Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
aff7dccc
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
aff7dccc
编写于
8月 22, 2018
作者:
S
Sean McGivern
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Use policies to determine if attributes can be set in the API
This is more idiomatic than checking membership explicitly.
上级
b63ed7cf
变更
8
隐藏空白更改
内联
并排
Showing
8 changed file
with
137 addition
and
26 deletion
+137
-26
app/policies/group_policy.rb
app/policies/group_policy.rb
+2
-0
app/policies/project_policy.rb
app/policies/project_policy.rb
+4
-0
lib/api/helpers/notes_helpers.rb
lib/api/helpers/notes_helpers.rb
+1
-4
lib/api/issues.rb
lib/api/issues.rb
+2
-5
spec/policies/group_policy_spec.rb
spec/policies/group_policy_spec.rb
+1
-0
spec/policies/project_policy_spec.rb
spec/policies/project_policy_spec.rb
+1
-0
spec/requests/api/issues_spec.rb
spec/requests/api/issues_spec.rb
+54
-7
spec/support/shared_examples/requests/api/notes.rb
spec/support/shared_examples/requests/api/notes.rb
+72
-10
未找到文件。
app/policies/group_policy.rb
浏览文件 @
aff7dccc
...
...
@@ -72,6 +72,8 @@ class GroupPolicy < BasePolicy
enable
:admin_namespace
enable
:admin_group_member
enable
:change_visibility_level
enable
:set_note_created_at
end
rule
{
can?
(
:read_nested_project_resources
)
}.
policy
do
...
...
app/policies/project_policy.rb
浏览文件 @
aff7dccc
...
...
@@ -143,6 +143,10 @@ class ProjectPolicy < BasePolicy
enable
:destroy_merge_request
enable
:destroy_issue
enable
:remove_pages
enable
:set_issue_iid
enable
:set_issue_created_at
enable
:set_note_created_at
end
rule
{
can?
(
:guest_access
)
}.
policy
do
...
...
lib/api/helpers/notes_helpers.rb
浏览文件 @
aff7dccc
...
...
@@ -92,10 +92,7 @@ module API
parent
=
noteable_parent
(
noteable
)
if
opts
[
:created_at
]
opts
.
delete
(
:created_at
)
unless
(
current_user
.
admin?
||
user_project
.
owner
==
current_user
||
current_user
.
owned_groups
.
include?
(
user_project
.
owner
))
end
opts
.
delete
(
:created_at
)
unless
current_user
.
can?
(
:set_note_created_at
,
policy_object
)
opts
[
:updated_at
]
=
opts
[
:created_at
]
if
opts
[
:created_at
]
...
...
lib/api/issues.rb
浏览文件 @
aff7dccc
...
...
@@ -172,11 +172,8 @@ module API
authorize!
:create_issue
,
user_project
# Setting created_at time or iid only allowed for admins and project owners
unless
current_user
.
admin?
||
user_project
.
owner
==
current_user
||
current_user
.
owned_groups
.
include?
(
user_project
.
owner
)
params
.
delete
(
:created_at
)
params
.
delete
(
:iid
)
end
params
.
delete
(
:created_at
)
unless
current_user
.
can?
(
:set_issue_created_at
,
user_project
)
params
.
delete
(
:iid
)
unless
current_user
.
can?
(
:set_issue_iid
,
user_project
)
issue_params
=
declared_params
(
include_missing:
false
)
...
...
spec/policies/group_policy_spec.rb
浏览文件 @
aff7dccc
...
...
@@ -31,6 +31,7 @@ describe GroupPolicy do
:admin_namespace
,
:admin_group_member
,
:change_visibility_level
,
:set_note_created_at
,
(
Gitlab
::
Database
.
postgresql?
?
:create_subgroup
:
nil
)
].
compact
end
...
...
spec/policies/project_policy_spec.rb
浏览文件 @
aff7dccc
...
...
@@ -64,6 +64,7 @@ describe ProjectPolicy do
%i[
change_namespace change_visibility_level rename_project remove_project
archive_project remove_fork_project destroy_merge_request destroy_issue
set_issue_iid set_issue_created_at set_note_created_at
]
end
...
...
spec/requests/api/issues_spec.rb
浏览文件 @
aff7dccc
...
...
