Rename allow_guest_to_access_builds to public_builds
This commit is contained in:
parent
6a5a175d9f
commit
b4c36130cc
12 changed files with 207 additions and 101 deletions
|
@ -227,7 +227,7 @@ class ProjectsController < ApplicationController
|
||||||
:issues_enabled, :merge_requests_enabled, :snippets_enabled, :issues_tracker_id, :default_branch,
|
:issues_enabled, :merge_requests_enabled, :snippets_enabled, :issues_tracker_id, :default_branch,
|
||||||
:wiki_enabled, :visibility_level, :import_url, :last_activity_at, :namespace_id, :avatar,
|
:wiki_enabled, :visibility_level, :import_url, :last_activity_at, :namespace_id, :avatar,
|
||||||
:builds_enabled, :build_allow_git_fetch, :build_timeout_in_minutes, :build_coverage_regex,
|
:builds_enabled, :build_allow_git_fetch, :build_timeout_in_minutes, :build_coverage_regex,
|
||||||
:allow_guest_to_access_builds,
|
:public_builds,
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -64,7 +64,7 @@ class Ability
|
||||||
]
|
]
|
||||||
|
|
||||||
# Allow to read builds by anonymous user if guests are allowed
|
# Allow to read builds by anonymous user if guests are allowed
|
||||||
rules << :read_build if project.allow_guest_to_access_builds?
|
rules << :read_build if project.public_builds?
|
||||||
|
|
||||||
rules - project_disabled_features_rules(project)
|
rules - project_disabled_features_rules(project)
|
||||||
else
|
else
|
||||||
|
@ -132,9 +132,9 @@ class Ability
|
||||||
rules.push(*public_project_rules)
|
rules.push(*public_project_rules)
|
||||||
end
|
end
|
||||||
|
|
||||||
# Allow to read builds if guests are allowed
|
# Allow to read builds for internal projects
|
||||||
if team.guest?(user) || project.public? || project.internal?
|
if project.public? || project.internal?
|
||||||
rules << :read_build if project.allow_guest_to_access_builds?
|
rules << :read_build if project.public_builds?
|
||||||
end
|
end
|
||||||
|
|
||||||
if project.owner == user || user.admin?
|
if project.owner == user || user.admin?
|
||||||
|
@ -172,7 +172,6 @@ class Ability
|
||||||
:read_project_member,
|
:read_project_member,
|
||||||
:read_merge_request,
|
:read_merge_request,
|
||||||
:read_note,
|
:read_note,
|
||||||
:read_commit_status,
|
|
||||||
:create_project,
|
:create_project,
|
||||||
:create_issue,
|
:create_issue,
|
||||||
:create_note
|
:create_note
|
||||||
|
@ -187,6 +186,7 @@ class Ability
|
||||||
:update_issue,
|
:update_issue,
|
||||||
:admin_issue,
|
:admin_issue,
|
||||||
:admin_label,
|
:admin_label,
|
||||||
|
:read_commit_status,
|
||||||
:read_build,
|
:read_build,
|
||||||
]
|
]
|
||||||
end
|
end
|
||||||
|
|
|
@ -162,10 +162,10 @@
|
||||||
.form-group
|
.form-group
|
||||||
.col-sm-offset-2.col-sm-10
|
.col-sm-offset-2.col-sm-10
|
||||||
.checkbox
|
.checkbox
|
||||||
= f.label :allow_guest_to_access_builds do
|
= f.label :public_builds do
|
||||||
= f.check_box :allow_guest_to_access_builds
|
= f.check_box :public_builds
|
||||||
%strong Guests can see builds
|
%strong Public builds
|
||||||
.help-block Allow guests and anonymous users to access builds including build trace and artifacts
|
.help-block Allow everyone to access builds for Public and Internal projects
|
||||||
|
|
||||||
%fieldset.features
|
%fieldset.features
|
||||||
%legend
|
%legend
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
class AddAllowGuestToAccessBuildsProject < ActiveRecord::Migration
|
class AddAllowGuestToAccessBuildsProject < ActiveRecord::Migration
|
||||||
def change
|
def change
|
||||||
add_column :projects, :allow_guest_to_access_builds, :boolean, default: true, null: false
|
add_column :projects, :public_builds, :boolean, default: true, null: false
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -678,7 +678,7 @@ ActiveRecord::Schema.define(version: 20160202164642) do
|
||||||
t.boolean "build_allow_git_fetch", default: true, null: false
|
t.boolean "build_allow_git_fetch", default: true, null: false
|
||||||
t.integer "build_timeout", default: 3600, null: false
|
t.integer "build_timeout", default: 3600, null: false
|
||||||
t.boolean "pending_delete", default: false
|
t.boolean "pending_delete", default: false
|
||||||
t.boolean "allow_guest_to_access_builds", default: true, null: false
|
t.boolean "public_builds", default: true, null: false
|
||||||
end
|
end
|
||||||
|
|
||||||
add_index "projects", ["builds_enabled", "shared_runners_enabled"], name: "index_projects_on_builds_enabled_and_shared_runners_enabled", using: :btree
|
add_index "projects", ["builds_enabled", "shared_runners_enabled"], name: "index_projects_on_builds_enabled_and_shared_runners_enabled", using: :btree
|
||||||
|
|
|
@ -82,7 +82,7 @@ Parameters:
|
||||||
"forks_count": 0,
|
"forks_count": 0,
|
||||||
"star_count": 0,
|
"star_count": 0,
|
||||||
"runners_token": "b8547b1dc37721d05889db52fa2f02",
|
"runners_token": "b8547b1dc37721d05889db52fa2f02",
|
||||||
"allow_guest_to_access_builds": true
|
"public_builds": true
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"id": 6,
|
"id": 6,
|
||||||
|
@ -140,7 +140,7 @@ Parameters:
|
||||||
"forks_count": 0,
|
"forks_count": 0,
|
||||||
"star_count": 0,
|
"star_count": 0,
|
||||||
"runners_token": "b8547b1dc37721d05889db52fa2f02",
|
"runners_token": "b8547b1dc37721d05889db52fa2f02",
|
||||||
"allow_guest_to_access_builds": true
|
"public_builds": true
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
```
|
```
|
||||||
|
@ -427,7 +427,7 @@ Parameters:
|
||||||
- `public` (optional) - if `true` same as setting visibility_level = 20
|
- `public` (optional) - if `true` same as setting visibility_level = 20
|
||||||
- `visibility_level` (optional)
|
- `visibility_level` (optional)
|
||||||
- `import_url` (optional)
|
- `import_url` (optional)
|
||||||
- `allow_guest_to_access_builds` (optional)
|
- `public_builds` (optional)
|
||||||
|
|
||||||
### Create project for user
|
### Create project for user
|
||||||
|
|
||||||
|
@ -450,7 +450,7 @@ Parameters:
|
||||||
- `public` (optional) - if `true` same as setting visibility_level = 20
|
- `public` (optional) - if `true` same as setting visibility_level = 20
|
||||||
- `visibility_level` (optional)
|
- `visibility_level` (optional)
|
||||||
- `import_url` (optional)
|
- `import_url` (optional)
|
||||||
- `allow_guest_to_access_builds` (optional)
|
- `public_builds` (optional)
|
||||||
|
|
||||||
### Edit project
|
### Edit project
|
||||||
|
|
||||||
|
@ -474,7 +474,7 @@ Parameters:
|
||||||
- `snippets_enabled` (optional)
|
- `snippets_enabled` (optional)
|
||||||
- `public` (optional) - if `true` same as setting visibility_level = 20
|
- `public` (optional) - if `true` same as setting visibility_level = 20
|
||||||
- `visibility_level` (optional)
|
- `visibility_level` (optional)
|
||||||
- `allow_guest_to_access_builds` (optional)
|
- `public_builds` (optional)
|
||||||
|
|
||||||
On success, method returns 200 with the updated project. If parameters are
|
On success, method returns 200 with the updated project. If parameters are
|
||||||
invalid, 400 is returned.
|
invalid, 400 is returned.
|
||||||
|
|
|
@ -240,6 +240,14 @@ module SharedProject
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
step 'public access for builds is enabled' do
|
||||||
|
@project.update(public_builds: true)
|
||||||
|
end
|
||||||
|
|
||||||
|
step 'public access for builds is disabled' do
|
||||||
|
@project.update(public_builds: false)
|
||||||
|
end
|
||||||
|
|
||||||
def user_owns_project(user_name:, project_name:, visibility: :private)
|
def user_owns_project(user_name:, project_name:, visibility: :private)
|
||||||
user = user_exists(user_name, username: user_name.gsub(/\s/, '').underscore)
|
user = user_exists(user_name, username: user_name.gsub(/\s/, '').underscore)
|
||||||
project = Project.find_by(name: project_name)
|
project = Project.find_by(name: project_name)
|
||||||
|
|
|
@ -72,7 +72,7 @@ module API
|
||||||
expose :star_count, :forks_count
|
expose :star_count, :forks_count
|
||||||
expose :open_issues_count, if: lambda { |project, options| project.issues_enabled? && project.default_issues_tracker? }
|
expose :open_issues_count, if: lambda { |project, options| project.issues_enabled? && project.default_issues_tracker? }
|
||||||
expose :runners_token, if: lambda { |_project, options| options[:user_can_admin_project] }
|
expose :runners_token, if: lambda { |_project, options| options[:user_can_admin_project] }
|
||||||
expose :allow_guest_to_access_builds
|
expose :public_builds
|
||||||
end
|
end
|
||||||
|
|
||||||
class ProjectMember < UserBasic
|
class ProjectMember < UserBasic
|
||||||
|
@ -384,7 +384,7 @@ module API
|
||||||
# for downloading of artifacts (see: https://gitlab.com/gitlab-org/gitlab-ce/issues/4255)
|
# for downloading of artifacts (see: https://gitlab.com/gitlab-org/gitlab-ce/issues/4255)
|
||||||
expose :download_url do |repo_obj, options|
|
expose :download_url do |repo_obj, options|
|
||||||
if options[:user_can_download_artifacts]
|
if options[:user_can_download_artifacts]
|
||||||
repo_obj.download_url
|
repo_obj.artifacts_download_url
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
expose :commit, with: RepoCommit do |repo_obj, _options|
|
expose :commit, with: RepoCommit do |repo_obj, _options|
|
||||||
|
|
|
@ -99,7 +99,7 @@ module API
|
||||||
# public (optional) - if true same as setting visibility_level = 20
|
# public (optional) - if true same as setting visibility_level = 20
|
||||||
# visibility_level (optional) - 0 by default
|
# visibility_level (optional) - 0 by default
|
||||||
# import_url (optional)
|
# import_url (optional)
|
||||||
# allow_guest_to_access_builds (optional)
|
# public_builds (optional)
|
||||||
# Example Request
|
# Example Request
|
||||||
# POST /projects
|
# POST /projects
|
||||||
post do
|
post do
|
||||||
|
@ -117,7 +117,7 @@ module API
|
||||||
:public,
|
:public,
|
||||||
:visibility_level,
|
:visibility_level,
|
||||||
:import_url,
|
:import_url,
|
||||||
:allow_guest_to_access_builds]
|
:public_builds]
|
||||||
attrs = map_public_to_visibility_level(attrs)
|
attrs = map_public_to_visibility_level(attrs)
|
||||||
@project = ::Projects::CreateService.new(current_user, attrs).execute
|
@project = ::Projects::CreateService.new(current_user, attrs).execute
|
||||||
if @project.saved?
|
if @project.saved?
|
||||||
|
@ -147,7 +147,7 @@ module API
|
||||||
# public (optional) - if true same as setting visibility_level = 20
|
# public (optional) - if true same as setting visibility_level = 20
|
||||||
# visibility_level (optional)
|
# visibility_level (optional)
|
||||||
# import_url (optional)
|
# import_url (optional)
|
||||||
# allow_guest_to_access_builds (optional)
|
# public_builds (optional)
|
||||||
# Example Request
|
# Example Request
|
||||||
# POST /projects/user/:user_id
|
# POST /projects/user/:user_id
|
||||||
post "user/:user_id" do
|
post "user/:user_id" do
|
||||||
|
@ -165,7 +165,7 @@ module API
|
||||||
:public,
|
:public,
|
||||||
:visibility_level,
|
:visibility_level,
|
||||||
:import_url,
|
:import_url,
|
||||||
:allow_guest_to_access_builds]
|
:public_builds]
|
||||||
attrs = map_public_to_visibility_level(attrs)
|
attrs = map_public_to_visibility_level(attrs)
|
||||||
@project = ::Projects::CreateService.new(user, attrs).execute
|
@project = ::Projects::CreateService.new(user, attrs).execute
|
||||||
if @project.saved?
|
if @project.saved?
