Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
7b4b3d5f
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
7b4b3d5f
编写于
12月 13, 2016
作者:
D
Dmitriy Zaporozhets
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Include group parents into read access for project and group
Signed-off-by:
N
Dmitriy Zaporozhets
<
dmitriy.zaporozhets@gmail.com
>
上级
645412b5
变更
5
显示空白变更内容
内联
并排
Showing
5 changed file
with
93 addition
and
6 deletion
+93
-6
app/models/group.rb
app/models/group.rb
+14
-4
app/policies/group_policy.rb
app/policies/group_policy.rb
+1
-1
app/policies/project_policy.rb
app/policies/project_policy.rb
+1
-1
spec/models/group_spec.rb
spec/models/group_spec.rb
+11
-0
spec/policies/group_policy_spec.rb
spec/policies/group_policy_spec.rb
+66
-0
未找到文件。
app/models/group.rb
浏览文件 @
7b4b3d5f
...
@@ -155,15 +155,17 @@ class Group < Namespace
...
@@ -155,15 +155,17 @@ class Group < Namespace
end
end
def
has_owner?
(
user
)
def
has_owner?
(
user
)
owners
.
include?
(
user
)
members_with_parents
.
owners
.
where
(
user_id:
user
).
any?
end
end
def
has_master?
(
user
)
def
has_master?
(
user
)
members
.
masters
.
where
(
user_id:
user
).
any?
members
_with_parents
.
masters
.
where
(
user_id:
user
).
any?
end
end
# Check if user is a last owner of the group.
# Parent owners are ignored for nested groups.
def
last_owner?
(
user
)
def
last_owner?
(
user
)
has_owner
?
(
user
)
&&
owners
.
size
==
1
owners
.
include
?
(
user
)
&&
owners
.
size
==
1
end
end
def
avatar_type
def
avatar_type
...
@@ -189,6 +191,14 @@ class Group < Namespace
...
@@ -189,6 +191,14 @@ class Group < Namespace
end
end
def
refresh_members_authorized_projects
def
refresh_members_authorized_projects
UserProjectAccessChangedService
.
new
(
users
.
pluck
(
:id
)).
execute
UserProjectAccessChangedService
.
new
(
users_with_parents
.
pluck
(
:id
)).
execute
end
def
members_with_parents
GroupMember
.
where
(
requested_at:
nil
,
source_id:
parents
.
map
(
&
:id
).
push
(
id
))
end
def
users_with_parents
User
.
where
(
id:
members_with_parents
.
pluck
(
:user_id
))
end
end
end
end
app/policies/group_policy.rb
浏览文件 @
7b4b3d5f
...
@@ -4,7 +4,7 @@ class GroupPolicy < BasePolicy
...
@@ -4,7 +4,7 @@ class GroupPolicy < BasePolicy
return
unless
@user
return
unless
@user
globally_viewable
=
@subject
.
public?
||
(
@subject
.
internal?
&&
!
@user
.
external?
)
globally_viewable
=
@subject
.
public?
||
(
@subject
.
internal?
&&
!
@user
.
external?
)
member
=
@subject
.
users
.
include?
(
@user
)
member
=
@subject
.
users
_with_parents
.
include?
(
@user
)
owner
=
@user
.
admin?
||
@subject
.
has_owner?
(
@user
)
owner
=
@user
.
admin?
||
@subject
.
has_owner?
(
@user
)
master
=
owner
||
@subject
.
has_master?
(
@user
)
master
=
owner
||
@subject
.
has_master?
(
@user
)
...
...
app/policies/project_policy.rb
浏览文件 @
7b4b3d5f
...
@@ -245,7 +245,7 @@ class ProjectPolicy < BasePolicy
...
@@ -245,7 +245,7 @@ class ProjectPolicy < BasePolicy
def
project_group_member?
(
user
)
def
project_group_member?
(
user
)
project
.
group
&&
project
.
group
&&
(
(
project
.
group
.
members
.
exists?
(
user_id:
user
.
id
)
||
project
.
group
.
members
_with_parents
.
exists?
(
user_id:
user
.
id
)
||
project
.
group
.
requesters
.
exists?
(
user_id:
user
.
id
)
project
.
group
.
requesters
.
exists?
(
user_id:
user
.
id
)
)
)
end
end
...
...
spec/models/group_spec.rb
浏览文件 @
7b4b3d5f
...
@@ -277,4 +277,15 @@ describe Group, models: true do
...
@@ -277,4 +277,15 @@ describe Group, models: true do
it
{
is_expected
.
to
be_valid
}
it
{
is_expected
.
to
be_valid
}
it
{
expect
(
subject
.
parent
).
to
be_kind_of
(
Group
)
}
it
{
expect
(
subject
.
parent
).
to
be_kind_of
(
Group
)
}
end
end
describe
'#members_with_parents'
do
let!
(
:group
)
{
create
(
:group
,
:nested
)
}
let!
(
:master
)
{
group
.
parent
.
add_user
(
create
(
:user
),
GroupMember
::
MASTER
)
}
let!
(
:developer
)
{
group
.
add_user
(
create
(
:user
),
GroupMember
::
DEVELOPER
)
}
it
'returns parents members'
do
expect
(
group
.
members_with_parents
).
to
include
(
developer
)
expect
(
group
.
members_with_parents
).
to
include
(
master
)
end
end
end
end
spec/policies/group_policy_spec.rb
浏览文件 @
7b4b3d5f
...
@@ -105,4 +105,70 @@ describe GroupPolicy, models: true do
...
@@ -105,4 +105,70 @@ describe GroupPolicy, models: true do
is_expected
.
to
include
(
*
owner_permissions
)
is_expected
.
to
include
(
*
owner_permissions
)
end
end
end
end
describe
'private nested group inherit permissions'
do
let
(
:nested_group
)
{
create
(
:group
,
:private
,
parent:
group
)
}
subject
{
described_class
.
abilities
(
current_user
,
nested_group
).
to_set
}
context
'with no user'
do
let
(
:current_user
)
{
nil
}
it
do
is_expected
.
not_to
include
(
:read_group
)
is_expected
.
not_to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
end
end
context
'guests'
do
let
(
:current_user
)
{
guest
}
it
do
is_expected
.
to
include
(
:read_group
)
is_expected
.
not_to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
end
end
context
'reporter'
do
let
(
:current_user
)
{
reporter
}
it
do
is_expected
.
to
include
(
:read_group
)
is_expected
.
not_to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
end
end
context
'developer'
do
let
(
:current_user
)
{
developer
}
it
do
is_expected
.
to
include
(
:read_group
)
is_expected
.
not_to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
end
end
context
'master'
do
let
(
:current_user
)
{
master
}
it
do
is_expected
.
to
include
(
:read_group
)
is_expected
.
to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
end
end
context
'owner'
do
let
(
:current_user
)
{
owner
}
it
do
is_expected
.
to
include
(
:read_group
)
is_expected
.
to
include
(
*
master_permissions
)
is_expected
.
to
include
(
*
owner_permissions
)
end
end
end
end
end
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录