Skip to content

G
gitlab-ce
Commit f329d34f authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets
Browse files
Options

Fix group projects fetch 

Signed-off-by: default avatarDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
parent 8f259c5e
Hide whitespace changes
Inline Side-by-side
Showing with 15 additions and 3 deletions
app/controllers/groups_controller.rb
View file @ f329d34f
......@@ -5,7 +5,7 @@ class GroupsController < ApplicationController
# Authorize
before_filter :authorize_read_group!, except: [:new, :create]
before_filter :authorize_admin_group!, only: [:edit, :update, :destroy]
before_filter :authorize_admin_group!, only: [:edit, :update, :destroy, :projects]
before_filter :authorize_create_group!, only: [:new, :create]
# Load group projects
......@@ -108,12 +108,12 @@ class GroupsController < ApplicationController
end
def project_ids
projects.pluck(:id)
@projects.pluck(:id)
end
# Dont allow unauthorized access to group
def authorize_read_group!
unless @group and (projects.present? or can?(current_user, :read_group, @group))
unless @group and (@projects.present? or can?(current_user, :read_group, @group))
if current_user.nil?
return authenticate_user!
else
......
spec/features/security/group/group_access_spec.rb
View file @ f329d34f
......@@ -82,5 +82,17 @@ describe "Group access", feature: true do
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /groups/:path/projects" do
subject { projects_group_path(group) }
it { should be_allowed_for owner }
it { should be_denied_for master }
it { should be_denied_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7