Skip to content

G
gitlab-ce
Commit 009e2ed1 authored by Robert Speicher's avatar Robert Speicher Committed by Yorick Peterse
Browse files
Options

Merge branch '15513-fix-undefined-can-method' into 'master' 

Use the `can?` helper instead of `current_user.can?`

Fixes #15513.

See merge request !3882
parent 9c1087ef
Hide whitespace changes
Inline Side-by-side
Showing with 26 additions and 1 deletion
CHANGELOG
View file @ 009e2ed1
Please view this file on the master branch, on stable branches it's out of date. Please view this file on the master branch, on stable branches it's out of date.
v 8.8.0 (unreleased)
v 8.7.1 (unreleased)
- Use the `can?` helper instead of `current_user.can?`
v 8.7.0 v 8.7.0
- Gitlab::GitAccess and Gitlab::GitAccessWiki are now instrumented - Gitlab::GitAccess and Gitlab::GitAccessWiki are now instrumented
- Fix vulnerability that made it possible to gain access to private labels and milestones - Fix vulnerability that made it possible to gain access to private labels and milestones
......
app/views/projects/project_members/_shared_group_members.html.haml
View file @ 009e2ed1
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
group, members with group, members with
%strong #{group_links.human_access} %strong #{group_links.human_access}
role (#{shared_group_users_count}) role (#{shared_group_users_count})
- if current_user.can?(:admin_group, shared_group) - if can?(current_user, :admin_group, shared_group)
.panel-head-actions .panel-head-actions
= link_to group_group_members_path(shared_group), class: 'btn btn-sm' do = link_to group_group_members_path(shared_group), class: 'btn btn-sm' do
%i.fa.fa-pencil-square-o %i.fa.fa-pencil-square-o
......
spec/features/projects/members/anonymous_user_sees_members_spec.rb 0 → 100644
View file @ 009e2ed1
require 'spec_helper'
feature 'Projects > Members > Anonymous user sees members', feature: true do
let(:user) { create(:user) }
let(:group) { create(:group, :public) }
let(:project) { create(:empty_project, :public) }
background do
project.team << [user, :master]
create(:project_group_link, project: project, group: group)
end
scenario "anonymous user visits the project's members page and sees the list of members" do
visit namespace_project_project_members_path(project.namespace, project)
expect(current_path).to eq(
namespace_project_project_members_path(project.namespace, project))
expect(page).to have_content(user.name)
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7