kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/lib/gitlab
History
Dmitriy Zaporozhets 648f38cd98 Merge branch 'fix-restricted-visibility' into 'master' 
Restricted visibility levels - bug fix and new feature

This allows admin users to override restricted visibility settings when creating and updating projects and snippets, and moves the restricted visibility configuration from gitlab.yml to the web UI.  See #1903.

## Move configuration location

I added a new section to the application settings page for restricted visibility levels.  Each level has a checkbox, styled with Bootstrap to look like a toggle button.  A checked box means that the level is restricted.  I added a glowing text shadow and changed the background color for checked buttons because the default styles made it hard to distinguish between checked and unchecked.  This image shows the new section with the "Public" box checked:

![restricted_visibility_settings](https://dev.gitlab.org/Okada/gitlabhq/uploads/629562e4313f89b795e81c3bb0f95893/restricted_visibility_settings.png)

## Allow admins to override

To allow admin users to override the restricted visibility levels, I had to remove the `visibility_level` validation from the `Project` class.  The model doesn't know about the `current_user`, which should determine whether the restrictions can be overridden.  We could use the creator in the validation, but that wouldn't work correctly for projects where a non-admin user is the creator and an admin tries to change the project to a restricted visibility level.

The `Project::UpdateService` and `Project::CreateService` classes already had code to determine whether the current user is allowed to use a given visibility level; now all visibility level validation is done in those classes.  Currently, when a non-admin tries to create or update a project using a restricted level, these classes silently set the visibility level to the global default (create) or the project's existing value (update).  I changed this behavior to be more like an Active Model validation, where using a restricted level causes the entire request to be rejected.

Project and personal snippets didn't have service classes, and restricted visibility levels weren't being enforced in the model or the controllers.  The UI disabled radio buttons for restricted levels, but that wouldn't be difficult to circumvent.  I created the `CreateSnippetService` and `UpdateSnippetService` classes to do the same restricted visibility check that the project classes do.  And since I was dealing with snippet visibility levels, I updated the API endpoints for project snippets to allow users to set and update the visibility level.

## TODO

* [x] Add more tests for restricted visibility functionality

cc @sytse @dzaporozhets

See merge request !1655
2015-03-16 17:49:46 +00:00
..
backend Don't leak information about private project existence via Git-over-SSH/HTTP. 2015-03-02 17:52:48 +01:00
bitbucket_import Fix import pages not working after first load. 2015-03-13 13:47:26 +01:00
diff Fix commit comments on first line of diff not rendering in Merge Request Discussion view. 2015-02-20 10:23:34 +01:00
github_import Fix import pages not working after first load. 2015-03-13 13:47:26 +01:00
gitlab_import Fix import pages not working after first load. 2015-03-13 13:47:26 +01:00
gitorious_import Add gitorious.org importer 2015-02-20 17:42:58 +00:00
graphs Refactor commits graph 2014-09-29 12:05:17 +03:00
ldap Unblock user if they were unblocked in AD. 2015-03-13 22:34:11 +01:00
middleware Increase timeout for Git-over-HTTP requests. 2015-03-04 23:20:47 +01:00
oauth Allow users that signed up via OAuth to set their password in order to use Git over HTTP(S). 2015-02-13 14:44:42 +01:00
satellite Web Editor: save to new branch 2015-02-24 11:43:20 +02:00
sidekiq_middleware Fix typo 2014-12-08 13:39:18 +01:00
access.rb Improve protected branches selectbox options 2015-02-03 18:12:20 -08:00
app_logger.rb Dry admin logs. 2014-10-06 00:14:46 +02:00
auth.rb Session API: Use case-insensitive authentication like in UI 2014-10-30 18:29:18 +02:00
bitbucket_import.rb Fix specs. 2015-02-24 15:07:24 +01:00
blacklist.rb Prevent people from using ci since we plan to host ci on /ci later. 2014-09-09 10:11:07 +02:00
closing_issue_extractor.rb Allow commit messages to close several issues at once (thanks @123Haynes 2015-01-20 10:45:48 +01:00
commits_calendar.rb Improve contribution calendar on user page 2015-01-29 17:07:44 -08:00
compare_result.rb Refactor compare logic for MR. Use satellites only for forks for better performance 2014-07-29 12:11:16 +03:00
config_helper.rb Make app works with strong params 2014-06-26 23:24:17 +03:00
contributors.rb Use Contributor class instead of hash 2014-07-02 15:09:06 +03:00
current_settings.rb Move restricted visibility settings to the UI 2015-03-07 13:11:08 -07:00
force_push_check.rb Rubocop: no trailing newlines 2015-02-02 21:53:27 -08:00
git.rb Use Gitlab::Git helper methods and constants as much as possible. 2015-03-10 13:39:31 +01:00
git_access.rb Use Gitlab::Git helper methods and constants as much as possible. 2015-03-10 13:39:31 +01:00
git_access_status.rb Rubocop enabled for: Use spaces inside hash literal braces 2015-02-02 20:36:54 -08:00
git_access_wiki.rb Git hook messages: wiki access fix 2014-11-24 16:21:35 +02:00
git_logger.rb Dry admin logs. 2014-10-06 00:14:46 +02:00
git_ref_validator.rb fix system silent call 2014-11-06 13:07:42 +02:00
identifier.rb Remove deprecated finders 2014-01-19 23:39:56 +04:00
import_formatter.rb Add Bitbucket importer. 2015-02-24 15:07:24 +01:00
inline_diff.rb Add parenthesis to function def with arguments. 2014-10-03 09:18:46 +02:00
issues_labels.rb remove feature label 2014-10-31 17:22:16 -07:00
logger.rb Dry admin logs. 2014-10-06 00:14:46 +02:00
markdown.rb Use project_member instead of team_member. 2015-03-15 13:50:38 +01:00
markdown_helper.rb Factor markup? || gitlab_markdown? into new method 2014-10-04 17:56:12 +02:00
note_data_builder.rb Added comment notification events to HipChat and Slack services. 2015-03-06 06:54:00 -08:00
popen.rb Close standard input in Gitlab::Popen.popen 2015-01-05 11:51:21 +01:00
production_logger.rb Dry admin logs. 2014-10-06 00:14:46 +02:00
project_search_results.rb Fix 500 error on empty search in project 2014-09-25 15:01:02 +03:00
push_data_builder.rb Set push data object kind in PushDataBuilder. 2015-03-13 14:51:48 +01:00
reference_extractor.rb Automatically link commit ranges to compare page. 2015-03-07 00:46:13 +01:00
regex.rb Github Importer 2015-01-10 09:51:43 -08:00
search_results.rb Fix tests 2014-08-27 15:26:35 +03:00
seeder.rb Revert "Create dev fixture projects with fixed visibility" 2014-11-10 16:17:04 +02:00
sidekiq_logger.rb Dry admin logs. 2014-10-06 00:14:46 +02:00
snippet_search_results.rb Updating to persist a params snippets variable 2014-09-05 13:30:55 -04:00
theme.rb Add blue theme to GitLab 2015-03-11 21:29:11 -07:00
upgrader.rb Rubocop enabled for: Use spaces inside hash literal braces 2015-02-02 20:36:54 -08:00
url_builder.rb Enforce restricted visibilities for snippets 2015-03-08 17:57:08 -06:00
user_access.rb Cache LDAP check in Gitlab::UserAccess 2014-08-06 18:03:01 +02:00
utils.rb fix system silent call 2014-11-06 13:07:42 +02:00
version_info.rb
visibility_level.rb Move restricted visibility settings to the UI 2015-03-07 13:11:08 -07:00