Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
b21980bf
Commit
b21980bf
authored
Jun 15, 2016
by
Rémy Coutable
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix permission checks in member row
Signed-off-by:
Rémy Coutable
<
remy@rymai.me
>
parent
56ca4859
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
3 additions
and
24 deletions
+3
-24
app/helpers/members_helper.rb
app/helpers/members_helper.rb
+0
-6
app/views/shared/members/_member.html.haml
app/views/shared/members/_member.html.haml
+3
-2
spec/helpers/members_helper_spec.rb
spec/helpers/members_helper_spec.rb
+0
-16
No files found.
app/helpers/members_helper.rb
View file @
b21980bf
...
...
@@ -6,12 +6,6 @@ module MembersHelper
"
#{
action
}
_
#{
member
.
type
.
underscore
}
"
.
to_sym
end
def
can_see_member_roles?
(
source
:,
user:
nil
)
return
false
unless
user
user
.
is_admin?
||
source
.
members
.
exists?
(
user_id:
user
.
id
)
end
def
remove_member_message
(
member
,
user:
nil
)
user
=
current_user
if
defined?
(
current_user
)
...
...
app/views/shared/members/_member.html.haml
View file @
b21980bf
-
show_roles
=
local_assigns
.
fetch
(
:show_roles
,
true
)
-
default_show_roles
=
can?
(
current_user
,
action_member_permission
(
:update
,
member
),
member
)
||
can?
(
current_user
,
action_member_permission
(
:destroy
,
member
),
member
)
-
show_roles
=
local_assigns
.
fetch
(
:show_roles
,
default_show_roles
)
-
show_controls
=
local_assigns
.
fetch
(
:show_controls
,
true
)
-
user
=
member
.
user
...
...
@@ -36,7 +37,7 @@
method: :post
,
class:
'btn-xs btn'
-
if
show_roles
&&
can_see_member_roles?
(
source:
member
.
source
,
user:
current_user
)
-
if
show_roles
%span
.pull-right
%strong
=
member
.
human_access
-
if
show_controls
...
...
spec/helpers/members_helper_spec.rb
View file @
b21980bf
...
...
@@ -9,22 +9,6 @@ describe MembersHelper do
it
{
expect
(
action_member_permission
(
:admin
,
group_member
)).
to
eq
:admin_group_member
}
end
describe
'#can_see_member_roles?'
do
let
(
:project
)
{
create
(
:empty_project
)
}
let
(
:group
)
{
create
(
:group
)
}
let
(
:user
)
{
build
(
:user
)
}
let
(
:admin
)
{
build
(
:user
,
:admin
)
}
let
(
:project_member
)
{
create
(
:project_member
,
project:
project
)
}
let
(
:group_member
)
{
create
(
:group_member
,
group:
group
)
}
it
{
expect
(
can_see_member_roles?
(
source:
project
,
user:
nil
)).
to
be_falsy
}
it
{
expect
(
can_see_member_roles?
(
source:
group
,
user:
nil
)).
to
be_falsy
}
it
{
expect
(
can_see_member_roles?
(
source:
project
,
user:
admin
)).
to
be_truthy
}
it
{
expect
(
can_see_member_roles?
(
source:
group
,
user:
admin
)).
to
be_truthy
}
it
{
expect
(
can_see_member_roles?
(
source:
project
,
user:
project_member
.
user
)).
to
be_truthy
}
it
{
expect
(
can_see_member_roles?
(
source:
group
,
user:
group_member
.
user
)).
to
be_truthy
}
end
describe
'#remove_member_message'
do
let
(
:requester
)
{
build
(
:user
)
}
let
(
:project
)
{
create
(
:project
)
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment