User pages are visible to users without login

... if the user is authorized to at least one public project.
This commit is contained in:
Ciro Santillli 2014-01-27 15:53:59 +01:00
parent 1284f21c07
commit 91571c078d
19 changed files with 229 additions and 71 deletions

View file

@ -12,6 +12,7 @@ v 6.6.0
- Mobile UI improvements (Drew Blessing)
- Fix block/remove UI for admin::users#show page
- Show users' group membership on users' activity page
- User pages are visible without login if user is authorized to a public project
v 6.5.1
- Fix branch selectbox when create merge request from fork

View file

@ -56,7 +56,7 @@ header {
font-size: 18px;
.app_logo { margin-left: -15px; }
.project_name {
.title {
display: inline-block;
overflow: hidden;
text-overflow: ellipsis;
@ -127,7 +127,7 @@ header {
* Project / Area name
*
*/
.project_name {
.title {
position: relative;
float: left;
margin: 0;
@ -227,7 +227,7 @@ header {
}
}
}
.project_name {
.title {
a {
color: #BBB;
&:hover {

View file

@ -1,11 +1,23 @@
class UsersController < ApplicationController
layout 'navless'
skip_before_filter :authenticate_user!, only: [:show]
layout :determine_layout
def show
@user = User.find_by!(username: params[:username])
@projects = @user.authorized_projects.where(id: current_user.authorized_projects.pluck(:id)).includes(:namespace)
@user = User.find_by_username!(params[:username])
@projects = @user.authorized_projects.includes(:namespace).select {|project| can?(current_user, :read_project, project)}
if !current_user && @projects.empty?
return authenticate_user!
end
@events = @user.recent_events.where(project_id: @projects.map(&:id)).limit(20)
@title = @user.name
end
def determine_layout
if current_user
'navless'
else
'public_users'
end
end
end

View file

@ -44,3 +44,18 @@
%li Go to your project dashboard
%li Click on the "Edit" tab
%li Change "Visibility Level"
%h4 Visibility of users
The public page of users, located at
= succeed "," do
%code u/username
is visible if either:
%ul
%li
You are logged in.
%li
%p
You are logged out, and the target user is authorized to (is Guest, Reporter, etc.)
at least one public project.
%p Otherwise, you will be redirected to the sign in page.
When visiting the public page of an user, you will only see listed projects which you can view yourself.

View file

@ -6,7 +6,7 @@
= link_to root_path, class: "home has_bottom_tooltip", title: "Dashboard" do
%h1 GITLAB
%span.separator
%h1.project_name= title
%h1.title= title
%button.navbar-toggle{"data-target" => ".navbar-collapse", "data-toggle" => "collapse", type: "button"}
%span.sr-only Toggle navigation

View file

@ -6,11 +6,7 @@
= link_to public_root_path, class: "home" do
%h1 GITLAB
%span.separator
%h1.project_name
- if @project
= project_title(@project)
- else
Public Projects
%h1.title= title
.pull-right
= link_to "Sign in", new_session_path(:user), class: 'btn btn-sign-in btn-new'

View file

@ -5,7 +5,6 @@
- if current_user
= render "layouts/head_panel", title: "Public Projects"
- else
= render "layouts/public_head_panel"
= render "layouts/public_head_panel", title: "Public Projects"
.container.navless-container
.content= yield

View file

@ -2,8 +2,8 @@
%html{ lang: "en"}
= render "layouts/head", title: @project.name_with_namespace
%body{class: "#{app_theme} application", :'data-page' => body_data_page}
= render "layouts/public_head_panel"
%nav.main-nav.navbar-collapse.collapse
= render "layouts/public_head_panel", title: @project.name_with_namespace
%nav.main-nav
.container= render 'layouts/nav/project'
.container
.content= yield

View file

@ -0,0 +1,7 @@
!!! 5
%html{ lang: "en"}
= render "layouts/head", title: @title
%body{class: "#{app_theme} application", :'data-page' => body_data_page}
= render "layouts/public_head_panel", title: @title
.container.navless-container
.content= yield

View file

@ -2,7 +2,7 @@ Feature: Admin Groups
Background:
Given I sign in as an admin
And I have group with projects
And Create gitlab user "John"
And Create user "John Doe"
And I visit admin groups page
Scenario: See group list
@ -17,5 +17,5 @@ Feature: Admin Groups
@javascript
Scenario: Add user into projects in group
When I visit admin group page
When I select user "John" from user list as "Reporter"
Then I should see "John" in team list in every project as "Reporter"
When I select user "John Doe" from user list as "Reporter"
Then I should see "John Doe" in team list in every project as "Reporter"

View file

@ -21,10 +21,10 @@ Feature: Groups
@javascript
Scenario: I should add user to projects in Group
Given I have new user "John"
Given Create user "John Doe"
When I visit group members page
And I select user "John" from list with role "Reporter"
Then I should see user "John" in team list
And I select user "John Doe" from list with role "Reporter"
Then I should see user "John Doe" in team list
Scenario: I should see edit group page
When I visit group settings page

View file

@ -1,6 +1,7 @@
class AdminGroups < Spinach::FeatureSteps
include SharedAuthentication
include SharedPaths
include SharedUser
include SharedActiveTab
include Select2Helper
@ -20,10 +21,6 @@ class AdminGroups < Spinach::FeatureSteps
@project.team << [current_user, :master]
end
And 'Create gitlab user "John"' do
create(:user, name: "John")
end
And 'submit form with new group info' do
fill_in 'group_name', with: 'gitlab'
fill_in 'group_description', with: 'Group description'
@ -39,8 +36,8 @@ class AdminGroups < Spinach::FeatureSteps
current_path.should == admin_group_path(Group.last)
end
When 'I select user "John" from user list as "Reporter"' do
user = User.find_by(name: "John")
When 'I select user "John Doe" from user list as "Reporter"' do
user = User.find_by(name: "John Doe")
select2(user.id, from: "#user_ids", multiple: true)
within "#new_team_member" do
select "Reporter", from: "group_access"
@ -48,9 +45,9 @@ class AdminGroups < Spinach::FeatureSteps
click_button "Add users into group"
end
Then 'I should see "John" in team list in every project as "Reporter"' do
Then 'I should see "John Doe" in team list in every project as "Reporter"' do
within ".group-users-list" do
page.should have_content "John"
page.should have_content "John Doe"
page.should have_content "Reporter"
end
end

View file

@ -1,6 +1,7 @@
class Groups < Spinach::FeatureSteps
include SharedAuthentication
include SharedPaths
include SharedUser
include Select2Helper
Then 'I should see projects list' do
@ -34,12 +35,8 @@ class Groups < Spinach::FeatureSteps
end
end
Given 'I have new user "John"' do
create(:user, name: "John")
end
And 'I select user "John" from list with role "Reporter"' do
user = User.find_by(name: "John")
And 'I select user "John Doe" from list with role "Reporter"' do
user = User.find_by(name: "John Doe")
within ".users-group-form" do
select2(user.id, from: "#user_ids", multiple: true)
select "Reporter", from: "group_access"
@ -47,9 +44,9 @@ class Groups < Spinach::FeatureSteps
click_button "Add users into group"
end
Then 'I should see user "John" in team list' do
Then 'I should see user "John Doe" in team list' do
projects_with_access = find(".ui-box .well-list")
projects_with_access.should have_content("John")
projects_with_access.should have_content("John Doe")
end
Given 'project from group has issues assigned to me' do

View file

@ -3,12 +3,8 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps
include SharedPaths
include SharedProject
step 'I should see project "Community"' do
page.should have_content "Community"
end
step 'I should not see project "Enterprise"' do
page.should_not have_content "Enterprise"
step 'public empty project "Empty Public Project"' do
create :empty_project, name: 'Empty Public Project', visibility_level: Gitlab::VisibilityLevel::PUBLIC
end
step 'I should see project "Empty Public Project"' do
@ -24,14 +20,6 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps
page.should have_content 'README.md'
end
step 'public project "Community"' do
create :project, name: 'Community', visibility_level: Gitlab::VisibilityLevel::PUBLIC
end
step 'public empty project "Empty Public Project"' do
create :empty_project, name: 'Empty Public Project', visibility_level: Gitlab::VisibilityLevel::PUBLIC
end
step 'I visit empty project page' do
project = Project.find_by(name: 'Empty Public Project')
visit project_path(project)
@ -60,10 +48,6 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps
end
end
step 'private project "Enterprise"' do
create :project, name: 'Enterprise'
end
step 'I visit project "Enterprise" page' do
project = Project.find_by(name: 'Enterprise')
visit project_path(project)
@ -75,18 +59,6 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps
end
end
step 'internal project "Internal"' do
create :project, name: 'Internal', visibility_level: Gitlab::VisibilityLevel::INTERNAL
end
step 'I should see project "Internal"' do
page.should have_content "Internal"
end
step 'I should not see project "Internal"' do
page.should_not have_content "Internal"
end
step 'I visit project "Internal" page' do
project = Project.find_by(name: 'Internal')
visit project_path(project)

View file

@ -5,6 +5,14 @@ module SharedPaths
visit new_project_path
end
# ----------------------------------------
# User
# ----------------------------------------
step 'I visit user "John Doe" page' do
visit user_path("john_doe")
end
# ----------------------------------------
# Group
# ----------------------------------------

View file

@ -65,4 +65,68 @@ module SharedProject
def current_project
@project ||= Project.first
end
# ----------------------------------------
# Visibility level
# ----------------------------------------
step 'private project "Enterprise"' do
create :project, name: 'Enterprise'
end
step 'I should see project "Enterprise"' do
page.should have_content "Enterprise"
end
step 'I should not see project "Enterprise"' do
page.should_not have_content "Enterprise"
end
step 'internal project "Internal"' do
create :project, name: 'Internal', visibility_level: Gitlab::VisibilityLevel::INTERNAL
end
step 'I should see project "Internal"' do
page.should have_content "Internal"
end
step 'I should not see project "Internal"' do
page.should_not have_content "Internal"
end
step 'public project "Community"' do
create :project, name: 'Community', visibility_level: Gitlab::VisibilityLevel::PUBLIC
end
step 'I should see project "Community"' do
page.should have_content "Community"
end
step 'I should not see project "Community"' do
page.should_not have_content "Community"
end
step '"John Doe" is authorized to private project "Enterprise"' do
user = User.find_by(name: "John Doe")
user ||= create(:user, name: "John Doe", username: "john_doe")
project = Project.find_by(name: "Enterprise")
project ||= create(:project, name: "Enterprise", namespace: user.namespace)
project.team << [user, :master]
end
step '"John Doe" is authorized to internal project "Internal"' do
user = User.find_by(name: "John Doe")
user ||= create(:user, name: "John Doe", username: "john_doe")
project = Project.find_by(name: "Internal")
project ||= create :project, name: 'Internal', visibility_level: Gitlab::VisibilityLevel::INTERNAL
project.team << [user, :master]
end
step '"John Doe" is authorized to public project "Community"' do
user = User.find_by(name: "John Doe")
user ||= create(:user, name: "John Doe", username: "john_doe")
project = Project.find_by(name: "Community")
project ||= create :project, name: 'Community', visibility_level: Gitlab::VisibilityLevel::PUBLIC
project.team << [user, :master]
end
end

View file

@ -0,0 +1,11 @@
module SharedUser
include Spinach::DSL
step 'Create user "John Doe"' do
create(:user, name: "John Doe", username: "john_doe")
end
step 'I sign in as "John Doe"' do
login_with(User.find_by(name: "John Doe"))
end
end

10
features/steps/user.rb Normal file
View file

@ -0,0 +1,10 @@
class Spinach::Features::User < Spinach::FeatureSteps
include SharedAuthentication
include SharedPaths
include SharedUser
include SharedProject
step 'I should see user "John Doe" page' do
expect(page.title).to match(/^\s*John Doe/)
end
end

69
features/user.feature Normal file
View file

@ -0,0 +1,69 @@
Feature: User
Background:
Given Create user "John Doe"
And "John Doe" is authorized to private project "Enterprise"
# Signed out
Scenario: I visit user "John Doe" page while not signed in when he is authorized to a public project
Given "John Doe" is authorized to internal project "Internal"
And "John Doe" is authorized to public project "Community"
When I visit user "John Doe" page
Then I should see user "John Doe" page
And I should not see project "Enterprise"
And I should not see project "Internal"
And I should see project "Community"
Scenario: I visit user "John Doe" page while not signed in when he is not authorized to a public project
Given "John Doe" is authorized to internal project "Internal"
When I visit user "John Doe" page
Then I should be redirected to sign in page
# Signed in as someone else
Scenario: I visit user "John Doe" page while signed in as someone else when he is authorized to a public project
Given "John Doe" is authorized to public project "Community"
And "John Doe" is authorized to internal project "Internal"
And I sign in as a user
When I visit user "John Doe" page
Then I should see user "John Doe" page
And I should not see project "Enterprise"
And I should see project "Internal"
And I should see project "Community"
Scenario: I visit user "John Doe" page while signed in as someone else when he is not authorized to a public project
Given "John Doe" is authorized to internal project "Internal"
And I sign in as a user
When I visit user "John Doe" page
Then I should see user "John Doe" page
And I should not see project "Enterprise"
And I should see project "Internal"
And I should not see project "Community"
Scenario: I visit user "John Doe" page while signed in as someone else when he is not authorized to a project I can see
Given I sign in as a user
When I visit user "John Doe" page
Then I should see user "John Doe" page
And I should not see project "Enterprise"
And I should not see project "Internal"
And I should not see project "Community"
# Signed in as the user himself
Scenario: I visit user "John Doe" page while signed in as "John Doe" when he has a public project
Given "John Doe" is authorized to internal project "Internal"
And "John Doe" is authorized to public project "Community"
And I sign in as "John Doe"
When I visit user "John Doe" page
Then I should see user "John Doe" page
And I should see project "Enterprise"
And I should see project "Internal"
And I should see project "Community"
Scenario: I visit user "John Doe" page while signed in as "John Doe" when he has no public project
Given I sign in as "John Doe"
When I visit user "John Doe" page
Then I should see user "John Doe" page
And I should see project "Enterprise"
And I should not see project "Internal"
And I should not see project "Community"