@@ -1023,6 +1023,20 @@ describe API::Issues do
end
end
context
'by a group owner'
do
let
(
:group
)
{
create
(
:group
)
}
let
(
:group_project
)
{
create
(
:project
,
:public
,
namespace:
group
)
}
it
'sets the internal ID on the new issue'
do
group
.
add_owner
(
user2
)
post
api
(
"/projects/
#{
group_project
.
id
}
/issues"
,
user2
),
title:
'new issue'
,
iid:
9001
expect
(
response
).
to
have_gitlab_http_status
(
201
)
expect
(
json_response
[
'iid'
]).
to
eq
9001
end
end
context
'by another user'
do
it
'ignores the given internal ID'
do
post
api
(
"/projects/
#{
project
.
id
}
/issues"
,
user2
),
...
...
@@ -1154,14 +1168,47 @@ describe API::Issues do
end
end
context
'when an admin or owner makes the request'
do
it
'accepts the creation date to be set'
do
creation_time
=
2
.
weeks
.
ago
post
api
(
"/projects/
#{
project
.
id
}
/issues"
,
user
),
title:
'new issue'
,
labels:
'label, label2'
,
created_at:
creation_time
context
'setting created_at'
do
let
(
:creation_time
)
{
2
.
weeks
.
ago
}
let
(
:params
)
{
{
title:
'new issue'
,
labels:
'label, label2'
,
created_at:
creation_time
}
}
expect
(
response
).
to
have_gitlab_http_status
(
201
)
expect
(
Time
.
parse
(
json_response
[
'created_at'
])).
to
be_like_time
(
creation_time
)
context
'by an admin'
do
it
'sets the creation time on the new issue'
do
post
api
(
"/projects/
#{
project
.
id
}
/issues"
,
admin
),
params
expect
(
response
).
to
have_gitlab_http_status
(
201
)
expect
(
Time
.
parse
(
json_response
[
'created_at'
])).
to
be_like_time
(
creation_time
)
end
end
context
'by a project owner'
do
it
'sets the creation time on the new issue'
do
post
api
(
"/projects/
#{
project
.
id
}
/issues"
,
user
),
params
expect
(
response
).
to
have_gitlab_http_status
(
201
)
expect
(
Time
.
parse
(
json_response
[
'created_at'
])).
to
be_like_time
(
creation_time
)
end
end
context
'by a group owner'
do
it
'sets the creation time on the new issue'
do
group
=
create
(
:group
)
group_project
=
create
(
:project
,
:public
,
namespace:
group
)
group
.
add_owner
(
user2
)
post
api
(
"/projects/
#{
group_project
.
id
}
/issues"
,
user2
),
params
expect
(
response
).
to
have_gitlab_http_status
(
201
)
expect
(
Time
.
parse
(
json_response
[
'created_at'
])).
to
be_like_time
(
creation_time
)
end
end
context
'by another user'
do
it
'ignores the given creation time'
do
post
api
(
"/projects/
#{
project
.
id
}
/issues"
,
user2
),
params
expect
(
response
).
to
have_gitlab_http_status
(
201
)
expect
(
Time
.
parse
(
json_response
[
'created_at'
])).
not_to
be_like_time
(
creation_time
)
end
end
end
...
...
spec/support/shared_examples/requests/api/notes.rb
浏览文件 @
aff7dccc
...
...
@@ -111,17 +111,79 @@ shared_examples 'noteable API' do |parent_type, noteable_type, id_name|
post
api
(
"/
#{
parent_type
}
/
#{
parent
.
id
}
/
#{
noteable_type
}
/
#{
noteable
[
id_name
]
}
/notes"
,
user
),
body:
'hi!'
end
context
'when an admin or owner makes the request'
do
it
'accepts the creation date to be set'
do
creation_time
=
2
.
weeks
.
ago
post
api
(
"/
#{
parent_type
}
/
#{
parent
.
id
}
/
#{
noteable_type
}
/
#{
noteable
[
id_name
]
}
/notes"
,
user
),
body:
'hi!'
,
created_at:
creation_time
context
'setting created_at'
do
let
(
:creation_time
)
{
2
.
weeks
.
ago
}
let
(
:params
)
{
{
body:
'hi!'
,
created_at:
creation_time
}
}
context
'by an admin'
do
it
'sets the creation time on the new note'
do
admin
=
create
(
:admin
)
post
api
(
"/
#{
parent_type
}
/
#{
parent
.
id
}
/
#{
noteable_type
}
/
#{
noteable
[
id_name
]
}
/notes"
,
admin
),
params
expect
(
response
).
to
have_gitlab_http_status
(
201
)
expect
(
json_response
[
'body'
]).
to
eq
(
'hi!'
