Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
05f331f3
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
未验证
提交
05f331f3
编写于
2月 27, 2017
作者:
D
Douwe Maan
提交者:
Dmitriy Zaporozhets
2月 28, 2017
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Fix access to projects shared with a nested group
Signed-off-by:
N
Dmitriy Zaporozhets
<
dmitriy.zaporozhets@gmail.com
>
上级
71fbbc9d
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
91 addition
and
5 deletion
+91
-5
app/models/user.rb
app/models/user.rb
+1
-1
app/services/users/refresh_authorized_projects_service.rb
app/services/users/refresh_authorized_projects_service.rb
+14
-2
spec/models/user_spec.rb
spec/models/user_spec.rb
+2
-2
spec/services/users/refresh_authorized_projects_service_spec.rb
...ervices/users/refresh_authorized_projects_service_spec.rb
+74
-0
未找到文件。
app/models/user.rb
浏览文件 @
05f331f3
...
...
@@ -474,7 +474,7 @@ class User < ActiveRecord::Base
Group
.
member_descendants
(
id
)
end
def
nested_projects
def
nested_
groups_
projects
Project
.
joins
(
:namespace
).
where
(
'namespaces.parent_id IS NOT NULL'
).
member_descendants
(
id
)
end
...
...
app/services/users/refresh_authorized_projects_service.rb
浏览文件 @
05f331f3
...
...
@@ -115,11 +115,23 @@ module Users
# Returns a union query of projects that the user is authorized to access
def
project_authorizations_union
relations
=
[
# Personal projects
user
.
personal_projects
.
select
(
"
#{
user
.
id
}
AS user_id, projects.id AS project_id,
#{
Gitlab
::
Access
::
MASTER
}
AS access_level"
),
user
.
groups_projects
.
select_for_project_authorization
,
# Projects the user is a member of
user
.
projects
.
select_for_project_authorization
,
# Projects of groups the user is a member of
user
.
groups_projects
.
select_for_project_authorization
,
# Projects of subgroups of groups the user is a member of
user
.
nested_groups_projects
.
select_for_project_authorization
,
# Projects shared with groups the user is a member of
user
.
groups
.
joins
(
:shared_projects
).
select_for_project_authorization
,
user
.
nested_projects
.
select_for_project_authorization
# Projects shared with subgroups of groups the user is a member of
user
.
nested_groups
.
joins
(
:shared_projects
).
select_for_project_authorization
]
Gitlab
::
SQL
::
Union
.
new
(
relations
)
...
...
spec/models/user_spec.rb
浏览文件 @
05f331f3
...
...
@@ -1429,7 +1429,7 @@ describe User, models: true do
it
{
expect
(
user
.
nested_groups
).
to
eq
([
nested_group
])
}
end
describe
'#nested_projects'
do
describe
'#nested_
groups_
projects'
do
let!
(
:user
)
{
create
(
:user
)
}
let!
(
:group
)
{
create
(
:group
)
}
let!
(
:nested_group
)
{
create
(
:group
,
parent:
group
)
}
...
...
@@ -1444,7 +1444,7 @@ describe User, models: true do
other_project
.
add_developer
(
create
(
:user
))
end
it
{
expect
(
user
.
nested_projects
).
to
eq
([
nested_project
])
}
it
{
expect
(
user
.
nested_
groups_
projects
).
to
eq
([
nested_project
])
}
end
describe
'#refresh_authorized_projects'
,
redis:
true
do
...
...
spec/services/users/refresh_authorized_projects_service_spec.rb
浏览文件 @
05f331f3
...
...
@@ -131,6 +131,80 @@ describe Users::RefreshAuthorizedProjectsService do
it
'sets the values to the access levels'
do
expect
(
hash
.
values
).
to
eq
([
Gitlab
::
Access
::
MASTER
])
end
context
'personal projects'
do
it
'includes the project with the right access level'
do
expect
(
hash
[
project
.
id
]).
to
eq
(
Gitlab
::
Access
::
MASTER
)
end
end
context
'projects the user is a member of'
do
let!
(
:other_project
)
{
create
(
:empty_project
)
}
before
do
other_project
.
team
.
add_reporter
(
user
)
end
it
'includes the project with the right access level'
do
expect
(
hash
[
other_project
.
id
]).
to
eq
(
Gitlab
::
Access
::
REPORTER
)
end
end
context
'projects of groups the user is a member of'
do
let
(
:group
)
{
create
(
:group
)
}
let!
(
:other_project
)
{
create
(
:project
,
group:
group
)
}
before
do
group
.
add_owner
(
user
)
end
it
'includes the project with the right access level'
do
expect
(
hash
[
other_project
.
id
]).
to
eq
(
Gitlab
::
Access
::
OWNER
)
end
end
context
'projects of subgroups of groups the user is a member of'
do
let
(
:group
)
{
create
(
:group
)
}
let
(
:nested_group
)
{
create
(
:group
,
parent:
group
)
}
let!
(
:other_project
)
{
create
(
:project
,
group:
nested_group
)
}
before
do
group
.
add_master
(
user
)
end
it
'includes the project with the right access level'
do
expect
(
hash
[
other_project
.
id
]).
to
eq
(
Gitlab
::
Access
::
MASTER
)
end
end
context
'projects shared with groups the user is a member of'
do
let
(
:group
)
{
create
(
:group
)
}
let
(
:other_project
)
{
create
(
:empty_project
)
}
let!
(
:project_group_link
)
{
create
(
:project_group_link
,
project:
other_project
,
group:
group
,
group_access:
Gitlab
::
Access
::
GUEST
)
}
before
do
group
.
add_master
(
user
)
end
it
'includes the project with the right access level'
do
expect
(
hash
[
other_project
.
id
]).
to
eq
(
Gitlab
::
Access
::
GUEST
)
end
end
context
'projects shared with subgroups of groups the user is a member of'
do
let
(
:group
)
{
create
(
:group
)
}
let
(
:nested_group
)
{
create
(
:group
,
parent:
group
)
}
let
(
:other_project
)
{
create
(
:empty_project
)
}
let!
(
:project_group_link
)
{
create
(
:project_group_link
,
project:
other_project
,
group:
nested_group
,
group_access:
Gitlab
::
Access
::
DEVELOPER
)
}
before
do
group
.
add_master
(
user
)
end
it
'includes the project with the right access level'
do
expect
(
hash
[
other_project
.
id
]).
to
eq
(
Gitlab
::
Access
::
DEVELOPER
)
end
end
end
describe
'#current_authorizations_per_project'
do
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录