|
||||||
|
@ -209,7 +209,7 @@ module API
|
||||||
# shared_runners_enabled (optional)
|
# shared_runners_enabled (optional)
|
||||||
# public (optional) - if true same as setting visibility_level = 20
|
# public (optional) - if true same as setting visibility_level = 20
|
||||||
# visibility_level (optional) - visibility level of a project
|
# visibility_level (optional) - visibility level of a project
|
||||||
# allow_guest_to_access_builds (optional)
|
# public_builds (optional)
|
||||||
# Example Request
|
# Example Request
|
||||||
# PUT /projects/:id
|
# PUT /projects/:id
|
||||||
put ':id' do
|
put ':id' do
|
||||||
|
@ -225,7 +225,7 @@ module API
|
||||||
:shared_runners_enabled,
|
:shared_runners_enabled,
|
||||||
:public,
|
:public,
|
||||||
:visibility_level,
|
:visibility_level,
|
||||||
:allow_guest_to_access_builds]
|
:public_builds]
|
||||||
attrs = map_public_to_visibility_level(attrs)
|
attrs = map_public_to_visibility_level(attrs)
|
||||||
authorize_admin_project
|
authorize_admin_project
|
||||||
authorize! :rename_project, user_project if attrs[:name].present?
|
authorize! :rename_project, user_project if attrs[:name].present?
|
||||||
|
|
|
@ -8,7 +8,7 @@ describe "Builds" do
|
||||||
@commit = FactoryGirl.create :ci_commit
|
@commit = FactoryGirl.create :ci_commit
|
||||||
@build = FactoryGirl.create :ci_build, commit: @commit
|
@build = FactoryGirl.create :ci_build, commit: @commit
|
||||||
@project = @commit.project
|
@project = @commit.project
|
||||||
@project.team << [@user, :master]
|
@project.team << [@user, :developer]
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "GET /:project/builds" do
|
describe "GET /:project/builds" do
|
||||||
|
|
|
@ -8,7 +8,6 @@ describe 'Commits' do
|
||||||
describe 'CI' do
|
describe 'CI' do
|
||||||
before do
|
before do
|
||||||
login_as :user
|
login_as :user
|
||||||
project.team << [@user, :master]
|
|
||||||
stub_ci_commit_to_return_yaml_file
|
stub_ci_commit_to_return_yaml_file
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -19,6 +18,10 @@ describe 'Commits' do
|
||||||
context 'commit status is Generic Commit Status' do
|
context 'commit status is Generic Commit Status' do
|
||||||
let!(:status) { FactoryGirl.create :generic_commit_status, commit: commit }
|
let!(:status) { FactoryGirl.create :generic_commit_status, commit: commit }
|
||||||
|
|
||||||
|
before do
|
||||||
|
project.team << [@user, :reporter]
|
||||||
|
end
|
||||||
|
|
||||||
describe 'Commit builds' do
|
describe 'Commit builds' do
|
||||||
before do
|
before do
|
||||||
visit ci_status_path(commit)
|
visit ci_status_path(commit)
|
||||||
|
@ -37,6 +40,12 @@ describe 'Commits' do
|
||||||
|
|
||||||
context 'commit status is Ci Build' do
|
context 'commit status is Ci Build' do
|
||||||
let!(:build) { FactoryGirl.create :ci_build, commit: commit }
|
let!(:build) { FactoryGirl.create :ci_build, commit: commit }
|
||||||
|
let(:artifacts_file) { fixture_file_upload(Rails.root + 'spec/fixtures/banana_sample.gif', 'image/gif') }
|
||||||
|
|
||||||
|
context 'when logged as developer' do
|
||||||
|
before do
|
||||||
|
project.team << [@user, :developer]
|
||||||
|
end
|
||||||
|
|
||||||
describe 'Project commits' do
|
describe 'Project commits' do
|
||||||
before do
|
before do
|
||||||
|
@ -61,8 +70,6 @@ describe 'Commits' do
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'Download artifacts' do
|
context 'Download artifacts' do
|
||||||
let(:artifacts_file) { fixture_file_upload(Rails.root + 'spec/fixtures/banana_sample.gif', 'image/gif') }
|
|
||||||
|
|
||||||
before do
|
before do
|
||||||
build.update_attributes(artifacts_file: artifacts_file)
|
build.update_attributes(artifacts_file: artifacts_file)
|
||||||
end
|
end
|
||||||
|
@ -117,5 +124,42 @@ describe 'Commits' do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context "when logged as reporter" do
|
||||||
|
before do
|
||||||
|
project.team << [@user, :reporter]
|
||||||
|
build.update_attributes(artifacts_file: artifacts_file)
|
||||||
|
