Merge branch 'fork_visibility_level' into 'master'
Forks should not have more permissive visibility levels than the original https://dev.gitlab.org/gitlab/gitlabhq/issues/2286 See merge request !936
This commit is contained in:
commit
bda04bc687
8 changed files with 106 additions and 1 deletions
|
@ -42,6 +42,7 @@ v 7.13.0 (unreleased)
|
||||||
- Use native Postgres database cleaning during backup restore
|
- Use native Postgres database cleaning during backup restore
|
||||||
- Redesign project page. Show README as default instead of activity. Move project activity to separate page
|
- Redesign project page. Show README as default instead of activity. Move project activity to separate page
|
||||||
- Make left menu more hierarchical and less contextual by adding back item at top
|
- Make left menu more hierarchical and less contextual by adding back item at top
|
||||||
|
- A fork can’t have a visibility level that is greater than the original project.
|
||||||
|
|
||||||
v 7.12.2
|
v 7.12.2
|
||||||
- Correctly show anonymous authorized applications under Profile > Applications.
|
- Correctly show anonymous authorized applications under Profile > Applications.
|
||||||
|
|
|
@ -92,6 +92,16 @@ module ProjectsHelper
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def can_change_visibility_level?(project, current_user)
|
||||||
|
return false unless can?(current_user, :change_visibility_level, project)
|
||||||
|
|
||||||
|
if project.forked?
|
||||||
|
project.forked_from_project.visibility_level > Gitlab::VisibilityLevel::PRIVATE
|
||||||
|
else
|
||||||
|
true
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def get_project_nav_tabs(project, current_user)
|
def get_project_nav_tabs(project, current_user)
|
||||||
|
|
|
@ -86,4 +86,10 @@ module VisibilityLevelHelper
|
||||||
def default_snippet_visibility
|
def default_snippet_visibility
|
||||||
current_application_settings.default_snippet_visibility
|
current_application_settings.default_snippet_visibility
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def skip_level?(form_model, level)
|
||||||
|
form_model.is_a?(Project) &&
|
||||||
|
form_model.forked? &&
|
||||||
|
!Gitlab::VisibilityLevel.allowed_fork_levels(form_model.forked_from_project.visibility_level).include?(level)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -29,7 +29,7 @@
|
||||||
.col-sm-10= f.select(:default_branch, @repository.branch_names, {}, {class: 'select2 select-wide'})
|
.col-sm-10= f.select(:default_branch, @repository.branch_names, {}, {class: 'select2 select-wide'})
|
||||||
|
|
||||||
|
|
||||||
= render 'shared/visibility_level', f: f, visibility_level: @project.visibility_level, can_change_visibility_level: can?(current_user, :change_visibility_level, @project), form_model: @project
|
= render 'shared/visibility_level', f: f, visibility_level: @project.visibility_level, can_change_visibility_level: can_change_visibility_level?(@project, current_user), form_model: @project
|
||||||
|
|
||||||
.form-group
|
.form-group
|
||||||
= f.label :tag_list, "Tags", class: 'control-label'
|
= f.label :tag_list, "Tags", class: 'control-label'
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
- Gitlab::VisibilityLevel.values.each do |level|
|
- Gitlab::VisibilityLevel.values.each do |level|
|
||||||
|
- next if skip_level?(form_model, level)
|
||||||
.radio
|
.radio
|
||||||
- restricted = restricted_visibility_levels.include?(level)
|
- restricted = restricted_visibility_levels.include?(level)
|
||||||
= form.label "#{model_method}_#{level}" do
|
= form.label "#{model_method}_#{level}" do
|
||||||
|
|
|
@ -47,6 +47,10 @@ module Gitlab
|
||||||
def valid_level?(level)
|
def valid_level?(level)
|
||||||
options.has_value?(level)
|
options.has_value?(level)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def allowed_fork_levels(origin_level)
|
||||||
|
[PRIVATE, INTERNAL, PUBLIC].select{ |level| level <= origin_level }
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def private?
|
def private?
|
||||||
|
|
|
@ -8,4 +8,48 @@ describe ProjectsHelper do
|
||||||
expect(project_status_css_class("finished")).to eq("success")
|
expect(project_status_css_class("finished")).to eq("success")
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe "can_change_visibility_level?" do
|
||||||
|
let(:project) { create(:project) }
|
||||||
|
|
||||||
|
let(:fork_project) do
|
||||||
|
fork_project = create(:forked_project_with_submodules)
|
||||||
|
fork_project.build_forked_project_link(forked_to_project_id: fork_project.id, forked_from_project_id: project.id)
|
||||||
|
fork_project.save
|
||||||
|
|
||||||
|
fork_project
|
||||||
|
end
|
||||||
|
|
||||||
|
let(:user) { create(:user) }
|
||||||
|
|
||||||
|
it "returns false if there are no approipriate permissions" do
|
||||||
|
allow(helper).to receive(:can?) { false }
|
||||||
|
|
||||||
|
expect(helper.can_change_visibility_level?(project, user)).to be_falsey
|
||||||
|
end
|
||||||
|
|
||||||
|
it "returns true if there are permissions and it is not fork" do
|
||||||
|
allow(helper).to receive(:can?) { true }
|
||||||
|
|
||||||
|
expect(helper.can_change_visibility_level?(project, user)).to be_truthy
|
||||||
|
end
|
||||||
|
|
||||||
|
context "forks" do
|
||||||
|
it "returns false if there are permissions and origin project is PRIVATE" do
|
||||||
|
allow(helper).to receive(:can?) { true }
|
||||||
|
|
||||||
|
project.update visibility_level: Gitlab::VisibilityLevel::PRIVATE
|
||||||
|
|
||||||
|
expect(helper.can_change_visibility_level?(fork_project, user)).to be_falsey
|
||||||
|
end
|
||||||
|
|
||||||
|
it "returns true if there are permissions and origin project is INTERNAL" do
|
||||||
|
allow(helper).to receive(:can?) { true }
|
||||||
|
|
||||||
|
project.update visibility_level: Gitlab::VisibilityLevel::INTERNAL
|
||||||
|
|
||||||
|
expect(helper.can_change_visibility_level?(fork_project, user)).to be_truthy
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -72,4 +72,43 @@ describe VisibilityLevelHelper do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe "skip_level?" do
|
||||||
|
describe "forks" do
|
||||||
|
let(:project) { create(:project, visibility_level: Gitlab::VisibilityLevel::INTERNAL) }
|
||||||
|
let(:fork_project) { create(:forked_project_with_submodules) }
|
||||||
|
|
||||||
|
before do
|
||||||
|
fork_project.build_forked_project_link(forked_to_project_id: fork_project.id, forked_from_project_id: project.id)
|
||||||
|
fork_project.save
|
||||||
|
end
|
||||||
|
|
||||||
|
it "skips levels" do
|
||||||
|
expect(skip_level?(fork_project, Gitlab::VisibilityLevel::PUBLIC)).to be_truthy
|
||||||
|
expect(skip_level?(fork_project, Gitlab::VisibilityLevel::INTERNAL)).to be_falsey
|
||||||
|
expect(skip_level?(fork_project, Gitlab::VisibilityLevel::PRIVATE)).to be_falsey
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "non-forked project" do
|
||||||
|
let(:project) { create(:project, visibility_level: Gitlab::VisibilityLevel::INTERNAL) }
|
||||||
|
|
||||||
|
it "skips levels" do
|
||||||
|
expect(skip_level?(project, Gitlab::VisibilityLevel::PUBLIC)).to be_falsey
|
||||||
|
expect(skip_level?(project, Gitlab::VisibilityLevel::INTERNAL)).to be_falsey
|
||||||
|
expect(skip_level?(project, Gitlab::VisibilityLevel::PRIVATE)).to be_falsey
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "Snippet" do
|
||||||
|
let(:snippet) { create(:snippet, visibility_level: Gitlab::VisibilityLevel::INTERNAL) }
|
||||||
|
|
||||||
|
it "skips levels" do
|
||||||
|
expect(skip_level?(snippet, Gitlab::VisibilityLevel::PUBLIC)).to be_falsey
|
||||||
|
expect(skip_level?(snippet, Gitlab::VisibilityLevel::INTERNAL)).to be_falsey
|
||||||
|
expect(skip_level?(snippet, Gitlab::VisibilityLevel::PRIVATE)).to be_falsey
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue