Rename allow_guest_to_access_builds to public_builds

This commit is contained in:
Kamil Trzcinski 2016-02-04 12:57:46 +01:00
parent 6a5a175d9f
commit b4c36130cc
12 changed files with 207 additions and 101 deletions

View file

@ -227,7 +227,7 @@ class ProjectsController < ApplicationController
:issues_enabled, :merge_requests_enabled, :snippets_enabled, :issues_tracker_id, :default_branch, :issues_enabled, :merge_requests_enabled, :snippets_enabled, :issues_tracker_id, :default_branch,
:wiki_enabled, :visibility_level, :import_url, :last_activity_at, :namespace_id, :avatar, :wiki_enabled, :visibility_level, :import_url, :last_activity_at, :namespace_id, :avatar,
:builds_enabled, :build_allow_git_fetch, :build_timeout_in_minutes, :build_coverage_regex, :builds_enabled, :build_allow_git_fetch, :build_timeout_in_minutes, :build_coverage_regex,
:allow_guest_to_access_builds, :public_builds,
) )
end end

View file

@ -64,7 +64,7 @@ class Ability
] ]
# Allow to read builds by anonymous user if guests are allowed # Allow to read builds by anonymous user if guests are allowed
rules << :read_build if project.allow_guest_to_access_builds? rules << :read_build if project.public_builds?
rules - project_disabled_features_rules(project) rules - project_disabled_features_rules(project)
else else
@ -132,9 +132,9 @@ class Ability
rules.push(*public_project_rules) rules.push(*public_project_rules)
end end
# Allow to read builds if guests are allowed # Allow to read builds for internal projects
if team.guest?(user) || project.public? || project.internal? if project.public? || project.internal?
rules << :read_build if project.allow_guest_to_access_builds? rules << :read_build if project.public_builds?
end end
if project.owner == user || user.admin? if project.owner == user || user.admin?
@ -172,7 +172,6 @@ class Ability
:read_project_member, :read_project_member,
:read_merge_request, :read_merge_request,
:read_note, :read_note,
:read_commit_status,
:create_project, :create_project,
:create_issue, :create_issue,
:create_note :create_note
@ -187,6 +186,7 @@ class Ability
:update_issue, :update_issue,
:admin_issue, :admin_issue,
:admin_label, :admin_label,
:read_commit_status,
:read_build, :read_build,
] ]
end end

View file

@ -162,10 +162,10 @@
.form-group .form-group
.col-sm-offset-2.col-sm-10 .col-sm-offset-2.col-sm-10
.checkbox .checkbox
= f.label :allow_guest_to_access_builds do = f.label :public_builds do
= f.check_box :allow_guest_to_access_builds = f.check_box :public_builds
%strong Guests can see builds %strong Public builds
.help-block Allow guests and anonymous users to access builds including build trace and artifacts .help-block Allow everyone to access builds for Public and Internal projects
%fieldset.features %fieldset.features
%legend %legend

View file

@ -1,5 +1,5 @@
class AddAllowGuestToAccessBuildsProject < ActiveRecord::Migration class AddAllowGuestToAccessBuildsProject < ActiveRecord::Migration
def change def change
add_column :projects, :allow_guest_to_access_builds, :boolean, default: true, null: false add_column :projects, :public_builds, :boolean, default: true, null: false
end end
end end

View file

@ -678,7 +678,7 @@ ActiveRecord::Schema.define(version: 20160202164642) do
t.boolean "build_allow_git_fetch", default: true, null: false t.boolean "build_allow_git_fetch", default: true, null: false
t.integer "build_timeout", default: 3600, null: false t.integer "build_timeout", default: 3600, null: false
t.boolean "pending_delete", default: false t.boolean "pending_delete", default: false
t.boolean "allow_guest_to_access_builds", default: true, null: false t.boolean "public_builds", default: true, null: false
end end
add_index "projects", ["builds_enabled", "shared_runners_enabled"], name: "index_projects_on_builds_enabled_and_shared_runners_enabled", using: :btree add_index "projects", ["builds_enabled", "shared_runners_enabled"], name: "index_projects_on_builds_enabled_and_shared_runners_enabled", using: :btree

View file

@ -82,7 +82,7 @@ Parameters:
"forks_count": 0, "forks_count": 0,
"star_count": 0, "star_count": 0,
"runners_token": "b8547b1dc37721d05889db52fa2f02", "runners_token": "b8547b1dc37721d05889db52fa2f02",
"allow_guest_to_access_builds": true "public_builds": true
}, },
{ {
"id": 6, "id": 6,
@ -140,7 +140,7 @@ Parameters:
"forks_count": 0, "forks_count": 0,
"star_count": 0, "star_count": 0,
"runners_token": "b8547b1dc37721d05889db52fa2f02", "runners_token": "b8547b1dc37721d05889db52fa2f02",
"allow_guest_to_access_builds": true "public_builds": true
} }
] ]
``` ```
@ -427,7 +427,7 @@ Parameters:
- `public` (optional) - if `true` same as setting visibility_level = 20 - `public` (optional) - if `true` same as setting visibility_level = 20
- `visibility_level` (optional) - `visibility_level` (optional)
- `import_url` (optional) - `import_url` (optional)
- `allow_guest_to_access_builds` (optional) - `public_builds` (optional)
### Create project for user ### Create project for user
@ -450,7 +450,7 @@ Parameters:
- `public` (optional) - if `true` same as setting visibility_level = 20 - `public` (optional) - if `true` same as setting visibility_level = 20
- `visibility_level` (optional) - `visibility_level` (optional)
- `import_url` (optional) - `import_url` (optional)
- `allow_guest_to_access_builds` (optional) - `public_builds` (optional)
### Edit project ### Edit project
@ -474,7 +474,7 @@ Parameters:
- `snippets_enabled` (optional) - `snippets_enabled` (optional)
- `public` (optional) - if `true` same as setting visibility_level = 20 - `public` (optional) - if `true` same as setting visibility_level = 20
- `visibility_level` (optional) - `visibility_level` (optional)
- `allow_guest_to_access_builds` (optional) - `public_builds` (optional)
On success, method returns 200 with the updated project. If parameters are On success, method returns 200 with the updated project. If parameters are
invalid, 400 is returned. invalid, 400 is returned.

View file

@ -240,6 +240,14 @@ module SharedProject
end end
end end
step 'public access for builds is enabled' do
@project.update(public_builds: true)
end
step 'public access for builds is disabled' do
@project.update(public_builds: false)
end
def user_owns_project(user_name:, project_name:, visibility: :private) def user_owns_project(user_name:, project_name:, visibility: :private)
user = user_exists(user_name, username: user_name.gsub(/\s/, '').underscore) user = user_exists(user_name, username: user_name.gsub(/\s/, '').underscore)
project = Project.find_by(name: project_name) project = Project.find_by(name: project_name)

View file

@ -72,7 +72,7 @@ module API
expose :star_count, :forks_count expose :star_count, :forks_count
expose :open_issues_count, if: lambda { |project, options| project.issues_enabled? && project.default_issues_tracker? } expose :open_issues_count, if: lambda { |project, options| project.issues_enabled? && project.default_issues_tracker? }
expose :runners_token, if: lambda { |_project, options| options[:user_can_admin_project] } expose :runners_token, if: lambda { |_project, options| options[:user_can_admin_project] }
expose :allow_guest_to_access_builds expose :public_builds
end end
class ProjectMember < UserBasic class ProjectMember < UserBasic
@ -384,7 +384,7 @@ module API
# for downloading of artifacts (see: https://gitlab.com/gitlab-org/gitlab-ce/issues/4255) # for downloading of artifacts (see: https://gitlab.com/gitlab-org/gitlab-ce/issues/4255)
expose :download_url do |repo_obj, options| expose :download_url do |repo_obj, options|
if options[:user_can_download_artifacts] if options[:user_can_download_artifacts]
repo_obj.download_url repo_obj.artifacts_download_url
end end
end end
expose :commit, with: RepoCommit do |repo_obj, _options| expose :commit, with: RepoCommit do |repo_obj, _options|

View file

@ -99,7 +99,7 @@ module API
# public (optional) - if true same as setting visibility_level = 20 # public (optional) - if true same as setting visibility_level = 20
# visibility_level (optional) - 0 by default # visibility_level (optional) - 0 by default
# import_url (optional) # import_url (optional)
# allow_guest_to_access_builds (optional) # public_builds (optional)
# Example Request # Example Request
# POST /projects # POST /projects
post do post do
@ -117,7 +117,7 @@ module API
:public, :public,
:visibility_level, :visibility_level,
:import_url, :import_url,
:allow_guest_to_access_builds] :public_builds]
attrs = map_public_to_visibility_level(attrs) attrs = map_public_to_visibility_level(attrs)
@project = ::Projects::CreateService.new(current_user, attrs).execute @project = ::Projects::CreateService.new(current_user, attrs).execute
if @project.saved? if @project.saved?
@ -147,7 +147,7 @@ module API
# public (optional) - if true same as setting visibility_level = 20 # public (optional) - if true same as setting visibility_level = 20
# visibility_level (optional) # visibility_level (optional)
# import_url (optional) # import_url (optional)
# allow_guest_to_access_builds (optional) # public_builds (optional)
# Example Request # Example Request
# POST /projects/user/:user_id # POST /projects/user/:user_id
post "user/:user_id" do post "user/:user_id" do
@ -165,7 +165,7 @@ module API
:public, :public,
:visibility_level, :visibility_level,
:import_url, :import_url,
:allow_guest_to_access_builds] :public_builds]
attrs = map_public_to_visibility_level(attrs) attrs = map_public_to_visibility_level(attrs)
@project = ::Projects::CreateService.new(user, attrs).execute @project = ::Projects::CreateService.new(user, attrs).execute
if @project.saved? if @project.saved?
@ -209,7 +209,7 @@ module API
# shared_runners_enabled (optional) # shared_runners_enabled (optional)
# public (optional) - if true same as setting visibility_level = 20 # public (optional) - if true same as setting visibility_level = 20
# visibility_level (optional) - visibility level of a project # visibility_level (optional) - visibility level of a project
# allow_guest_to_access_builds (optional) # public_builds (optional)
# Example Request # Example Request
# PUT /projects/:id # PUT /projects/:id
put ':id' do put ':id' do
@ -225,7 +225,7 @@ module API
:shared_runners_enabled, :shared_runners_enabled,
:public, :public,
:visibility_level, :visibility_level,
:allow_guest_to_access_builds] :public_builds]
attrs = map_public_to_visibility_level(attrs) attrs = map_public_to_visibility_level(attrs)
authorize_admin_project authorize_admin_project
authorize! :rename_project, user_project if attrs[:name].present? authorize! :rename_project, user_project if attrs[:name].present?

View file

@ -8,7 +8,7 @@ describe "Builds" do
@commit = FactoryGirl.create :ci_commit @commit = FactoryGirl.create :ci_commit
@build = FactoryGirl.create :ci_build, commit: @commit @build = FactoryGirl.create :ci_build, commit: @commit
@project = @commit.project @project = @commit.project
@project.team << [@user, :master] @project.team << [@user, :developer]
end end
describe "GET /:project/builds" do describe "GET /:project/builds" do

View file

@ -8,7 +8,6 @@ describe 'Commits' do
describe 'CI' do describe 'CI' do
before do before do
login_as :user login_as :user
project.team << [@user, :master]
stub_ci_commit_to_return_yaml_file stub_ci_commit_to_return_yaml_file
end end
@ -19,6 +18,10 @@ describe 'Commits' do
context 'commit status is Generic Commit Status' do context 'commit status is Generic Commit Status' do
let!(:status) { FactoryGirl.create :generic_commit_status, commit: commit } let!(:status) { FactoryGirl.create :generic_commit_status, commit: commit }
before do
project.team << [@user, :reporter]
end
describe 'Commit builds' do describe 'Commit builds' do
before do before do
visit ci_status_path(commit) visit ci_status_path(commit)
@ -37,6 +40,12 @@ describe 'Commits' do
context 'commit status is Ci Build' do context 'commit status is Ci Build' do
let!(:build) { FactoryGirl.create :ci_build, commit: commit } let!(:build) { FactoryGirl.create :ci_build, commit: commit }
let(:artifacts_file) { fixture_file_upload(Rails.root + 'spec/fixtures/banana_sample.gif', 'image/gif') }
context 'when logged as developer' do
before do
project.team << [@user, :developer]
end
describe 'Project commits' do describe 'Project commits' do
before do before do
@ -61,8 +70,6 @@ describe 'Commits' do
end end
context 'Download artifacts' do context 'Download artifacts' do
let(:artifacts_file) { fixture_file_upload(Rails.root + 'spec/fixtures/banana_sample.gif', 'image/gif') }
before do before do
build.update_attributes(artifacts_file: artifacts_file) build.update_attributes(artifacts_file: artifacts_file)
end end
@ -117,5 +124,42 @@ describe 'Commits' do
end end
end end
end end
context "when logged as reporter" do
before do
project.team << [@user, :reporter]
build.update_attributes(artifacts_file: artifacts_file)
visit ci_status_path(commit)
end
it do
expect(page).to have_content commit.sha[0..7]
expect(page).to have_content commit.git_commit_message
expect(page).to have_content commit.git_author_name
expect(page).to have_link('Download artifacts')
expect(page).to_not have_link('Cancel running')
expect(page).to_not have_link('Retry failed')
end
end
context 'when accessing internal project with disallowed access' do
before do
project.update(
visibility_level: Gitlab::VisibilityLevel::INTERNAL,
public_builds: false)
build.update_attributes(artifacts_file: artifacts_file)
visit ci_status_path(commit)
end
it do
expect(page).to have_content commit.sha[0..7]
expect(page).to have_content commit.git_commit_message
expect(page).to have_content commit.git_author_name
expect(page).to_not have_link('Download artifacts')
expect(page).to_not have_link('Cancel running')
expect(page).to_not have_link('Retry failed')
end
end
end
end end
end end

View file

@ -96,6 +96,60 @@ describe "Public Project Access", feature: true do
it { is_expected.to be_denied_for :visitor } it { is_expected.to be_denied_for :visitor }
end end
describe "GET /:project_path/builds" do
subject { namespace_project_builds_path(project.namespace, project) }
context "when allowed for public" do
before { project.update(public_builds: true) }
it { is_expected.to be_allowed_for master }
it { is_expected.to be_allowed_for reporter }
it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_allowed_for guest }
it { is_expected.to be_allowed_for :user }
it { is_expected.to be_allowed_for :visitor }
end
context "when disallowed for public" do
before { project.update(public_builds: false) }
it { is_expected.to be_allowed_for master }
it { is_expected.to be_allowed_for reporter }
it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :visitor }
end
end
describe "GET /:project_path/builds/:id" do
let(:commit) { create(:ci_commit, project: project) }
let(:build) { create(:ci_build, commit: commit) }
subject { namespace_project_build_path(project.namespace, project, build.id) }
context "when allowed for public" do
before { project.update(public_builds: true) }
it { is_expected.to be_allowed_for master }
it { is_expected.to be_allowed_for reporter }
it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_allowed_for guest }
it { is_expected.to be_allowed_for :user }
it { is_expected.to be_allowed_for :visitor }
end
context "when disallowed for public" do
before { project.update(public_builds: false) }
it { is_expected.to be_allowed_for master }
it { is_expected.to be_allowed_for reporter }
it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :visitor }
end
end
describe "GET /:project_path/blob" do describe "GET /:project_path/blob" do
before do before do
commit = project.repository.commit commit = project.repository.commit