)
expect
(
json_response
[
'author'
][
'username'
]).
to
eq
(
admin
.
username
)
expect
(
Time
.
parse
(
json_response
[
'created_at'
])).
to
be_like_time
(
creation_time
)
expect
(
Time
.
parse
(
json_response
[
'updated_at'
])).
to
be_like_time
(
creation_time
)
end
end
expect
(
response
).
to
have_gitlab_http_status
(
201
)
expect
(
json_response
[
'body'
]).
to
eq
(
'hi!'
)
expect
(
json_response
[
'author'
][
'username'
]).
to
eq
(
user
.
username
)
expect
(
Time
.
parse
(
json_response
[
'created_at'
])).
to
be_like_time
(
creation_time
)
expect
(
Time
.
parse
(
json_response
[
'updated_at'
])).
to
be_like_time
(
creation_time
)
if
parent_type
==
'projects'
context
'by a project owner'
do
it
'sets the creation time on the new note'
do
post
api
(
"/
#{
parent_type
}
/
#{
parent
.
id
}
/
#{
noteable_type
}
/
#{
noteable
[
id_name
]
}
/notes"
,
user
),
params
expect
(
response
).
to
have_gitlab_http_status
(
201
)
expect
(
json_response
[
'body'
]).
to
eq
(
'hi!'
)
expect
(
json_response
[
'author'
][
'username'
]).
to
eq
(
user
.
username
)
expect
(
Time
.
parse
(
json_response
[
'created_at'
])).
to
be_like_time
(
creation_time
)
expect
(
Time
.
parse
(
json_response
[
'updated_at'
])).
to
be_like_time
(
creation_time
)
end
end
context
'by a group owner'
do
it
'sets the creation time on the new note'
do
user2
=
create
(
:user
)
group
=
create
(
:group
)
group
.
add_owner
(
user2
)
parent
.
update!
(
namespace:
group
)
user2
.
refresh_authorized_projects
post
api
(
"/
#{
parent_type
}
/
#{
parent
.
id
}
/
#{
noteable_type
}
/
#{
noteable
[
id_name
]
}
/notes"
,
user2
),
params
expect
(
response
).
to
have_gitlab_http_status
(
201
)
expect
(
json_response
[
'body'
]).
to
eq
(
'hi!'
)
expect
(
json_response
[
'author'
][
'username'
]).
to
eq
(
user2
.
username
)
expect
(
Time
.
parse
(
json_response
[
'created_at'
])).
to
be_like_time
(
creation_time
)
expect
(
Time
.
parse
(
json_response
[
'updated_at'
])).
to
be_like_time
(
creation_time
)
end
end
elsif
parent_type
==
'groups'
context
'by a group owner'
do
it
'sets the creation time on the new note'
do
post
api
(
"/
#{
parent_type
}
/
#{
parent
.
id
}
/
#{
noteable_type
}
/
#{
noteable
[
id_name
]
}
/notes"
,
user
),
params
expect
(
response
).
to
have_gitlab_http_status
(
201
)
expect
(
json_response
[
'body'
]).
to
eq
(
'hi!'
)
expect
(
json_response
[
'author'
][
'username'
]).
to
eq
(
user
.
username
)
expect
(
Time
.
parse
(
json_response
[
'created_at'
])).
to
be_like_time
(
creation_time
)
expect
(
Time
.
parse
(
json_response
[
'updated_at'
])).
to
be_like_time
(
creation_time
)
end
end
end
context
'by another user'
do
it
'ignores the given creation time'
do
user2
=
create
(
:user
)
parent
.
add_developer
(
user2
)
post
api
(
"/
#{
parent_type
}
/
#{
parent
.
id
}
/
#{
noteable_type
}
/
#{
noteable
[
id_name
]
}
/notes"
,
user2
),
params
expect
(
response
).
to
have_gitlab_http_status
(
201
)
expect
(
json_response
[
'body'
]).
to
eq
(
'hi!'
)
expect
(
json_response
[
'author'
][
'username'
]).
to
eq
(
user2
.
username
)
expect
(
Time
.
parse
(
json_response
[
'created_at'
])).
not_to
be_like_time
(
creation_time
)
expect
(
Time
.
parse
(
json_response
[
'updated_at'
])).
not_to
be_like_time
(
creation_time
)
end
end
end
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录