Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
951e3459
Commit
951e3459
authored
Apr 22, 2016
by
Rémy Coutable
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Use the `can?` helper instead of `current_user.can?`
Fixes #15513. Signed-off-by:
Rémy Coutable
<
remy@rymai.me
>
parent
d5398e96
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
25 additions
and
2 deletions
+25
-2
CHANGELOG
CHANGELOG
+4
-1
app/views/projects/project_members/_shared_group_members.html.haml
.../projects/project_members/_shared_group_members.html.haml
+1
-1
spec/features/projects/members/anonymous_user_sees_members_spec.rb
...ures/projects/members/anonymous_user_sees_members_spec.rb
+20
-0
No files found.
CHANGELOG
View file @
951e3459
...
@@ -2,7 +2,10 @@ Please view this file on the master branch, on stable branches it's out of date.
...
@@ -2,7 +2,10 @@ Please view this file on the master branch, on stable branches it's out of date.
v 8.8.0 (unreleased)
v 8.8.0 (unreleased)
v 8.7.0 (unreleased)
v 8.7.1 (unreleased)
- Use the `can?` helper instead of `current_user.can?`
v 8.7.0
- Gitlab::GitAccess and Gitlab::GitAccessWiki are now instrumented
- Gitlab::GitAccess and Gitlab::GitAccessWiki are now instrumented
- Fix vulnerability that made it possible to gain access to private labels and milestones
- Fix vulnerability that made it possible to gain access to private labels and milestones
- The number of InfluxDB points stored per UDP packet can now be configured
- The number of InfluxDB points stored per UDP packet can now be configured
...
...
app/views/projects/project_members/_shared_group_members.html.haml
View file @
951e3459
...
@@ -8,7 +8,7 @@
...
@@ -8,7 +8,7 @@
group, members with
group, members with
%strong
#{
group_links
.
human_access
}
%strong
#{
group_links
.
human_access
}
role (
#{
shared_group_users_count
}
)
role (
#{
shared_group_users_count
}
)
-
if
c
urrent_user
.
can?
(
:admin_group
,
shared_group
)
-
if
c
an?
(
current_user
,
:admin_group
,
shared_group
)
.panel-head-actions
.panel-head-actions
=
link_to
group_group_members_path
(
shared_group
),
class:
'btn btn-sm'
do
=
link_to
group_group_members_path
(
shared_group
),
class:
'btn btn-sm'
do
%i
.fa.fa-pencil-square-o
%i
.fa.fa-pencil-square-o
...
...
spec/features/projects/members/anonymous_user_sees_members_spec.rb
0 → 100644
View file @
951e3459
require
'spec_helper'
feature
'Projects > Members > Anonymous user sees members'
,
feature:
true
do
let
(
:user
)
{
create
(
:user
)
}
let
(
:group
)
{
create
(
:group
,
:public
)
}
let
(
:project
)
{
create
(
:empty_project
,
:public
)
}
background
do
project
.
team
<<
[
user
,
:master
]
create
(
:project_group_link
,
project:
project
,
group:
group
)
end
scenario
"anonymous user visits the project's members page and sees the list of members"
do
visit
namespace_project_project_members_path
(
project
.
namespace
,
project
)
expect
(
current_path
).
to
eq
(
namespace_project_project_members_path
(
project
.
namespace
,
project
))
expect
(
page
).
to
have_content
(
user
.
name
)
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment