Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
0ff8f002
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
0ff8f002
编写于
12月 06, 2016
作者:
S
Sean McGivern
浏览文件
操作
浏览文件
下载
差异文件
Merge branch 'zj-guest-reads-public-builds' into 'master'
Guests can read builds if those are public See merge request !6842
上级
532c0319
10960400
变更
11
隐藏空白更改
内联
并排
Showing
11 changed file
with
95 addition
and
12 deletion
+95
-12
app/policies/ci/build_policy.rb
app/policies/ci/build_policy.rb
+2
-0
app/policies/project_policy.rb
app/policies/project_policy.rb
+5
-3
changelogs/unreleased/zj-guest-reads-public-builds.yml
changelogs/unreleased/zj-guest-reads-public-builds.yml
+4
-0
features/steps/shared/project.rb
features/steps/shared/project.rb
+1
-1
spec/features/projects/guest_navigation_menu_spec.rb
spec/features/projects/guest_navigation_menu_spec.rb
+2
-2
spec/features/security/project/private_access_spec.rb
spec/features/security/project/private_access_spec.rb
+54
-1
spec/lib/gitlab/cycle_analytics/permissions_spec.rb
spec/lib/gitlab/cycle_analytics/permissions_spec.rb
+1
-1
spec/policies/project_policy_spec.rb
spec/policies/project_policy_spec.rb
+23
-1
spec/requests/api/builds_spec.rb
spec/requests/api/builds_spec.rb
+1
-1
spec/requests/projects/cycle_analytics_events_spec.rb
spec/requests/projects/cycle_analytics_events_spec.rb
+1
-1
spec/workers/pipeline_notification_worker_spec.rb
spec/workers/pipeline_notification_worker_spec.rb
+1
-1
未找到文件。
app/policies/ci/build_policy.rb
浏览文件 @
0ff8f002
module
Ci
module
Ci
class
BuildPolicy
<
CommitStatusPolicy
class
BuildPolicy
<
CommitStatusPolicy
def
rules
def
rules
can!
:read_build
if
@subject
.
project
.
public_builds?
super
super
# If we can't read build we should also not have that
# If we can't read build we should also not have that
...
...
app/policies/project_policy.rb
浏览文件 @
0ff8f002
...
@@ -12,9 +12,6 @@ class ProjectPolicy < BasePolicy
...
@@ -12,9 +12,6 @@ class ProjectPolicy < BasePolicy
guest_access!
guest_access!
public_access!
public_access!
# Allow to read builds for internal projects
can!
:read_build
if
project
.
public_builds?
if
project
.
request_access_enabled
&&
if
project
.
request_access_enabled
&&
!
(
owner
||
user
.
admin?
||
project
.
team
.
member?
(
user
)
||
project_group_member?
(
user
))
!
(
owner
||
user
.
admin?
||
project
.
team
.
member?
(
user
)
||
project_group_member?
(
user
))
can!
:request_access
can!
:request_access
...
@@ -46,6 +43,11 @@ class ProjectPolicy < BasePolicy
...
@@ -46,6 +43,11 @@ class ProjectPolicy < BasePolicy
can!
:create_note
can!
:create_note
can!
:upload_file
can!
:upload_file
can!
:read_cycle_analytics
can!
:read_cycle_analytics
if
project
.
public_builds?
can!
:read_pipeline
can!
:read_build
end
end
end
def
reporter_access!
def
reporter_access!
...
...
changelogs/unreleased/zj-guest-reads-public-builds.yml
0 → 100644
浏览文件 @
0ff8f002
---
title
:
Guests can read builds when public
merge_request
:
6842
author
:
features/steps/shared/project.rb
浏览文件 @
0ff8f002
...
@@ -9,7 +9,7 @@ module SharedProject
...
@@ -9,7 +9,7 @@ module SharedProject
step
"project exists in some group namespace"
do
step
"project exists in some group namespace"
do
@group
=
create
(
:group
,
name:
'some group'
)
@group
=
create
(
:group
,
name:
'some group'
)
@project
=
create
(
:project
,
namespace:
@group
)
@project
=
create
(
:project
,
namespace:
@group
,
public_builds:
false
)
end
end
# Create a specific project called "Shop"
# Create a specific project called "Shop"
...
...
spec/features/projects/guest_navigation_menu_spec.rb
浏览文件 @
0ff8f002
require
'spec_helper'
require
'spec_helper'
describe
"Guest navigation menu"
do
describe
"Guest navigation menu"
do
let
(
:project
)
{
create
:empty_project
,
:private
}
let
(
:project
)
{
create
(
:empty_project
,
:private
,
public_builds:
false
)
}
let
(
:guest
)
{
create
:user
}
let
(
:guest
)
{
create
(
:user
)
}
before
do
before
do
project
.
team
<<
[
guest
,
:guest
]
project
.
team
<<
[
guest
,
:guest
]
...
...
spec/features/security/project/private_access_spec.rb
浏览文件 @
0ff8f002
...
@@ -3,7 +3,7 @@ require 'spec_helper'
...
@@ -3,7 +3,7 @@ require 'spec_helper'
describe
"Private Project Access"
,
feature:
true
do
describe
"Private Project Access"
,
feature:
true
do
include
AccessMatchers
include
AccessMatchers
let
(
:project
)
{
create
(
:project
,
:private
)
}
let
(
:project
)
{
create
(
:project
,
:private
,
public_builds:
false
)
}
describe
"Project should be private"
do
describe
"Project should be private"
do
describe
'#private?'
do
describe
'#private?'
do
...
@@ -260,6 +260,18 @@ describe "Private Project Access", feature: true do
...
@@ -260,6 +260,18 @@ describe "Private Project Access", feature: true do
it
{
is_expected
.
to
be_denied_for
(
:user
)
}
it
{
is_expected
.
to
be_denied_for
(
:user
)
}
it
{
is_expected
.
to
be_denied_for
(
:external
)
}
it
{
is_expected
.
to
be_denied_for
(
:external
)
}
it
{
is_expected
.
to
be_denied_for
(
:visitor
)
}
it
{
is_expected
.
to
be_denied_for
(
:visitor
)
}
context
'when public builds is enabled'
do
before
do
project
.
update
(
public_builds:
true
)
end
it
{
is_expected
.
to
be_allowed_for
(
:guest
).
of
(
project
)
}
end
context
'when public buils are disabled'
do
it
{
is_expected
.
to
be_denied_for
(
:guest
).
of
(
project
)
}
end
end
end
describe
"GET /:project_path/pipelines/:id"
do
describe
"GET /:project_path/pipelines/:id"
do
...
@@ -275,6 +287,18 @@ describe "Private Project Access", feature: true do
...
@@ -275,6 +287,18 @@ describe "Private Project Access", feature: true do
it
{
is_expected
.
to
be_denied_for
(
:user
)
}
it
{
is_expected
.
to
be_denied_for
(
:user
)
}
it
{
is_expected
.
to
be_denied_for
(
:external
)
}
it
{
is_expected
.
to
be_denied_for
(
:external
)
}
it
{
is_expected
.
to
be_denied_for
(
:visitor
)
}
it
{
is_expected
.
to
be_denied_for
(
:visitor
)
}
context
'when public builds is enabled'
do
before
do
project
.
update
(
public_builds:
true
)
end
it
{
is_expected
.
to
be_allowed_for
(
:guest
).
of
(
project
)
}
end
context
'when public buils are disabled'
do
it
{
is_expected
.
to
be_denied_for
(
:guest
).
of
(
project
)
}
end
end
end
describe
"GET /:project_path/builds"
do
describe
"GET /:project_path/builds"
do
...
@@ -289,6 +313,18 @@ describe "Private Project Access", feature: true do
...
@@ -289,6 +313,18 @@ describe "Private Project Access", feature: true do
it
{
is_expected
.
to
be_denied_for
(
:user
)
}
it
{
is_expected
.
to
be_denied_for
(
:user
)
}
it
{
is_expected
.
to
be_denied_for
(
:external
)
}
it
{
is_expected
.
to
be_denied_for
(
:external
)
}
it
{
is_expected
.
to
be_denied_for
(
:visitor
)
}
it
{
is_expected
.
to
be_denied_for
(
:visitor
)
}
context
'when public builds is enabled'
do
before
do
project
.
update
(
public_builds:
true
)
end
it
{
is_expected
.
to
be_allowed_for
(
:guest
).
of
(
project
)
}
end
context
'when public buils are disabled'
do
it
{
is_expected
.
to
be_denied_for
(
:guest
).
of
(
project
)
}
end
end
end
describe
"GET /:project_path/builds/:id"
do
describe
"GET /:project_path/builds/:id"
do
...
@@ -305,6 +341,23 @@ describe "Private Project Access", feature: true do
...
@@ -305,6 +341,23 @@ describe "Private Project Access", feature: true do
it
{
is_expected
.
to
be_denied_for
(
:user
)
}
it
{
is_expected
.
to
be_denied_for
(
:user
)
}
it
{
is_expected
.
to
be_denied_for
(
:external
)
}
it
{
is_expected
.
to
be_denied_for
(
:external
)
}
it
{
is_expected
.
to
be_denied_for
(
:visitor
)
}
it
{
is_expected
.
to
be_denied_for
(
:visitor
)
}
context
'when public builds is enabled'
do
before
do
project
.
update
(
public_builds:
true
)
end
it
{
is_expected
.
to
be_allowed_for
(
:guest
).
of
(
project
)
}
end
context
'when public buils are disabled'
do
before
do
project
.
public_builds
=
false
project
.
save
end
it
{
is_expected
.
to
be_denied_for
(
:guest
).
of
(
project
)
}
end
end
end
describe
"GET /:project_path/environments"
do
describe
"GET /:project_path/environments"
do
...
...
spec/lib/gitlab/cycle_analytics/permissions_spec.rb
浏览文件 @
0ff8f002
require
'spec_helper'
require
'spec_helper'
describe
Gitlab
::
CycleAnalytics
::
Permissions
do
describe
Gitlab
::
CycleAnalytics
::
Permissions
do
let
(
:project
)
{
create
(
:empty_project
)
}
let
(
:project
)
{
create
(
:empty_project
,
public_builds:
false
)
}
let
(
:user
)
{
create
(
:user
)
}
let
(
:user
)
{
create
(
:user
)
}
subject
{
described_class
.
get
(
user:
user
,
project:
project
)
}
subject
{
described_class
.
get
(
user:
user
,
project:
project
)
}
...
...
spec/policies/project_policy_spec.rb
浏览文件 @
0ff8f002
...
@@ -111,14 +111,36 @@ describe ProjectPolicy, models: true do
...
@@ -111,14 +111,36 @@ describe ProjectPolicy, models: true do
context
'guests'
do
context
'guests'
do
let
(
:current_user
)
{
guest
}
let
(
:current_user
)
{
guest
}
let
(
:reporter_public_build_permissions
)
do
reporter_permissions
-
[
:read_build
,
:read_pipeline
]
end
it
do
it
do
is_expected
.
to
include
(
*
guest_permissions
)
is_expected
.
to
include
(
*
guest_permissions
)
is_expected
.
not_to
include
(
*
reporter_permissions
)
is_expected
.
not_to
include
(
*
reporter_p
ublic_build_p
ermissions
)
is_expected
.
not_to
include
(
*
team_member_reporter_permissions
)
is_expected
.
not_to
include
(
*
team_member_reporter_permissions
)
is_expected
.
not_to
include
(
*
developer_permissions
)
is_expected
.
not_to
include
(
*
developer_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
end
end
context
'public builds enabled'
do
it
do
is_expected
.
to
include
(
*
guest_permissions
)
is_expected
.
to
include
(
:read_build
,
:read_pipeline
)
end
end
context
'public builds disabled'
do
before
do
project
.
update
(
public_builds:
false
)
end
it
do
is_expected
.
to
include
(
*
guest_permissions
)
is_expected
.
not_to
include
(
:read_build
,
:read_pipeline
)
end
end
end
end
context
'reporter'
do
context
'reporter'
do
...
...
spec/requests/api/builds_spec.rb
浏览文件 @
0ff8f002
...
@@ -5,7 +5,7 @@ describe API::Builds, api: true do
...
@@ -5,7 +5,7 @@ describe API::Builds, api: true do
let
(
:user
)
{
create
(
:user
)
}
let
(
:user
)
{
create
(
:user
)
}
let
(
:api_user
)
{
user
}
let
(
:api_user
)
{
user
}
let!
(
:project
)
{
create
(
:project
,
creator_id:
user
.
id
)
}
let!
(
:project
)
{
create
(
:project
,
creator_id:
user
.
id
,
public_builds:
false
)
}
let!
(
:developer
)
{
create
(
:project_member
,
:developer
,
user:
user
,
project:
project
)
}
let!
(
:developer
)
{
create
(
:project_member
,
:developer
,
user:
user
,
project:
project
)
}
let
(
:reporter
)
{
create
(
:project_member
,
:reporter
,
project:
project
)
}
let
(
:reporter
)
{
create
(
:project_member
,
:reporter
,
project:
project
)
}
let
(
:guest
)
{
create
(
:project_member
,
:guest
,
project:
project
)
}
let
(
:guest
)
{
create
(
:project_member
,
:guest
,
project:
project
)
}
...
...
spec/requests/projects/cycle_analytics_events_spec.rb
浏览文件 @
0ff8f002
...
@@ -2,7 +2,7 @@ require 'spec_helper'
...
@@ -2,7 +2,7 @@ require 'spec_helper'
describe
'cycle analytics events'
do
describe
'cycle analytics events'
do
let
(
:user
)
{
create
(
:user
)
}
let
(
:user
)
{
create
(
:user
)
}
let
(
:project
)
{
create
(
:project
)
}
let
(
:project
)
{
create
(
:project
,
public_builds:
false
)
}
let
(
:issue
)
{
create
(
:issue
,
project:
project
,
created_at:
2
.
days
.
ago
)
}
let
(
:issue
)
{
create
(
:issue
,
project:
project
,
created_at:
2
.
days
.
ago
)
}
describe
'GET /:namespace/:project/cycle_analytics/events/issues'
do
describe
'GET /:namespace/:project/cycle_analytics/events/issues'
do
...
...
spec/workers/pipeline_notification_worker_spec.rb
浏览文件 @
0ff8f002
...
@@ -11,7 +11,7 @@ describe PipelineNotificationWorker do
...
@@ -11,7 +11,7 @@ describe PipelineNotificationWorker do
status:
status
)
status:
status
)
end
end
let
(
:project
)
{
create
(
:project
)
}
let
(
:project
)
{
create
(
:project
,
public_builds:
false
)
}
let
(
:user
)
{
create
(
:user
)
}
let
(
:user
)
{
create
(
:user
)
}
let
(
:pusher
)
{
user
}
let
(
:pusher
)
{
user
}
let
(
:watcher
)
{
pusher
}
let
(
:watcher
)
{
pusher
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录