Merge branch 'fix-error-500-internal-snippet' into 'master'
Fix Error 500 when one user attempts to access another's personal, internal snippet ### What does this MR do? This MR fixes an Error 500 that occurred if one user tried to access another's personal, internal snippet. Steps to reproduce: ### Why was this MR needed? 1. Go to `<hostname>/snippets/new`. 2. Select "Internal". 3. Create a snippet. Save the URL (e.g. `<hostname>/snippets/20`) 4. Logout and sign in as another user. 5. Go to the URL in step 3. ### What are the relevant issue numbers? Closes #1815 See merge request !854
This commit is contained in:
commit
b2eef41d41
|
@ -10,6 +10,7 @@ v 7.13.0 (unreleased)
|
||||||
- Update ssl_ciphers in Nginx example to remove DHE settings. This will deny forward secrecy for Android 2.3.7, Java 6 and OpenSSL 0.9.8
|
- Update ssl_ciphers in Nginx example to remove DHE settings. This will deny forward secrecy for Android 2.3.7, Java 6 and OpenSSL 0.9.8
|
||||||
|
|
||||||
v 7.12.0 (unreleased)
|
v 7.12.0 (unreleased)
|
||||||
|
- Fix Error 500 when one user attempts to access a personal, internal snippet (Stan Hu)
|
||||||
- Fix post-receive errors on a push when an external issue tracker is configured (Stan Hu)
|
- Fix post-receive errors on a push when an external issue tracker is configured (Stan Hu)
|
||||||
- Update oauth button logos for Twitter and Google to recommended assets
|
- Update oauth button logos for Twitter and Google to recommended assets
|
||||||
- Fix hooks for web based events with external issue references (Daniel Gerhardt)
|
- Fix hooks for web based events with external issue references (Daniel Gerhardt)
|
||||||
|
|
|
@ -263,7 +263,7 @@ class Ability
|
||||||
:"modify_#{name}",
|
:"modify_#{name}",
|
||||||
]
|
]
|
||||||
else
|
else
|
||||||
if subject.respond_to?(:project)
|
if subject.respond_to?(:project) && subject.project
|
||||||
project_abilities(user, subject.project)
|
project_abilities(user, subject.project)
|
||||||
else
|
else
|
||||||
[]
|
[]
|
||||||
|
|
|
@ -25,4 +25,15 @@ Feature: Snippets
|
||||||
Scenario: I destroy "Personal snippet one"
|
Scenario: I destroy "Personal snippet one"
|
||||||
Given I visit snippet page "Personal snippet one"
|
Given I visit snippet page "Personal snippet one"
|
||||||
And I click link "Destroy"
|
And I click link "Destroy"
|
||||||
Then I should not see "Personal snippet one" in snippets
|
Then I should not see "Personal snippet one" in snippets
|
||||||
|
|
||||||
|
Scenario: I create new internal snippet
|
||||||
|
Given I logout directly
|
||||||
|
And I sign in as an admin
|
||||||
|
Then I visit new snippet page
|
||||||
|
And I submit new internal snippet
|
||||||
|
Then I visit snippet page "Internal personal snippet one"
|
||||||
|
And I logout directly
|
||||||
|
Then I sign in as a user
|
||||||
|
Given I visit new snippet page
|
||||||
|
Then I visit snippet page "Internal personal snippet one"
|
||||||
|
|
|
@ -28,6 +28,10 @@ module SharedAuthentication
|
||||||
logout
|
logout
|
||||||
end
|
end
|
||||||
|
|
||||||
|
step "I logout directly" do
|
||||||
|
logout_direct
|
||||||
|
end
|
||||||
|
|
||||||
def current_user
|
def current_user
|
||||||
@user || User.first
|
@user || User.first
|
||||||
end
|
end
|
||||||
|
|
|
@ -31,6 +31,18 @@ class Spinach::Features::Snippets < Spinach::FeatureSteps
|
||||||
click_button "Create snippet"
|
click_button "Create snippet"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
step 'I submit new internal snippet' do
|
||||||
|
fill_in "personal_snippet_title", :with => "Internal personal snippet one"
|
||||||
|
fill_in "personal_snippet_file_name", :with => "my_snippet.rb"
|
||||||
|
choose 'personal_snippet_visibility_level_10'
|
||||||
|
|
||||||
|
page.within('.file-editor') do
|
||||||
|
find(:xpath, "//input[@id='personal_snippet_content']").set 'Content of internal snippet'
|
||||||
|
end
|
||||||
|
|
||||||
|
click_button "Create snippet"
|
||||||
|
end
|
||||||
|
|
||||||
step 'I should see snippet "Personal snippet three"' do
|
step 'I should see snippet "Personal snippet three"' do
|
||||||
expect(page).to have_content "Personal snippet three"
|
expect(page).to have_content "Personal snippet three"
|
||||||
expect(page).to have_content "Content of snippet three"
|
expect(page).to have_content "Content of snippet three"
|
||||||
|
@ -58,7 +70,15 @@ class Spinach::Features::Snippets < Spinach::FeatureSteps
|
||||||
visit snippet_path(snippet)
|
visit snippet_path(snippet)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
step 'I visit snippet page "Internal personal snippet one"' do
|
||||||
|
visit snippet_path(internal_snippet)
|
||||||
|
end
|
||||||
|
|
||||||
def snippet
|
def snippet
|
||||||
@snippet ||= PersonalSnippet.find_by!(title: "Personal snippet one")
|
@snippet ||= PersonalSnippet.find_by!(title: "Personal snippet one")
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def internal_snippet
|
||||||
|
@snippet ||= PersonalSnippet.find_by!(title: "Internal personal snippet one")
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -39,4 +39,9 @@ module LoginHelpers
|
||||||
def logout
|
def logout
|
||||||
find(:css, ".fa.fa-sign-out").click
|
find(:css, ".fa.fa-sign-out").click
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Logout without JavaScript driver
|
||||||
|
def logout_direct
|
||||||
|
page.driver.submit :delete, '/users/sign_out', {}
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue