Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
2fc23617
Commit
2fc23617
authored
May 03, 2013
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #3801 from holdtotherod/feature/internally-public-projects
Internally public projects
parents
f40d4e66
8589f0f4
Changes
8
Show whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
276 additions
and
4 deletions
+276
-4
app/controllers/application_controller.rb
app/controllers/application_controller.rb
+1
-1
app/models/ability.rb
app/models/ability.rb
+1
-1
app/views/projects/_form.html.haml
app/views/projects/_form.html.haml
+3
-1
app/views/public/projects/index.html.haml
app/views/public/projects/index.html.haml
+4
-1
features/project/public_projects.feature
features/project/public_projects.feature
+8
-0
features/steps/project/public_projects.rb
features/steps/project/public_projects.rb
+9
-0
features/steps/shared/paths.rb
features/steps/shared/paths.rb
+8
-0
spec/features/security/project_access_spec.rb
spec/features/security/project_access_spec.rb
+242
-0
No files found.
app/controllers/application_controller.rb
View file @
2fc23617
...
@@ -88,7 +88,7 @@ class ApplicationController < ActionController::Base
...
@@ -88,7 +88,7 @@ class ApplicationController < ActionController::Base
end
end
def
authorize_code_access!
def
authorize_code_access!
return
access_denied!
unless
can?
(
current_user
,
:download_code
,
project
)
return
access_denied!
unless
can?
(
current_user
,
:download_code
,
project
)
or
project
.
public?
end
end
def
authorize_create_team!
def
authorize_create_team!
...
...
app/models/ability.rb
View file @
2fc23617
...
@@ -37,7 +37,7 @@ class Ability
...
@@ -37,7 +37,7 @@ class Ability
elsif
team
.
reporters
.
include?
(
user
)
elsif
team
.
reporters
.
include?
(
user
)
rules
<<
project_report_rules
rules
<<
project_report_rules
elsif
team
.
guests
.
include?
(
user
)
elsif
team
.
guests
.
include?
(
user
)
or
project
.
public?
rules
<<
project_guest_rules
rules
<<
project_guest_rules
end
end
...
...
app/views/projects/_form.html.haml
View file @
2fc23617
...
@@ -48,7 +48,7 @@
...
@@ -48,7 +48,7 @@
Public mode:
Public mode:
.control-group
.control-group
=
f
.
label
:public
,
class:
'control-label'
do
=
f
.
label
:public
,
class:
'control-label'
do
%span
Public
clone
access
%span
Public access
.controls
.controls
=
f
.
check_box
:public
=
f
.
check_box
:public
%span
.descr
%span
.descr
...
@@ -56,6 +56,8 @@
...
@@ -56,6 +56,8 @@
%em
without any
%em
without any
authentication.
authentication.
It will also be listed on the
#{
link_to
"public access directory"
,
public_root_path
}
.
It will also be listed on the
#{
link_to
"public access directory"
,
public_root_path
}
.
%em
Any
user will have
#{
link_to
"Guest"
,
help_permissions_path
}
permissions on the repository.
%fieldset
.features
%fieldset
.features
%legend
%legend
...
...
app/views/public/projects/index.html.haml
View file @
2fc23617
...
@@ -9,6 +9,9 @@
...
@@ -9,6 +9,9 @@
%li
.clearfix
%li
.clearfix
%h5
%h5
%i
.icon-share
%i
.icon-share
-
if
current_user
=
link_to_project
project
-
else
=
project
.
name_with_namespace
=
project
.
name_with_namespace
.pull-right
.pull-right
%pre
.dark.tiny
git clone
#{
project
.
http_url_to_repo
}
%pre
.dark.tiny
git clone
#{
project
.
http_url_to_repo
}
...
...
features/project/public_projects.feature
0 → 100644
View file @
2fc23617
Feature
:
Public Projects
Background
:
Given
I sign in as a user
Scenario
:
I
should see the list of public projects
When
I visit the public projects area
Then
I should see the list of public projects
features/steps/project/public_projects.rb
0 → 100644
View file @
2fc23617
class
PublicProjects
<
Spinach
::
FeatureSteps
include
SharedAuthentication
include
SharedProject
include
SharedPaths
Then
'I should see the list of public projects'
do
page
.
should
have_content
"Public Projects"
end
end
features/steps/shared/paths.rb
View file @
2fc23617
...
@@ -263,6 +263,14 @@ module SharedPaths
...
@@ -263,6 +263,14 @@ module SharedPaths
visit
project_wiki_path
(
@project
,
:home
)
visit
project_wiki_path
(
@project
,
:home
)
end
end
# ----------------------------------------
# Public Projects
# ----------------------------------------
Given
'I visit the public projects area'
do
visit
public_root_path
end
def
root_ref
def
root_ref
@project
.
repository
.
root_ref
@project
.
repository
.
root_ref
end
end
...
...
spec/features/security/project_access_spec.rb
View file @
2fc23617
...
@@ -229,4 +229,246 @@ describe "Application access" do
...
@@ -229,4 +229,246 @@ describe "Application access" do
it
{
should
be_denied_for
:visitor
}
it
{
should
be_denied_for
:visitor
}
end
end
end
end
describe
"PublicProject"
do
let
(
:project
)
{
create
(
:project_with_code
)
}
let
(
:master
)
{
create
(
:user
)
}
let
(
:guest
)
{
create
(
:user
)
}
let
(
:reporter
)
{
create
(
:user
)
}
let
(
:admin
)
{
create
(
:user
)
}
before
do
# public project
project
.
public
=
true
project
.
save!
# full access
project
.
team
<<
[
master
,
:master
]
# readonly
project
.
team
<<
[
reporter
,
:reporter
]
end
describe
"Project should be public"
do
subject
{
project
}
its
(
:public?
)
{
should
be_true
}
end
describe
"GET /project_code"
do
subject
{
project_path
(
project
)
}
it
{
should
be_allowed_for
master
}
it
{
should
be_allowed_for
reporter
}
it
{
should
be_allowed_for
admin
}
it
{
should
be_allowed_for
guest
}
it
{
should
be_allowed_for
:user
}
it
{
should
be_denied_for
:visitor
}
end
describe
"GET /project_code/tree/master"
do
subject
{
project_tree_path
(
project
,
project
.
repository
.
root_ref
)
}
it
{
should
be_allowed_for
master
}
it
{
should
be_allowed_for
reporter
}
it
{
should
be_allowed_for
:admin
}
it
{
should
be_allowed_for
guest
}
it
{
should
be_allowed_for
:user
}
it
{
should
be_denied_for
:visitor
}
end
describe
"GET /project_code/commits/master"
do
subject
{
project_commits_path
(
project
,
project
.
repository
.
root_ref
,
limit:
1
)
}
it
{
should
be_allowed_for
master
}
it
{
should
be_allowed_for
reporter
}
it
{
should
be_allowed_for
:admin
}
it
{
should
be_allowed_for
guest
}
it
{
should
be_allowed_for
:user
}
it
{
should
be_denied_for
:visitor
}
end
describe
"GET /project_code/commit/:sha"
do
subject
{
project_commit_path
(
project
,
project
.
repository
.
commit
)
}
it
{
should
be_allowed_for
master
}
it
{
should
be_allowed_for
reporter
}
it
{
should
be_allowed_for
:admin
}
it
{
should
be_allowed_for
guest
}
it
{
should
be_allowed_for
:user
}
it
{
should
be_denied_for
:visitor
}
end
describe
"GET /project_code/compare"
do
subject
{
project_compare_index_path
(
project
)
}
it
{
should
be_allowed_for
master
}
it
{
should
be_allowed_for
reporter
}
it
{
should
be_allowed_for
:admin
}
it
{
should
be_allowed_for
guest
}
it
{
should
be_allowed_for
:user
}
it
{
should
be_denied_for
:visitor
}
end
describe
"GET /project_code/team"
do
subject
{
project_team_index_path
(
project
)
}
it
{
should
be_allowed_for
master
}
it
{
should
be_allowed_for
reporter
}
it
{
should
be_allowed_for
:admin
}
it
{
should
be_allowed_for
guest
}
it
{
should
be_allowed_for
:user
}
it
{
should
be_denied_for
:visitor
}
end
describe
"GET /project_code/wall"
do
subject
{
project_wall_path
(
project
)
}
it
{
should
be_allowed_for
master
}
it
{
should
be_allowed_for
reporter
}
it
{
should
be_allowed_for
:admin
}
it
{
should
be_allowed_for
guest
}
it
{
should
be_allowed_for
:user
}
it
{
should
be_denied_for
:visitor
}
end
describe
"GET /project_code/blob"
do
before
do
commit
=
project
.
repository
.
commit
path
=
commit
.
tree
.
contents
.
select
{
|
i
|
i
.
is_a?
(
Grit
::
Blob
)}.
first
.
name
@blob_path
=
project_blob_path
(
project
,
File
.
join
(
commit
.
id
,
path
))
end
it
{
@blob_path
.
should
be_allowed_for
master
}
it
{
@blob_path
.
should
be_allowed_for
reporter
}
it
{
@blob_path
.
should
be_allowed_for
:admin
}
it
{
@blob_path
.
should
be_allowed_for
guest
}
it
{
@blob_path
.
should
be_allowed_for
:user
}
it
{
@blob_path
.
should
be_denied_for
:visitor
}
end
describe
"GET /project_code/edit"
do
subject
{
edit_project_path
(
project
)
}
it
{
should
be_allowed_for
master
}
it
{
should
be_denied_for
reporter
}
it
{
should
be_allowed_for
:admin
}
it
{
should
be_denied_for
guest
}
it
{
should
be_denied_for
:user
}
it
{
should
be_denied_for
:visitor
}
end
describe
"GET /project_code/deploy_keys"
do
subject
{
project_deploy_keys_path
(
project
)
}
it
{
should
be_allowed_for
master
}
it
{
should
be_denied_for
reporter
}
it
{
should
be_allowed_for
:admin
}
it
{
should
be_denied_for
guest
}
it
{
should
be_denied_for
:user
}
it
{
should
be_denied_for
:visitor
}
end
describe
"GET /project_code/issues"
do
subject
{
project_issues_path
(
project
)
}
it
{
should
be_allowed_for
master
}
it
{
should
be_allowed_for
reporter
}
it
{
should
be_allowed_for
:admin
}
it
{
should
be_allowed_for
guest
}
it
{
should
be_allowed_for
:user
}
it
{
should
be_denied_for
:visitor
}
end
describe
"GET /project_code/snippets"
do
subject
{
project_snippets_path
(
project
)
}
it
{
should
be_allowed_for
master
}
it
{
should
be_allowed_for
reporter
}
it
{
should
be_allowed_for
:admin
}
it
{
should
be_allowed_for
guest
}
it
{
should
be_allowed_for
:user
}
it
{
should
be_denied_for
:visitor
}
end
describe
"GET /project_code/snippets/new"
do
subject
{
new_project_snippet_path
(
project
)
}
it
{
should
be_allowed_for
master
}
it
{
should
be_allowed_for
reporter
}
it
{
should
be_allowed_for
:admin
}
it
{
should
be_denied_for
guest
}
it
{
should
be_denied_for
:user
}
it
{
should
be_denied_for
:visitor
}
end
describe
"GET /project_code/merge_requests"
do
subject
{
project_merge_requests_path
(
project
)
}
it
{
should
be_allowed_for
master
}
it
{
should
be_allowed_for
reporter
}
it
{
should
be_allowed_for
:admin
}
it
{
should
be_allowed_for
guest
}
it
{
should
be_allowed_for
:user
}
it
{
should
be_denied_for
:visitor
}
end
describe
"GET /project_code/repository"
do
subject
{
project_repository_path
(
project
)
}
it
{
should
be_allowed_for
master
}
it
{
should
be_allowed_for
reporter
}
it
{
should
be_allowed_for
:admin
}
it
{
should
be_allowed_for
guest
}
it
{
should
be_allowed_for
:user
}
it
{
should
be_denied_for
:visitor
}
end
describe
"GET /project_code/repository/branches"
do
subject
{
branches_project_repository_path
(
project
)
}
before
do
# Speed increase
Project
.
any_instance
.
stub
(
:branches
).
and_return
([])
end
it
{
should
be_allowed_for
master
}
it
{
should
be_allowed_for
reporter
}
it
{
should
be_allowed_for
:admin
}
it
{
should
be_allowed_for
guest
}
it
{
should
be_allowed_for
:user
}
it
{
should
be_denied_for
:visitor
}
end
describe
"GET /project_code/repository/tags"
do
subject
{
tags_project_repository_path
(
project
)
}
before
do
# Speed increase
Project
.
any_instance
.
stub
(
:tags
).
and_return
([])
end
it
{
should
be_allowed_for
master
}
it
{
should
be_allowed_for
reporter
}
it
{
should
be_allowed_for
:admin
}
it
{
should
be_allowed_for
guest
}
it
{
should
be_allowed_for
:user
}
it
{
should
be_denied_for
:visitor
}
end
describe
"GET /project_code/hooks"
do
subject
{
project_hooks_path
(
project
)
}
it
{
should
be_allowed_for
master
}
it
{
should
be_allowed_for
reporter
}
it
{
should
be_allowed_for
:admin
}
it
{
should
be_allowed_for
guest
}
it
{
should
be_allowed_for
:user
}
it
{
should
be_denied_for
:visitor
}
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment