Rename allow_guest_to_access_builds to public_builds

This commit is contained in:
Kamil Trzcinski 2016-02-04 12:57:46 +01:00
parent 6a5a175d9f
commit b4c36130cc
12 changed files with 207 additions and 101 deletions

View file

@ -227,7 +227,7 @@ class ProjectsController < ApplicationController
:issues_enabled, :merge_requests_enabled, :snippets_enabled, :issues_tracker_id, :default_branch, :issues_enabled, :merge_requests_enabled, :snippets_enabled, :issues_tracker_id, :default_branch,
:wiki_enabled, :visibility_level, :import_url, :last_activity_at, :namespace_id, :avatar, :wiki_enabled, :visibility_level, :import_url, :last_activity_at, :namespace_id, :avatar,
:builds_enabled, :build_allow_git_fetch, :build_timeout_in_minutes, :build_coverage_regex, :builds_enabled, :build_allow_git_fetch, :build_timeout_in_minutes, :build_coverage_regex,
:allow_guest_to_access_builds, :public_builds,
) )
end end

View file

@ -64,7 +64,7 @@ class Ability
] ]
# Allow to read builds by anonymous user if guests are allowed # Allow to read builds by anonymous user if guests are allowed
rules << :read_build if project.allow_guest_to_access_builds? rules << :read_build if project.public_builds?
rules - project_disabled_features_rules(project) rules - project_disabled_features_rules(project)
else else
@ -132,9 +132,9 @@ class Ability
rules.push(*public_project_rules) rules.push(*public_project_rules)
end end
# Allow to read builds if guests are allowed # Allow to read builds for internal projects
if team.guest?(user) || project.public? || project.internal? if project.public? || project.internal?
rules << :read_build if project.allow_guest_to_access_builds? rules << :read_build if project.public_builds?
end end
if project.owner == user || user.admin? if project.owner == user || user.admin?
@ -172,7 +172,6 @@ class Ability
:read_project_member, :read_project_member,
:read_merge_request, :read_merge_request,
:read_note, :read_note,
:read_commit_status,
:create_project, :create_project,
:create_issue, :create_issue,
:create_note :create_note
@ -187,6 +186,7 @@ class Ability
:update_issue, :update_issue,
:admin_issue, :admin_issue,
:admin_label, :admin_label,
:read_commit_status,
:read_build, :read_build,
] ]
end end

View file

@ -162,10 +162,10 @@
.form-group .form-group
.col-sm-offset-2.col-sm-10 .col-sm-offset-2.col-sm-10
.checkbox .checkbox
= f.label :allow_guest_to_access_builds do = f.label :public_builds do
= f.check_box :allow_guest_to_access_builds = f.check_box :public_builds
%strong Guests can see builds %strong Public builds
.help-block Allow guests and anonymous users to access builds including build trace and artifacts .help-block Allow everyone to access builds for Public and Internal projects
%fieldset.features %fieldset.features
%legend %legend

View file

@ -1,5 +1,5 @@
class AddAllowGuestToAccessBuildsProject < ActiveRecord::Migration class AddAllowGuestToAccessBuildsProject < ActiveRecord::Migration
def change def change
add_column :projects, :allow_guest_to_access_builds, :boolean, default: true, null: false add_column :projects, :public_builds, :boolean, default: true, null: false
end end
end end

View file

@ -650,35 +650,35 @@ ActiveRecord::Schema.define(version: 20160202164642) do
t.datetime "created_at" t.datetime "created_at"
t.datetime "updated_at" t.datetime "updated_at"
t.integer "creator_id" t.integer "creator_id"
t.boolean "issues_enabled", default: true, null: false t.boolean "issues_enabled", default: true, null: false
t.boolean "wall_enabled", default: true, null: false t.boolean "wall_enabled", default: true, null: false
t.boolean "merge_requests_enabled", default: true, null: false t.boolean "merge_requests_enabled", default: true, null: false
t.boolean "wiki_enabled", default: true, null: false t.boolean "wiki_enabled", default: true, null: false
t.integer "namespace_id" t.integer "namespace_id"
t.string "issues_tracker", default: "gitlab", null: false t.string "issues_tracker", default: "gitlab", null: false
t.string "issues_tracker_id" t.string "issues_tracker_id"
t.boolean "snippets_enabled", default: true, null: false t.boolean "snippets_enabled", default: true, null: false
t.datetime "last_activity_at" t.datetime "last_activity_at"
t.string "import_url" t.string "import_url"
t.integer "visibility_level", default: 0, null: false t.integer "visibility_level", default: 0, null: false
t.boolean "archived", default: false, null: false t.boolean "archived", default: false, null: false
t.string "avatar" t.string "avatar"
t.string "import_status" t.string "import_status"
t.float "repository_size", default: 0.0 t.float "repository_size", default: 0.0
t.integer "star_count", default: 0, null: false t.integer "star_count", default: 0, null: false
t.string "import_type" t.string "import_type"
t.string "import_source" t.string "import_source"
t.integer "commit_count", default: 0 t.integer "commit_count", default: 0
t.text "import_error" t.text "import_error"
t.integer "ci_id" t.integer "ci_id"
t.boolean "builds_enabled", default: true, null: false t.boolean "builds_enabled", default: true, null: false
t.boolean "shared_runners_enabled", default: true, null: false t.boolean "shared_runners_enabled", default: true, null: false
t.string "runners_token" t.string "runners_token"
t.string "build_coverage_regex" t.string "build_coverage_regex"
t.boolean "build_allow_git_fetch", default: true, null: false t.boolean "build_allow_git_fetch", default: true, null: false
t.integer "build_timeout", default: 3600, null: false t.integer "build_timeout", default: 3600, null: false
t.boolean "pending_delete", default: false t.boolean "pending_delete", default: false
t.boolean "allow_guest_to_access_builds", default: true, null: false t.boolean "public_builds", default: true, null: false
end end
add_index "projects", ["builds_enabled", "shared_runners_enabled"], name: "index_projects_on_builds_enabled_and_shared_runners_enabled", using: :btree add_index "projects", ["builds_enabled", "shared_runners_enabled"], name: "index_projects_on_builds_enabled_and_shared_runners_enabled", using: :btree

View file

@ -82,7 +82,7 @@ Parameters:
"forks_count": 0, "forks_count": 0,
"star_count": 0, "star_count": 0,
"runners_token": "b8547b1dc37721d05889db52fa2f02", "runners_token": "b8547b1dc37721d05889db52fa2f02",
"allow_guest_to_access_builds": true "public_builds": true
}, },
{ {
"id": 6, "id": 6,
@ -140,7 +140,7 @@ Parameters:
"forks_count": 0, "forks_count": 0,
"star_count": 0, "star_count": 0,
"runners_token": "b8547b1dc37721d05889db52fa2f02", "runners_token": "b8547b1dc37721d05889db52fa2f02",
"allow_guest_to_access_builds": true "public_builds": true
} }
] ]
``` ```
@ -427,7 +427,7 @@ Parameters:
- `public` (optional) - if `true` same as setting visibility_level = 20 - `public` (optional) - if `true` same as setting visibility_level = 20
- `visibility_level` (optional) - `visibility_level` (optional)
- `import_url` (optional) - `import_url` (optional)
- `allow_guest_to_access_builds` (optional) - `public_builds` (optional)
### Create project for user ### Create project for user
@ -450,7 +450,7 @@ Parameters:
- `public` (optional) - if `true` same as setting visibility_level = 20 - `public` (optional) - if `true` same as setting visibility_level = 20
- `visibility_level` (optional) - `visibility_level` (optional)
- `import_url` (optional) - `import_url` (optional)
- `allow_guest_to_access_builds` (optional) - `public_builds` (optional)
### Edit project ### Edit project
@ -474,7 +474,7 @@ Parameters:
- `snippets_enabled` (optional) - `snippets_enabled` (optional)
- `public` (optional) - if `true` same as setting visibility_level = 20 - `public` (optional) - if `true` same as setting visibility_level = 20
- `visibility_level` (optional) - `visibility_level` (optional)
- `allow_guest_to_access_builds` (optional) - `public_builds` (optional)
On success, method returns 200 with the updated project. If parameters are On success, method returns 200 with the updated project. If parameters are
invalid, 400 is returned. invalid, 400 is returned.

View file

@ -240,6 +240,14 @@ module SharedProject
end end
end end
step 'public access for builds is enabled' do
@project.update(public_builds: true)
end
step 'public access for builds is disabled' do
@project.update(public_builds: false)
end
def user_owns_project(user_name:, project_name:, visibility: :private) def user_owns_project(user_name:, project_name:, visibility: :private)
user = user_exists(user_name, username: user_name.gsub(/\s/, '').underscore) user = user_exists(user_name, username: user_name.gsub(/\s/, '').underscore)
project = Project.find_by(name: project_name) project = Project.find_by(name: project_name)

View file

@ -72,7 +72,7 @@ module API
expose :star_count, :forks_count expose :star_count, :forks_count
expose :open_issues_count, if: lambda { |project, options| project.issues_enabled? && project.default_issues_tracker? } expose :open_issues_count, if: lambda { |project, options| project.issues_enabled? && project.default_issues_tracker? }
expose :runners_token, if: lambda { |_project, options| options[:user_can_admin_project] } expose :runners_token, if: lambda { |_project, options| options[:user_can_admin_project] }
expose :allow_guest_to_access_builds expose :public_builds
end end
class ProjectMember < UserBasic class ProjectMember < UserBasic
@ -384,7 +384,7 @@ module API
# for downloading of artifacts (see: https://gitlab.com/gitlab-org/gitlab-ce/issues/4255) # for downloading of artifacts (see: https://gitlab.com/gitlab-org/gitlab-ce/issues/4255)
expose :download_url do |repo_obj, options| expose :download_url do |repo_obj, options|
if options[:user_can_download_artifacts] if options[:user_can_download_artifacts]
repo_obj.download_url repo_obj.artifacts_download_url
end end
end end
expose :commit, with: RepoCommit do |repo_obj, _options| expose :commit, with: RepoCommit do |repo_obj, _options|

View file

@ -99,7 +99,7 @@ module API
# public (optional) - if true same as setting visibility_level = 20 # public (optional) - if true same as setting visibility_level = 20
# visibility_level (optional) - 0 by default # visibility_level (optional) - 0 by default
# import_url (optional) # import_url (optional)
# allow_guest_to_access_builds (optional) # public_builds (optional)
# Example Request # Example Request
# POST /projects # POST /projects
post do post do
@ -117,7 +117,7 @@ module API
:public, :public,
:visibility_level, :visibility_level,
:import_url, :import_url,
:allow_guest_to_access_builds] :public_builds]
attrs = map_public_to_visibility_level(attrs) attrs = map_public_to_visibility_level(attrs)
@project = ::Projects::CreateService.new(current_user, attrs).execute @project = ::Projects::CreateService.new(current_user, attrs).execute
if @project.saved? if @project.saved?
@ -147,7 +147,7 @@ module API
# public (optional) - if true same as setting visibility_level = 20 # public (optional) - if true same as setting visibility_level = 20
# visibility_level (optional) # visibility_level (optional)
# import_url (optional) # import_url (optional)
# allow_guest_to_access_builds (optional) # public_builds (optional)
# Example Request # Example Request
# POST /projects/user/:user_id # POST /projects/user/:user_id
post "user/:user_id" do post "user/:user_id" do
@ -165,7 +165,7 @@ module API
:public, :public,
:visibility_level, :visibility_level,
:import_url, :import_url,
:allow_guest_to_access_builds] :public_builds]
attrs = map_public_to_visibility_level(attrs) attrs = map_public_to_visibility_level(attrs)
@project = ::Projects::CreateService.new(user, attrs).execute @project = ::Projects::CreateService.new(user, attrs).execute
if @project.saved? if @project.saved?
@ -209,7 +209,7 @@ module API
# shared_runners_enabled (optional) # shared_runners_enabled (optional)
# public (optional) - if true same as setting visibility_level = 20 # public (optional) - if true same as setting visibility_level = 20
# visibility_level (optional) - visibility level of a project # visibility_level (optional) - visibility level of a project
# allow_guest_to_access_builds (optional) # public_builds (optional)
# Example Request # Example Request
# PUT /projects/:id # PUT /projects/:id
put ':id' do put ':id' do
@ -225,7 +225,7 @@ module API
:shared_runners_enabled, :shared_runners_enabled,
:public, :public,
:visibility_level, :visibility_level,
:allow_guest_to_access_builds] :public_builds]
attrs = map_public_to_visibility_level(attrs) attrs = map_public_to_visibility_level(attrs)
authorize_admin_project authorize_admin_project
authorize! :rename_project, user_project if attrs[:name].present? authorize! :rename_project, user_project if attrs[:name].present?

View file

@ -8,7 +8,7 @@ describe "Builds" do
@commit = FactoryGirl.create :ci_commit @commit = FactoryGirl.create :ci_commit
@build = FactoryGirl.create :ci_build, commit: @commit @build = FactoryGirl.create :ci_build, commit: @commit
@project = @commit.project @project = @commit.project
@project.team << [@user, :master] @project.team << [@user, :developer]
end end
describe "GET /:project/builds" do describe "GET /:project/builds" do

View file

@ -8,7 +8,6 @@ describe 'Commits' do
describe 'CI' do describe 'CI' do
before do before do
login_as :user login_as :user
project.team << [@user, :master]
stub_ci_commit_to_return_yaml_file stub_ci_commit_to_return_yaml_file
end end
@ -19,6 +18,10 @@ describe 'Commits' do
context 'commit status is Generic Commit Status' do context 'commit status is Generic Commit Status' do
let!(:status) { FactoryGirl.create :generic_commit_status, commit: commit } let!(:status) { FactoryGirl.create :generic_commit_status, commit: commit }
before do
project.team << [@user, :reporter]
end
describe 'Commit builds' do describe 'Commit builds' do
before do before do
visit ci_status_path(commit) visit ci_status_path(commit)
@ -37,83 +40,124 @@ describe 'Commits' do
context 'commit status is Ci Build' do context 'commit status is Ci Build' do
let!(:build) { FactoryGirl.create :ci_build, commit: commit } let!(:build) { FactoryGirl.create :ci_build, commit: commit }
let(:artifacts_file) { fixture_file_upload(Rails.root + 'spec/fixtures/banana_sample.gif', 'image/gif') }
describe 'Project commits' do context 'when logged as developer' do
before do before do
visit namespace_project_commits_path(project.namespace, project, :master) project.team << [@user, :developer]
end end
it 'should show build status' do describe 'Project commits' do
page.within("//li[@id='commit-#{commit.short_sha}']") do before do
expect(page).to have_css(".ci-status-link") visit namespace_project_commits_path(project.namespace, project, :master)
end
it 'should show build status' do
page.within("//li[@id='commit-#{commit.short_sha}']") do
expect(page).to have_css(".ci-status-link")
end
end
end
describe 'Commit builds' do
before do
visit ci_status_path(commit)
end
it { expect(page).to have_content commit.sha[0..7] }
it { expect(page).to have_content commit.git_commit_message }
it { expect(page).to have_content commit.git_author_name }
end
context 'Download artifacts' do
before do
build.update_attributes(artifacts_file: artifacts_file)
end
it do
visit ci_status_path(commit)
click_on 'Download artifacts'
expect(page.response_headers['Content-Type']).to eq(artifacts_file.content_type)
end
end
describe 'Cancel all builds' do
it 'cancels commit' do
visit ci_status_path(commit)
click_on 'Cancel running'
expect(page).to have_content 'canceled'
end
end
describe 'Cancel build' do
it 'cancels build' do
visit ci_status_path(commit)
click_on 'Cancel'
expect(page).to have_content 'canceled'
end
end
describe '.gitlab-ci.yml not found warning' do
context 'ci builds enabled' do
it "does not show warning" do
visit ci_status_path(commit)
expect(page).not_to have_content '.gitlab-ci.yml not found in this commit'
end
it 'shows warning' do
stub_ci_commit_yaml_file(nil)
visit ci_status_path(commit)
expect(page).to have_content '.gitlab-ci.yml not found in this commit'
end
end
context 'ci builds disabled' do
before do
stub_ci_builds_disabled
stub_ci_commit_yaml_file(nil)
visit ci_status_path(commit)
end
it 'does not show warning' do
expect(page).not_to have_content '.gitlab-ci.yml not found in this commit'
end
end end
end end
end end
describe 'Commit builds' do context "when logged as reporter" do
before do
visit ci_status_path(commit)
end
it { expect(page).to have_content commit.sha[0..7] }
it { expect(page).to have_content commit.git_commit_message }
it { expect(page).to have_content commit.git_author_name }
end
context 'Download artifacts' do
let(:artifacts_file) { fixture_file_upload(Rails.root + 'spec/fixtures/banana_sample.gif', 'image/gif') }
before do before do
project.team << [@user, :reporter]
build.update_attributes(artifacts_file: artifacts_file) build.update_attributes(artifacts_file: artifacts_file)
visit ci_status_path(commit)
end end
it do it do
visit ci_status_path(commit) expect(page).to have_content commit.sha[0..7]
click_on 'Download artifacts' expect(page).to have_content commit.git_commit_message
expect(page.response_headers['Content-Type']).to eq(artifacts_file.content_type) expect(page).to have_content commit.git_author_name
expect(page).to have_link('Download artifacts')
expect(page).to_not have_link('Cancel running')
expect(page).to_not have_link('Retry failed')
end end
end end
describe 'Cancel all builds' do context 'when accessing internal project with disallowed access' do
it 'cancels commit' do before do
project.update(
visibility_level: Gitlab::VisibilityLevel::INTERNAL,
public_builds: false)
build.update_attributes(artifacts_file: artifacts_file)
visit ci_status_path(commit) visit ci_status_path(commit)
click_on 'Cancel running'
expect(page).to have_content 'canceled'
end
end
describe 'Cancel build' do
it 'cancels build' do
visit ci_status_path(commit)
click_on 'Cancel'
expect(page).to have_content 'canceled'
end
end
describe '.gitlab-ci.yml not found warning' do
context 'ci builds enabled' do
it "does not show warning" do
visit ci_status_path(commit)
expect(page).not_to have_content '.gitlab-ci.yml not found in this commit'
end
it 'shows warning' do
stub_ci_commit_yaml_file(nil)
visit ci_status_path(commit)
expect(page).to have_content '.gitlab-ci.yml not found in this commit'
end
end end
context 'ci builds disabled' do it do
before do expect(page).to have_content commit.sha[0..7]
stub_ci_builds_disabled expect(page).to have_content commit.git_commit_message
stub_ci_commit_yaml_file(nil) expect(page).to have_content commit.git_author_name
visit ci_status_path(commit) expect(page).to_not have_link('Download artifacts')
end expect(page).to_not have_link('Cancel running')
expect(page).to_not have_link('Retry failed')
it 'does not show warning' do
expect(page).not_to have_content '.gitlab-ci.yml not found in this commit'
end
end end
end end
end end

View file

@ -96,6 +96,60 @@ describe "Public Project Access", feature: true do
it { is_expected.to be_denied_for :visitor } it { is_expected.to be_denied_for :visitor }
end end
describe "GET /:project_path/builds" do
subject { namespace_project_builds_path(project.namespace, project) }
context "when allowed for public" do
before { project.update(public_builds: true) }
it { is_expected.to be_allowed_for master }
it { is_expected.to be_allowed_for reporter }
it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_allowed_for guest }
it { is_expected.to be_allowed_for :user }
it { is_expected.to be_allowed_for :visitor }
end
context "when disallowed for public" do
before { project.update(public_builds: false) }
it { is_expected.to be_allowed_for master }
it { is_expected.to be_allowed_for reporter }
it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :visitor }
end
end
describe "GET /:project_path/builds/:id" do
let(:commit) { create(:ci_commit, project: project) }
let(:build) { create(:ci_build, commit: commit) }
subject { namespace_project_build_path(project.namespace, project, build.id) }
context "when allowed for public" do
before { project.update(public_builds: true) }
it { is_expected.to be_allowed_for master }
it { is_expected.to be_allowed_for reporter }
it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_allowed_for guest }
it { is_expected.to be_allowed_for :user }
it { is_expected.to be_allowed_for :visitor }
end
context "when disallowed for public" do
before { project.update(public_builds: false) }
it { is_expected.to be_allowed_for master }
it { is_expected.to be_allowed_for reporter }
it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :visitor }
end
end
describe "GET /:project_path/blob" do describe "GET /:project_path/blob" do
before do before do
commit = project.repository.commit commit = project.repository.commit