Commit ad8a859b authored by Sean McGivern's avatar Sean McGivern

Merge branch '52545-guest-create-issue-in-group-board' into 'master'

Resolve "Adding issues from group/project board is not allowed for project-level users"

See merge request gitlab-org/gitlab-ce!22557
parents 8325a1fc fdb46c55
...@@ -53,6 +53,9 @@ export default Vue.extend({ ...@@ -53,6 +53,9 @@ export default Vue.extend({
const { issuesSize } = this.list; const { issuesSize } = this.list;
return `${n__('%d issue', '%d issues', issuesSize)}`; return `${n__('%d issue', '%d issues', issuesSize)}`;
}, },
isNewIssueShown() {
return this.list.type === 'backlog' || (!this.disabled && this.list.type !== 'closed');
}
}, },
watch: { watch: {
filter: { filter: {
......
...@@ -46,7 +46,7 @@ export default { ...@@ -46,7 +46,7 @@ export default {
selectable: true, selectable: true,
data: (term, callback) => { data: (term, callback) => {
this.loading = true; this.loading = true;
return Api.groupProjects(this.groupId, term, {}, projects => { return Api.groupProjects(this.groupId, term, {with_issues_enabled: true}, projects => {
this.loading = false; this.loading = false;
callback(projects); callback(projects);
}); });
......
...@@ -50,7 +50,10 @@ module BoardsResponses ...@@ -50,7 +50,10 @@ module BoardsResponses
end end
def authorize_create_issue def authorize_create_issue
authorize_action_for!(project, :admin_issue) list = List.find(issue_params[:list_id])
action = list.backlog? ? :create_issue : :admin_issue
authorize_action_for!(project, action)
end end
def authorize_admin_list def authorize_admin_list
......
...@@ -39,10 +39,9 @@ ...@@ -39,10 +39,9 @@
{{ list.issuesSize }} {{ list.issuesSize }}
= render_if_exists "shared/boards/components/list_weight" = render_if_exists "shared/boards/components/list_weight"
- if can?(current_user, :admin_list, current_board_parent)
%button.issue-count-badge-add-button.btn.btn-sm.btn-default.ml-1.has-tooltip.js-no-trigger-collapse{ type: "button", %button.issue-count-badge-add-button.btn.btn-sm.btn-default.ml-1.has-tooltip.js-no-trigger-collapse{ type: "button",
"@click" => "showNewIssueForm", "@click" => "showNewIssueForm",
"v-if" => 'list.type !== "closed"', "v-if" => "isNewIssueShown",
"aria-label" => _("New issue"), "aria-label" => _("New issue"),
"title" => _("New issue"), "title" => _("New issue"),
data: { placement: "top", container: "body" } } data: { placement: "top", container: "body" } }
......
---
title: Always show new issue button in boards' Open list
merge_request: 22557
author: Heinrich Lee Yu
type: fixed
...@@ -208,13 +208,24 @@ describe Boards::IssuesController do ...@@ -208,13 +208,24 @@ describe Boards::IssuesController do
end end
end end
context 'with unauthorized user' do context 'with guest user' do
context 'in open list' do
it 'returns a successful 200 response' do
open_list = board.lists.create(list_type: :backlog)
create_issue user: guest, board: board, list: open_list, title: 'New issue'
expect(response).to have_gitlab_http_status(200)
end
end
context 'in label list' do
it 'returns a forbidden 403 response' do it 'returns a forbidden 403 response' do
create_issue user: guest, board: board, list: list1, title: 'New issue' create_issue user: guest, board: board, list: list1, title: 'New issue'
expect(response).to have_gitlab_http_status(403) expect(response).to have_gitlab_http_status(403)
end end
end end
end
def create_issue(user:, board:, list:, title:) def create_issue(user:, board:, list:, title:)
sign_in(user) sign_in(user)
......
...@@ -94,8 +94,14 @@ describe 'Issue Boards new issue', :js do ...@@ -94,8 +94,14 @@ describe 'Issue Boards new issue', :js do
wait_for_requests wait_for_requests
end end
it 'does not display new issue button' do it 'displays new issue button in open list' do
expect(page).to have_selector('.issue-count-badge-add-button', count: 0) expect(first('.board')).to have_selector('.issue-count-badge-add-button', count: 1)
end
it 'does not display new issue button in label list' do
page.within('.board:nth-child(2)') do
expect(page).not_to have_selector('.issue-count-badge-add-button')
end
end end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment