Fix group projects fetch

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-05-29 22:03:42 +03:00 · 2014-05-29 22:03:42 +03:00 · f329d34ff3
commit f329d34ff3
parent 8f259c5ecc
2 changed files with 15 additions and 3 deletions
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@ -5,7 +5,7 @@ class GroupsController < ApplicationController

  # Authorize
  before_filter :authorize_read_group!, except: [:new, :create]
-  before_filter :authorize_admin_group!, only: [:edit, :update, :destroy]
+  before_filter :authorize_admin_group!, only: [:edit, :update, :destroy, :projects]
  before_filter :authorize_create_group!, only: [:new, :create]

  # Load group projects
@ -108,12 +108,12 @@ class GroupsController < ApplicationController
  end

  def project_ids
-    projects.pluck(:id)
+    @projects.pluck(:id)
  end

  # Dont allow unauthorized access to group
  def authorize_read_group!
-    unless @group and (projects.present? or can?(current_user, :read_group, @group))
+    unless @group and (@projects.present? or can?(current_user, :read_group, @group))
      if current_user.nil?
        return authenticate_user!
      else
--- a/spec/features/security/group/group_access_spec.rb
+++ b/spec/features/security/group/group_access_spec.rb
@ -82,5 +82,17 @@ describe "Group access", feature: true  do
      it { should be_denied_for :user }
      it { should be_denied_for :visitor }
    end
+
+    describe "GET /groups/:path/projects" do
+      subject { projects_group_path(group) }
+
+      it { should be_allowed_for owner }
+      it { should be_denied_for master }
+      it { should be_denied_for reporter }
+      it { should be_allowed_for :admin }
+      it { should be_denied_for guest }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
+    end
  end
 end