Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
b4004488
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
b4004488
编写于
10月 04, 2016
作者:
V
Valery Sizov
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Make guests unable to view MRs
上级
a3169d52
变更
13
隐藏空白更改
内联
并排
Showing
13 changed file
with
143 addition
and
13 deletion
+143
-13
CHANGELOG
CHANGELOG
+1
-0
app/models/event.rb
app/models/event.rb
+7
-1
app/policies/project_policy.rb
app/policies/project_policy.rb
+2
-1
app/services/notification_service.rb
app/services/notification_service.rb
+4
-2
app/services/todo_service.rb
app/services/todo_service.rb
+3
-3
doc/user/permissions.md
doc/user/permissions.md
+1
-0
spec/features/projects/guest_navigation_menu_spec.rb
spec/features/projects/guest_navigation_menu_spec.rb
+28
-0
spec/features/security/project/private_access_spec.rb
spec/features/security/project/private_access_spec.rb
+1
-1
spec/models/event_spec.rb
spec/models/event_spec.rb
+11
-0
spec/policies/project_policy_spec.rb
spec/policies/project_policy_spec.rb
+3
-2
spec/services/merge_requests/update_service_spec.rb
spec/services/merge_requests/update_service_spec.rb
+6
-0
spec/services/notification_service_spec.rb
spec/services/notification_service_spec.rb
+56
-1
spec/services/todo_service_spec.rb
spec/services/todo_service_spec.rb
+20
-2
未找到文件。
CHANGELOG
浏览文件 @
b4004488
...
...
@@ -93,6 +93,7 @@ v 8.13.0 (unreleased)
- Cleanup Ci::ApplicationController. !6757 (Takuya Noguchi)
- Fix a typo in doc/api/labels.md
- API: all unknown routing will be handled with 404 Not Found
- Make guests unable to view MRs on private projects
v 8.12.5 (unreleased)
- Update the mail_room gem to 0.8.1 to fix a race condition with the mailbox watching thread
...
...
app/models/event.rb
浏览文件 @
b4004488
...
...
@@ -68,8 +68,10 @@ class Event < ActiveRecord::Base
true
elsif
issue?
||
issue_note?
Ability
.
allowed?
(
user
,
:read_issue
,
note?
?
note_target
:
target
)
elsif
merge_request?
||
merge_request_note?
Ability
.
allowed?
(
user
,
:read_merge_request
,
note?
?
note_target
:
target
)
else
((
merge_request?
||
note?
)
&&
target
.
present?
)
||
milestone?
milestone?
end
end
...
...
@@ -280,6 +282,10 @@ class Event < ActiveRecord::Base
note?
&&
target
&&
target
.
for_issue?
end
def
merge_request_note?
note?
&&
target
&&
target
.
for_merge_request?
end
def
project_snippet_note?
target
.
for_snippet?
end
...
...
app/policies/project_policy.rb
浏览文件 @
b4004488
...
...
@@ -40,7 +40,6 @@ class ProjectPolicy < BasePolicy
can!
:read_milestone
can!
:read_project_snippet
can!
:read_project_member
can!
:read_merge_request
can!
:read_note
can!
:create_project
can!
:create_issue
...
...
@@ -63,6 +62,7 @@ class ProjectPolicy < BasePolicy
can!
:read_pipeline
can!
:read_environment
can!
:read_deployment
can!
:read_merge_request
end
# Permissions given when an user is team member of a project
...
...
@@ -117,6 +117,7 @@ class ProjectPolicy < BasePolicy
can!
:read_container_image
can!
:build_download_code
can!
:build_read_container_image
can!
:read_merge_request
end
def
owner_access!
...
...
app/services/notification_service.rb
浏览文件 @
b4004488
...
...
@@ -475,10 +475,12 @@ class NotificationService
end
def
reject_users_without_access
(
recipients
,
target
)
return
recipients
unless
target
.
is_a?
(
Issue
)
return
recipients
unless
target
.
is_a?
(
Issuable
)
ability
=
:"read_
#{
target
.
to_ability_name
}
"
recipients
.
select
do
|
user
|
user
.
can?
(
:read_issue
,
target
)
user
.
can?
(
ability
,
target
)
end
end
...
...
app/services/todo_service.rb
浏览文件 @
b4004488
...
...
@@ -273,12 +273,12 @@ class TodoService
end
def
reject_users_without_access
(
users
,
project
,
target
)
if
target
.
is_a?
(
Note
)
&&
target
.
for_issue?
if
target
.
is_a?
(
Note
)
&&
(
target
.
for_issue?
||
target
.
for_merge_request?
)
target
=
target
.
noteable
end
if
target
.
is_a?
(
Issue
)
select_users
(
users
,
:
read_issue
,
target
)
if
target
.
is_a?
(
Issu
abl
e
)
select_users
(
users
,
:
"read_
#{
target
.
to_ability_name
}
"
,
target
)
else
select_users
(
users
,
:read_project
,
project
)
end
...
...
doc/user/permissions.md
浏览文件 @
b4004488
...
...
@@ -32,6 +32,7 @@ The following table depicts the various user permission levels in a project.
| See a commit status | | ✓ | ✓ | ✓ | ✓ |
| See a container registry | | ✓ | ✓ | ✓ | ✓ |
| See environments | | ✓ | ✓ | ✓ | ✓ |
| See a list of merge requests | | ✓ | ✓ | ✓ | ✓ |
| Manage/Accept merge requests | | | ✓ | ✓ | ✓ |
| Create new merge request | | | ✓ | ✓ | ✓ |
| Create new branches | | | ✓ | ✓ | ✓ |
...
...
spec/features/projects/guest_navigation_menu_spec.rb
0 → 100644
浏览文件 @
b4004488
require
'spec_helper'
describe
"Guest navigation menu"
do
let
(
:project
)
{
create
:empty_project
,
:private
}
let
(
:guest
)
{
create
:user
}
before
do
project
.
team
<<
[
guest
,
:guest
]
login_as
(
guest
)
end
it
"shows allowed tabs only"
do
visit
namespace_project_path
(
project
.
namespace
,
project
)
within
(
".nav-links"
)
do
expect
(
page
).
to
have_content
'Project'
expect
(
page
).
to
have_content
'Activity'
expect
(
page
).
to
have_content
'Issues'
expect
(
page
).
to
have_content
'Wiki'
expect
(
page
).
not_to
have_content
'Repository'
expect
(
page
).
not_to
have_content
'Pipelines'
expect
(
page
).
not_to
have_content
'Graphs'
expect
(
page
).
not_to
have_content
'Merge Requests'
end
end
end
spec/features/security/project/private_access_spec.rb
浏览文件 @
b4004488
...
...
@@ -203,7 +203,7 @@ describe "Private Project Access", feature: true do
it
{
is_expected
.
to
be_allowed_for
master
}
it
{
is_expected
.
to
be_allowed_for
developer
}
it
{
is_expected
.
to
be_allowed_for
reporter
}
it
{
is_expected
.
to
be_
allowed_for
guest
}
it
{
is_expected
.
to
be_
denied_for
guest
}
it
{
is_expected
.
to
be_denied_for
:user
}
it
{
is_expected
.
to
be_denied_for
:external
}
it
{
is_expected
.
to
be_denied_for
:visitor
}
...
...
spec/models/event_spec.rb
浏览文件 @
b4004488
...
...
@@ -135,6 +135,17 @@ describe Event, models: true do
it
{
expect
(
event
.
visible_to_user?
(
member
)).
to
eq
true
}
it
{
expect
(
event
.
visible_to_user?
(
guest
)).
to
eq
true
}
it
{
expect
(
event
.
visible_to_user?
(
admin
)).
to
eq
true
}
context
'private project'
do
let
(
:project
)
{
create
(
:project
,
:private
)
}
it
{
expect
(
event
.
visible_to_user?
(
non_member
)).
to
eq
false
}
it
{
expect
(
event
.
visible_to_user?
(
author
)).
to
eq
true
}
it
{
expect
(
event
.
visible_to_user?
(
assignee
)).
to
eq
true
}
it
{
expect
(
event
.
visible_to_user?
(
member
)).
to
eq
true
}
it
{
expect
(
event
.
visible_to_user?
(
guest
)).
to
eq
false
}
it
{
expect
(
event
.
visible_to_user?
(
admin
)).
to
eq
true
}
end
end
end
...
...
spec/policies/project_policy_spec.rb
浏览文件 @
b4004488
...
...
