Add check for access to Namespace
This commit is contained in:
parent
6f03ddcdc3
commit
b9b0b37b36
3 changed files with 38 additions and 3 deletions
|
@ -20,7 +20,10 @@ class ProjectsController < Projects::ApplicationController
|
|||
end
|
||||
|
||||
def new
|
||||
@project ||= Project.new(params.permit(:namespace_id))
|
||||
namespace = Namespace.find_by(id: params[:namespace_id]) if params[:namespace_id]
|
||||
return access_denied! if namespace && !can?(current_user, :create_projects, namespace)
|
||||
|
||||
@project = Project.new(namespace_id: namespace&.id)
|
||||
end
|
||||
|
||||
def edit
|
||||
|
|
|
@ -45,8 +45,8 @@ module NamespacesHelper
|
|||
visibility_level: n.visibility_level_value,
|
||||
visibility: n.visibility,
|
||||
name: n.name,
|
||||
show_path: n.is_a?(Group) ? group_path(n) : user_path(n),
|
||||
edit_path: n.is_a?(Group) ? edit_group_path(n) : nil
|
||||
show_path: (type == 'group') ? group_path(n) : user_path(n),
|
||||
edit_path: (type == 'group') ? edit_group_path(n) : nil
|
||||
}]
|
||||
end
|
||||
|
||||
|
|
|
@ -7,6 +7,38 @@ describe ProjectsController do
|
|||
let(:jpg) { fixture_file_upload(Rails.root + 'spec/fixtures/rails_sample.jpg', 'image/jpg') }
|
||||
let(:txt) { fixture_file_upload(Rails.root + 'spec/fixtures/doc_sample.txt', 'text/plain') }
|
||||
|
||||
describe 'GET new' do
|
||||
context 'with an authenticated user' do
|
||||
let(:group) { create(:group) }
|
||||
|
||||
before do
|
||||
sign_in(user)
|
||||
end
|
||||
|
||||
context 'when namespace_id param is present' do
|
||||
context 'when user has access to the namespace' do
|
||||
it 'renders the template' do
|
||||
group.add_owner(user)
|
||||
|
||||
get :new, namespace_id: group.id
|
||||
|
||||
expect(response).to have_http_status(200)
|
||||
expect(response).to render_template('new')
|
||||
end
|
||||
end
|
||||
|
||||
context 'when user does not have access to the namespace' do
|
||||
it 'responds with status 404' do
|
||||
get :new, namespace_id: group.id
|
||||
|
||||
expect(response).to have_http_status(404)
|
||||
expect(response).not_to render_template('new')
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'GET index' do
|
||||
context 'as a user' do
|
||||
it 'redirects to root page' do
|
||||
|
|
Loading…
Reference in a new issue