visit ci_status_path(commit)
|
||||||
|
end
|
||||||
|
|
||||||
|
it do
|
||||||
|
expect(page).to have_content commit.sha[0..7]
|
||||||
|
expect(page).to have_content commit.git_commit_message
|
||||||
|
expect(page).to have_content commit.git_author_name
|
||||||
|
expect(page).to have_link('Download artifacts')
|
||||||
|
expect(page).to_not have_link('Cancel running')
|
||||||
|
expect(page).to_not have_link('Retry failed')
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when accessing internal project with disallowed access' do
|
||||||
|
before do
|
||||||
|
project.update(
|
||||||
|
visibility_level: Gitlab::VisibilityLevel::INTERNAL,
|
||||||
|
public_builds: false)
|
||||||
|
build.update_attributes(artifacts_file: artifacts_file)
|
||||||
|
visit ci_status_path(commit)
|
||||||
|
end
|
||||||
|
|
||||||
|
it do
|
||||||
|
expect(page).to have_content commit.sha[0..7]
|
||||||
|
expect(page).to have_content commit.git_commit_message
|
||||||
|
expect(page).to have_content commit.git_author_name
|
||||||
|
expect(page).to_not have_link('Download artifacts')
|
||||||
|
expect(page).to_not have_link('Cancel running')
|
||||||
|
expect(page).to_not have_link('Retry failed')
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -96,6 +96,60 @@ describe "Public Project Access", feature: true do
|
||||||
it { is_expected.to be_denied_for :visitor }
|
it { is_expected.to be_denied_for :visitor }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe "GET /:project_path/builds" do
|
||||||
|
subject { namespace_project_builds_path(project.namespace, project) }
|
||||||
|
|
||||||
|
context "when allowed for public" do
|
||||||
|
before { project.update(public_builds: true) }
|
||||||
|
|
||||||
|
it { is_expected.to be_allowed_for master }
|
||||||
|
it { is_expected.to be_allowed_for reporter }
|
||||||
|
it { is_expected.to be_allowed_for :admin }
|
||||||
|
it { is_expected.to be_allowed_for guest }
|
||||||
|
it { is_expected.to be_allowed_for :user }
|
||||||
|
it { is_expected.to be_allowed_for :visitor }
|
||||||
|
end
|
||||||
|
|
||||||
|
context "when disallowed for public" do
|
||||||
|
before { project.update(public_builds: false) }
|
||||||
|
|
||||||
|
it { is_expected.to be_allowed_for master }
|
||||||
|
it { is_expected.to be_allowed_for reporter }
|
||||||
|
it { is_expected.to be_allowed_for :admin }
|
||||||
|
it { is_expected.to be_denied_for guest }
|
||||||
|
it { is_expected.to be_denied_for :user }
|
||||||
|
it { is_expected.to be_denied_for :visitor }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "GET /:project_path/builds/:id" do
|
||||||
|
let(:commit) { create(:ci_commit, project: project) }
|
||||||
|
let(:build) { create(:ci_build, commit: commit) }
|
||||||
|
subject { namespace_project_build_path(project.namespace, project, build.id) }
|
||||||
|
|
||||||
|
context "when allowed for public" do
|
||||||
|
before { project.update(public_builds: true) }
|
||||||
|
|
||||||
|
it { is_expected.to be_allowed_for master }
|
||||||
|
it { is_expected.to be_allowed_for reporter }
|
||||||
|
it { is_expected.to be_allowed_for :admin }
|
||||||
|
it { is_expected.to be_allowed_for guest }
|
||||||
|
it { is_expected.to be_allowed_for :user }
|
||||||
|
it { is_expected.to be_allowed_for :visitor }
|
||||||
|
end
|
||||||
|
|
||||||
|
context "when disallowed for public" do
|
||||||
|
before { project.update(public_builds: false) }
|
||||||
|
|
||||||
|
it { is_expected.to be_allowed_for master }
|
||||||
|
it { is_expected.to be_allowed_for reporter }
|
||||||
|
it { is_expected.to be_allowed_for :admin }
|
||||||
|
it { is_expected.to be_denied_for guest }
|
||||||
|
it { is_expected.to be_denied_for :user }
|
||||||
|
it { is_expected.to be_denied_for :visitor }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
describe "GET /:project_path/blob" do
|
describe "GET /:project_path/blob" do
|
||||||
before do
|
before do
|
||||||
commit = project.repository.commit
|
commit = project.repository.commit
|
||||||
|
|
Loading…
Reference in a new issue