@@ -12,7 +12,7 @@ describe ProjectPolicy, models: true do
[
:read_project
,
:read_board
,
:read_list
,
:read_wiki
,
:read_issue
,
:read_label
,
:read_milestone
,
:read_project_snippet
,
:read_project_member
,
:read_
merge_request
,
:read_
note
,
:create_project
,
:create_issue
,
:create_note
,
:read_note
,
:create_project
,
:create_issue
,
:create_note
,
:upload_file
]
end
...
...
@@ -21,7 +21,8 @@ describe ProjectPolicy, models: true do
[
:download_code
,
:fork_project
,
:create_project_snippet
,
:update_issue
,
:admin_issue
,
:admin_label
,
:admin_list
,
:read_commit_status
,
:read_build
,
:read_container_image
,
:read_pipeline
,
:read_environment
,
:read_deployment
:read_container_image
,
:read_pipeline
,
:read_environment
,
:read_deployment
,
:read_merge_request
]
end
...
...
spec/services/merge_requests/update_service_spec.rb
浏览文件 @
b4004488
...
...
@@ -17,6 +17,7 @@ describe MergeRequests::UpdateService, services: true do
before
do
project
.
team
<<
[
user
,
:master
]
project
.
team
<<
[
user2
,
:developer
]
project
.
team
<<
[
user3
,
:developer
]
end
describe
'execute'
do
...
...
@@ -188,6 +189,11 @@ describe MergeRequests::UpdateService, services: true do
let!
(
:non_subscriber
)
{
create
(
:user
)
}
let!
(
:subscriber
)
{
create
(
:user
).
tap
{
|
u
|
label
.
toggle_subscription
(
u
)
}
}
before
do
project
.
team
<<
[
non_subscriber
,
:developer
]
project
.
team
<<
[
subscriber
,
:developer
]
end
it
'sends notifications for subscribers of newly added labels'
do
opts
=
{
label_ids:
[
label
.
id
]
}
...
...
spec/services/notification_service_spec.rb
浏览文件 @
b4004488
...
...
@@ -331,7 +331,7 @@ describe NotificationService, services: true do
describe
'#new_note'
do
it
"records sent notifications"
do
# Ensure create SentNotification by noteable = merge_request 6 times, not noteable = note
expect
(
SentNotification
).
to
receive
(
:record_note
).
with
(
note
,
any_args
).
exactly
(
4
).
times
.
and_call_original
expect
(
SentNotification
).
to
receive
(
:record_note
).
with
(
note
,
any_args
).
exactly
(
3
).
times
.
and_call_original
notification
.
new_note
(
note
)
...
...
@@ -1169,6 +1169,61 @@ describe NotificationService, services: true do
end
end
context
'guest user in private project'
do
let
(
:private_project
)
{
create
(
:empty_project
,
:private
)
}
let
(
:guest
)
{
create
(
:user
)
}
let
(
:developer
)
{
create
(
:user
)
}
let
(
:assignee
)
{
create
(
:user
)
}
let
(
:merge_request
)
{
create
(
:merge_request
,
source_project:
private_project
,
assignee:
assignee
)
}
let
(
:merge_request1
)
{
create
(
:merge_request
,
source_project:
private_project
,
assignee:
assignee
,
description:
"cc @
#{
guest
.
username
}
"
)
}
let
(
:note
)
{
create
(
:note
,
noteable:
merge_request
,
project:
private_project
)
}
before
do
private_project
.
team
<<
[
assignee
,
:developer
]
private_project
.
team
<<
[
developer
,
:developer
]
private_project
.
team
<<
[
guest
,
:guest
]
ActionMailer
::
Base
.
deliveries
.
clear
end
it
'filters out guests when new note is created'
do
expect
(
SentNotification
).
to
receive
(
:record
).
with
(
merge_request
,
any_args
).
exactly
(
1
).
times
notification
.
new_note
(
note
)
should_not_email
(
guest
)
should_email
(
assignee
)
end
it
'filters out guests when new merge request is created'
do
notification
.
new_merge_request
(
merge_request1
,
@u_disabled
)
should_not_email
(
guest
)
should_email
(
assignee
)
end
it
'filters out guests when merge request is closed'
do
notification
.
close_mr
(
merge_request
,
developer
)
should_not_email
(
guest
)
should_email
(
assignee
)
end
it
'filters out guests when merge request is reopened'
do
notification
.
reopen_mr
(
merge_request
,
developer
)
should_not_email
(
guest
)
should_email
(
assignee
)
end
it
'filters out guests when merge request is merged'
do
notification
.
merge_mr
(
merge_request
,
developer
)
should_not_email
(
guest
)
should_email
(
assignee
)
end
end
def
build_team
(
project
)
@u_watcher
=
create_global_setting_for
(
create
(
:user
),
:watch
)
@u_participating
=
create_global_setting_for
(
create
(
:user
),
:participating
)
...
...
spec/services/todo_service_spec.rb
浏览文件 @
b4004488
...
...
@@ -345,7 +345,7 @@ describe TodoService, services: true do
service
.
new_merge_request
(
mr_assigned
,
author
)
should_create_todo
(
user:
member
,
target:
mr_assigned
,
action:
Todo
::
MENTIONED
)
should_create_todo
(
user:
guest
,
target:
mr_assigned
,
action:
Todo
::
MENTIONED
)
should_
not_
create_todo
(
user:
guest
,
target:
mr_assigned
,
action:
Todo
::
MENTIONED
)
should_create_todo
(
user:
author
,
target:
mr_assigned
,
action:
Todo
::
MENTIONED
)
should_not_create_todo
(
user:
john_doe
,
target:
mr_assigned
,
action:
Todo
::
MENTIONED
)
should_not_create_todo
(
user:
non_member
,
target:
mr_assigned
,
action:
Todo
::
MENTIONED
)
...
...
@@ -357,7 +357,7 @@ describe TodoService, services: true do
service
.
update_merge_request
(
mr_assigned
,
author
)
should_create_todo
(
user:
member
,
target:
mr_assigned
,
action:
Todo
::
MENTIONED
)
should_create_todo
(
user:
guest
,
target:
mr_assigned
,
action:
Todo
::
MENTIONED
)
should_
not_
create_todo
(
user:
guest
,
target:
mr_assigned
,
action:
Todo
::
MENTIONED
)
should_create_todo
(
user:
john_doe
,
target:
mr_assigned
,
action:
Todo
::
MENTIONED
)
should_create_todo
(
user:
author
,
target:
mr_assigned
,
action:
Todo
::
MENTIONED
)
should_not_create_todo
(
user:
non_member
,
target:
mr_assigned
,
action:
Todo
::
MENTIONED
)
...
...
@@ -381,6 +381,7 @@ describe TodoService, services: true do
should_not_create_todo
(
user:
john_doe
,
target:
mr_assigned
,
action:
Todo
::
MENTIONED
)
should_not_create_todo
(
user:
member
,
target:
mr_assigned
,
action:
Todo
::
MENTIONED
)
should_not_create_todo
(
user:
non_member
,
target:
mr_assigned
,
action:
Todo
::
MENTIONED
)
should_not_create_todo
(
user:
guest
,
target:
mr_assigned
,
action:
Todo
::
MENTIONED
)
end
it
'does not raise an error when description not change'
do
...
...
@@ -430,6 +431,11 @@ describe TodoService, services: true do
should_create_todo
(
user:
john_doe
,
target:
mr_assigned
,
author:
john_doe
,
action:
Todo
::
ASSIGNED
)
end
it
'does not create a todo for guests'
do
service
.
reassigned_merge_request
(
mr_assigned
,
author
)
should_not_create_todo
(
user:
guest
,
target:
mr_assigned
,
action:
Todo
::
MENTIONED
)
end
end
describe
'#merge_merge_request'
do
...
...
@@ -441,6 +447,11 @@ describe TodoService, services: true do
expect
(
first_todo
.
reload
).
to
be_done
expect
(
second_todo
.
reload
).
to
be_done
end
it
'does not create todo for guests'
do
service
.
merge_merge_request
(
mr_assigned
,
john_doe
)
should_not_create_todo
(
user:
guest
,
target:
mr_assigned
,
action:
Todo
::
MENTIONED
)
end
end
describe
'#new_award_emoji'
do
...
...
@@ -495,6 +506,13 @@ describe TodoService, services: true do
should_create_todo
(
user:
john_doe
,
target:
mr_unassigned
,
author:
author
,
action:
Todo
::
MENTIONED
,
note:
legacy_diff_note_on_merge_request
)
end
it
'does not create todo for guests'
do
note_on_merge_request
=
create
:note_on_merge_request
,
project:
project
,
noteable:
mr_assigned
,
note:
mentions
service
.
new_note
(
note_on_merge_request
,
author
)
should_not_create_todo
(
user:
guest
,
target:
mr_assigned
,
action:
Todo
::
MENTIONED
)
end
end
end
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录