Commit b21980bf authored by Rémy Coutable's avatar Rémy Coutable

Fix permission checks in member row

Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
parent 56ca4859
......@@ -6,12 +6,6 @@ module MembersHelper
"#{action}_#{member.type.underscore}".to_sym
end
def can_see_member_roles?(source:, user: nil)
return false unless user
user.is_admin? || source.members.exists?(user_id: user.id)
end
def remove_member_message(member, user: nil)
user = current_user if defined?(current_user)
......
- show_roles = local_assigns.fetch(:show_roles, true)
- default_show_roles = can?(current_user, action_member_permission(:update, member), member) || can?(current_user, action_member_permission(:destroy, member), member)
- show_roles = local_assigns.fetch(:show_roles, default_show_roles)
- show_controls = local_assigns.fetch(:show_controls, true)
- user = member.user
......@@ -36,7 +37,7 @@
method: :post,
class: 'btn-xs btn'
- if show_roles && can_see_member_roles?(source: member.source, user: current_user)
- if show_roles
%span.pull-right
%strong= member.human_access
- if show_controls
......
......@@ -9,22 +9,6 @@ describe MembersHelper do
it { expect(action_member_permission(:admin, group_member)).to eq :admin_group_member }
end
describe '#can_see_member_roles?' do
let(:project) { create(:empty_project) }
let(:group) { create(:group) }
let(:user) { build(:user) }
let(:admin) { build(:user, :admin) }
let(:project_member) { create(:project_member, project: project) }
let(:group_member) { create(:group_member, group: group) }
it { expect(can_see_member_roles?(source: project, user: nil)).to be_falsy }
it { expect(can_see_member_roles?(source: group, user: nil)).to be_falsy }
it { expect(can_see_member_roles?(source: project, user: admin)).to be_truthy }
it { expect(can_see_member_roles?(source: group, user: admin)).to be_truthy }
it { expect(can_see_member_roles?(source: project, user: project_member.user)).to be_truthy }
it { expect(can_see_member_roles?(source: group, user: group_member.user)).to be_truthy }
end
describe '#remove_member_message' do
let(:requester) { build(:user) }
let(:project) { create(:project) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment