Add check for access to Namespace

This commit is contained in:
Rubén Dávila 2017-08-30 12:24:49 -05:00
parent 6f03ddcdc3
commit b9b0b37b36
3 changed files with 38 additions and 3 deletions

View file

@ -20,7 +20,10 @@ class ProjectsController < Projects::ApplicationController
end
def new
@project ||= Project.new(params.permit(:namespace_id))
namespace = Namespace.find_by(id: params[:namespace_id]) if params[:namespace_id]
return access_denied! if namespace && !can?(current_user, :create_projects, namespace)
@project = Project.new(namespace_id: namespace&.id)
end
def edit

View file

@ -45,8 +45,8 @@ module NamespacesHelper
visibility_level: n.visibility_level_value,
visibility: n.visibility,
name: n.name,
show_path: n.is_a?(Group) ? group_path(n) : user_path(n),
edit_path: n.is_a?(Group) ? edit_group_path(n) : nil
show_path: (type == 'group') ? group_path(n) : user_path(n),
edit_path: (type == 'group') ? edit_group_path(n) : nil
}]
end

View file

@ -7,6 +7,38 @@ describe ProjectsController do
let(:jpg) { fixture_file_upload(Rails.root + 'spec/fixtures/rails_sample.jpg', 'image/jpg') }
let(:txt) { fixture_file_upload(Rails.root + 'spec/fixtures/doc_sample.txt', 'text/plain') }
describe 'GET new' do
context 'with an authenticated user' do
let(:group) { create(:group) }
before do
sign_in(user)
end
context 'when namespace_id param is present' do
context 'when user has access to the namespace' do
it 'renders the template' do
group.add_owner(user)
get :new, namespace_id: group.id
expect(response).to have_http_status(200)
expect(response).to render_template('new')
end
end
context 'when user does not have access to the namespace' do
it 'responds with status 404' do
get :new, namespace_id: group.id
expect(response).to have_http_status(404)
expect(response).not_to render_template('new')
end
end
end
end
end
describe 'GET index' do
context 'as a user' do
it 'redirects to root page' do