespace), project, issuable_type]
|
||||||
|
- can_update = can?(current_user, :"update_#{issuable.to_ability_name}", issuable)
|
||||||
|
|
||||||
%li{ id: dom_id(issuable, 'sortable'), class: "issuable-row", 'data-iid' => issuable.iid, 'data-url' => polymorphic_path(issuable) }
|
%li{ id: dom_id(issuable, 'sortable'), class: "issuable-row #{'ui-sort-disabled' unless can_update}", 'data-iid' => issuable.iid, 'data-url' => polymorphic_path(issuable) }
|
||||||
%span
|
%span
|
||||||
- if show_project_name
|
- if show_project_name
|
||||||
%strong #{project.name} ·
|
%strong #{project.name} ·
|
||||||
|
|
|
@ -0,0 +1,86 @@
|
||||||
|
require 'rails_helper'
|
||||||
|
|
||||||
|
describe 'Milestone draggable', feature: true, js: true do
|
||||||
|
let(:milestone) { create(:milestone, project: project, title: 8.14) }
|
||||||
|
let(:project) { create(:empty_project, :public) }
|
||||||
|
let(:user) { create(:user) }
|
||||||
|
|
||||||
|
context 'issues' do
|
||||||
|
let(:issue) { page.find_by_id('issues-list-unassigned').find('li') }
|
||||||
|
let(:issue_target) { page.find_by_id('issues-list-ongoing') }
|
||||||
|
|
||||||
|
it 'does not allow guest to drag issue' do
|
||||||
|
create_and_drag_issue
|
||||||
|
|
||||||
|
expect(issue_target).not_to have_selector('.issuable-row')
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'does not allow authorized user to drag issue' do
|
||||||
|
login_as(user)
|
||||||
|
create_and_drag_issue
|
||||||
|
|
||||||
|
expect(issue_target).not_to have_selector('.issuable-row')
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'allows author to drag issue' do
|
||||||
|
login_as(user)
|
||||||
|
create_and_drag_issue(author: user)
|
||||||
|
|
||||||
|
expect(issue_target).to have_selector('.issuable-row')
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'allows admin to drag issue' do
|
||||||
|
login_as(:admin)
|
||||||
|
create_and_drag_issue
|
||||||
|
|
||||||
|
expect(issue_target).to have_selector('.issuable-row')
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'merge requests' do
|
||||||
|
let(:merge_request) { page.find_by_id('merge_requests-list-unassigned').find('li') }
|
||||||
|
let(:merge_request_target) { page.find_by_id('merge_requests-list-ongoing') }
|
||||||
|
|
||||||
|
it 'does not allow guest to drag merge request' do
|
||||||
|
create_and_drag_merge_request
|
||||||
|
|
||||||
|
expect(merge_request_target).not_to have_selector('.issuable-row')
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'does not allow authorized user to drag merge request' do
|
||||||
|
login_as(user)
|
||||||
|
create_and_drag_merge_request
|
||||||
|
|
||||||
|
expect(merge_request_target).not_to have_selector('.issuable-row')
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'allows author to drag merge request' do
|
||||||
|
login_as(user)
|
||||||
|
create_and_drag_merge_request(author: user)
|
||||||
|
|
||||||
|
expect(merge_request_target).to have_selector('.issuable-row')
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'allows admin to drag merge request' do
|
||||||
|
login_as(:admin)
|
||||||
|
create_and_drag_merge_request
|
||||||
|
|
||||||
|
expect(merge_request_target).to have_selector('.issuable-row')
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def create_and_drag_issue(params = {})
|
||||||
|
create(:issue, params.merge(title: 'Foo', project: project, milestone: milestone))
|
||||||
|
|
||||||
|
visit namespace_project_milestone_path(project.namespace, project, milestone)
|
||||||
|
issue.drag_to(issue_target)
|
||||||
|
end
|
||||||
|
|
||||||
|
def create_and_drag_merge_request(params = {})
|
||||||
|
create(:merge_request, params.merge(title: 'Foo', source_project: project, target_project: project, milestone: milestone))
|
||||||
|
|
||||||
|
visit namespace_project_milestone_path(project.namespace, project, milestone)
|
||||||
|
page.find("a[href='#tab-merge-requests']").click
|
||||||
|
merge_request.drag_to(merge_request_target)
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in New Issue