Commit graph

11 commits

Author SHA1 Message Date
Z.J. van de Weg
1096040024 Update effected tests 2016-12-04 17:32:33 +01:00
Z.J. van de Weg
617f43c74b Guests can read builds if those are public
Fixes #18448
2016-12-04 15:48:50 +01:00
Douglas Barbosa Alexandre
42c332689d Improve ProjectPolicy spec to check permissions when wiki is disabled 2016-11-30 16:02:25 -02:00
Yorick Peterse
3c957c0066
Added tests for IssuePolicy 2016-11-07 12:49:24 +01:00
Kamil Trzcinski
517dd4a3f3 Allow owners to fetch source code in CI builds
Due to different way of handling owners of a project, they were not allowed to fetch CI sources for project.
2016-11-01 09:37:20 +01:00
Sean McGivern
af6cf695c4 Add specs for a user from a group link 2016-10-28 15:11:32 +01:00
Sean McGivern
db9979bcad Fix project member access for group links
`ProjectTeam#find_member` doesn't take group links into account. It was
used in two places:

1. An admin view - it can stay here.
2. `ProjectTeam#member?`, which is often used to decide if a user has
   access to view something.

This second part broke confidential issues viewing. `IssuesFinder` ends
up delegating to `Project#authorized_for_user?`, which does consider
group links, so users with access to the project via a group link could
see confidential issues on the index page. However, `IssuesPolicy` used
`ProjectTeam#member?`, so the same user couldn't view the issue when
going to it directly.
2016-10-28 09:20:55 +01:00
Valery Sizov
b4004488f7 Make guests unable to view MRs 2016-10-11 16:51:26 +03:00
Alejandro Rodríguez
1d35c5b3ae Improve project policy spec 2016-10-06 18:54:28 -03:00
Felipe Artur
98559adf71 Test if issue authors can access private projects 2016-09-20 14:57:23 -03:00
http://jneen.net/
29b1623a36 add project_policy_spec to replace .project_abilities spec 2016-08-30 11:35:06 -07:00