Commit f1fd4787 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'epic/public_projects' of /home/git/repositories/gitlab/gitlabhq

parents a3c80673 e8292e73
v 6.2.0
- Public projects are visible from the outside
v 6.1.0 v 6.1.0
- Project specific IDs for issues, mr, milestones - Project specific IDs for issues, mr, milestones
Above items will get a new id and for example all bookmarked issue urls will change. Above items will get a new id and for example all bookmarked issue urls will change.
......
...@@ -382,3 +382,8 @@ table { ...@@ -382,3 +382,8 @@ table {
width: 50px; width: 50px;
min-height: 100px; min-height: 100px;
} }
.navbar-gitlab .navbar-inner .nav > li .btn-sign-in {
@extend .btn-new;
padding: 5px 15px;
}
/* Login Page */ /* Login Page */
body.login-page{ body.login-page{
background: #474D57; .container > .content {
.container .content { padding-top: 4%; } padding-top: 20px;
}
} }
.login-box{ .login-box{
......
...@@ -79,21 +79,6 @@ ul.nav.nav-projects-tabs { ...@@ -79,21 +79,6 @@ ul.nav.nav-projects-tabs {
margin: 0px; margin: 0px;
} }
.public-projects {
li {
.project-title {
font-size: 14px;
line-height: 2;
font-weight: normal;
}
.description {
margin-left: 15px;
color: #aaa;
}
}
}
.my-projects { .my-projects {
li { li {
.project-title { .project-title {
...@@ -110,7 +95,6 @@ ul.nav.nav-projects-tabs { ...@@ -110,7 +95,6 @@ ul.nav.nav-projects-tabs {
} }
} }
.public-clone { .public-clone {
background: #333; background: #333;
color: #f5f5f5; color: #f5f5f5;
...@@ -123,3 +107,11 @@ ul.nav.nav-projects-tabs { ...@@ -123,3 +107,11 @@ ul.nav.nav-projects-tabs {
position: relative; position: relative;
top: -5px; top: -5px;
} }
.public-projects .repo-info {
color: #777;
a {
color: #777;
}
}
...@@ -33,8 +33,8 @@ class ProfilesController < ApplicationController ...@@ -33,8 +33,8 @@ class ProfilesController < ApplicationController
end end
def update_password def update_password
params[:user].select! do |key, value| password_attributes = params[:user].select do |key, value|
%w(current_password password password_confirmation).include?(key.to_s) %w(password password_confirmation).include?(key.to_s)
end end
unless @user.valid_password?(params[:user][:current_password]) unless @user.valid_password?(params[:user][:current_password])
...@@ -42,7 +42,7 @@ class ProfilesController < ApplicationController ...@@ -42,7 +42,7 @@ class ProfilesController < ApplicationController
return return
end end
if @user.update_attributes(params[:user]) if @user.update_attributes(password_attributes)
flash[:notice] = "Password was successfully updated. Please login with it" flash[:notice] = "Password was successfully updated. Please login with it"
redirect_to new_user_session_path redirect_to new_user_session_path
else else
......
class Projects::ApplicationController < ApplicationController class Projects::ApplicationController < ApplicationController
before_filter :project before_filter :project
before_filter :repository before_filter :repository
layout 'projects' layout :determine_layout
def authenticate_user!
# Restrict access to Projects area only
# for non-signed users
if !current_user
id = params[:project_id] || params[:id]
@project = Project.find_with_namespace(id)
return if @project && @project.public
end
super
end
def determine_layout
if current_user
'projects'
else
'public_projects'
end
end
end end
class Projects::HooksController < Projects::ApplicationController class Projects::HooksController < Projects::ApplicationController
# Authorize # Authorize
before_filter :authorize_read_project! before_filter :authorize_admin_project!
before_filter :authorize_admin_project!, only: [:new, :create, :destroy]
respond_to :html respond_to :html
......
...@@ -14,8 +14,6 @@ class Projects::SnippetsController < Projects::ApplicationController ...@@ -14,8 +14,6 @@ class Projects::SnippetsController < Projects::ApplicationController
# Allow destroy snippet # Allow destroy snippet
before_filter :authorize_admin_project_snippet!, only: [:destroy] before_filter :authorize_admin_project_snippet!, only: [:destroy]
layout 'projects'
respond_to :html respond_to :html
def index def index
......
class Projects::TeamMembersController < Projects::ApplicationController class Projects::TeamMembersController < Projects::ApplicationController
# Authorize # Authorize
before_filter :authorize_read_project! before_filter :authorize_admin_project!
before_filter :authorize_admin_project!, except: [:index, :show]
layout "project_settings" layout "project_settings"
......
class ProjectsController < Projects::ApplicationController class ProjectsController < ApplicationController
skip_before_filter :project, only: [:new, :create] skip_before_filter :authenticate_user!, only: [:show]
skip_before_filter :repository, only: [:new, :create] before_filter :project, except: [:new, :create]
before_filter :repository, except: [:new, :create]
# Authorize # Authorize
before_filter :authorize_read_project!, except: [:index, :new, :create] before_filter :authorize_read_project!, except: [:index, :new, :create]
...@@ -54,8 +55,9 @@ class ProjectsController < Projects::ApplicationController ...@@ -54,8 +55,9 @@ class ProjectsController < Projects::ApplicationController
end end
def show def show
limit = (params[:limit] || 20).to_i return authenticate_user! unless @project.public || current_user
limit = (params[:limit] || 20).to_i
@events = @project.events.recent @events = @project.events.recent
@events = event_filter.apply_filter(@events) @events = event_filter.apply_filter(@events)
@events = @events.limit(limit).offset(params[:offset] || 0) @events = @events.limit(limit).offset(params[:offset] || 0)
...@@ -67,10 +69,12 @@ class ProjectsController < Projects::ApplicationController ...@@ -67,10 +69,12 @@ class ProjectsController < Projects::ApplicationController
respond_to do |format| respond_to do |format|
format.html do format.html do
if @project.empty_repo? if @project.empty_repo?
render "projects/empty" render "projects/empty", layout: user_layout
else else
if current_user
@last_push = current_user.recent_push(@project.id) @last_push = current_user.recent_push(@project.id)
render :show end
render :show, layout: user_layout
end end
end end
format.js format.js
...@@ -121,4 +125,8 @@ class ProjectsController < Projects::ApplicationController ...@@ -121,4 +125,8 @@ class ProjectsController < Projects::ApplicationController
def set_title def set_title
@title = 'New Project' @title = 'New Project'
end end
def user_layout
current_user ? "projects" : "public_projects"
end
end end
...@@ -10,17 +10,4 @@ class Public::ProjectsController < ApplicationController ...@@ -10,17 +10,4 @@ class Public::ProjectsController < ApplicationController
@projects = @projects.search(params[:search]) if params[:search].present? @projects = @projects.search(params[:search]) if params[:search].present?
@projects = @projects.includes(:namespace).order("namespaces.path, projects.name ASC").page(params[:page]).per(20) @projects = @projects.includes(:namespace).order("namespaces.path, projects.name ASC").page(params[:page]).per(20)
end end
def show
@project = Project.public_only.find_with_namespace(params[:id])
render_404 and return unless @project
@repository = @project.repository
unless @project.empty_repo?
@recent_tags = @repository.tags.first(10)
@commit = @repository.commit(params[:ref])
@tree = Tree.new(@repository, @commit.id)
end
end
end end
...@@ -90,6 +90,8 @@ module ApplicationHelper ...@@ -90,6 +90,8 @@ module ApplicationHelper
end end
def search_autocomplete_source def search_autocomplete_source
return unless current_user
projects = current_user.authorized_projects.map { |p| { label: "project: #{simple_sanitize(p.name_with_namespace)}", url: project_path(p) } } projects = current_user.authorized_projects.map { |p| { label: "project: #{simple_sanitize(p.name_with_namespace)}", url: project_path(p) } }
groups = current_user.authorized_groups.map { |group| { label: "group: #{simple_sanitize(group.name)}", url: group_path(group) } } groups = current_user.authorized_groups.map { |group| { label: "group: #{simple_sanitize(group.name)}", url: group_path(group) } }
......
...@@ -103,4 +103,20 @@ module ProjectsHelper ...@@ -103,4 +103,20 @@ module ProjectsHelper
nav_tabs.flatten nav_tabs.flatten
end end
def git_user_name
if current_user
current_user.name
else
"Your name"
end
end
def git_user_email
if current_user
current_user.email
else
"your@email.com"
end
end
end end
class Ability class Ability
class << self class << self
def allowed(user, subject) def allowed(user, subject)
return not_auth_abilities(user, subject) if user.nil?
return [] unless user.kind_of?(User) return [] unless user.kind_of?(User)
return [] if user.blocked? return [] if user.blocked?
...@@ -17,6 +18,34 @@ class Ability ...@@ -17,6 +18,34 @@ class Ability
end.concat(global_abilities(user)) end.concat(global_abilities(user))
end end
# List of possible abilities
# for non-authenticated user
def not_auth_abilities(user, subject)
project = if subject.kind_of?(Project)
subject
elsif subject.respond_to?(:project)
subject.project
else
nil
end
if project && project.public
[
:read_project,
:read_wiki,
:read_issue,
:read_milestone,
:read_project_snippet,
:read_team_member,
:read_merge_request,
:read_note,
:download_code
]
else
[]
end
end
def global_abilities(user) def global_abilities(user)
rules = [] rules = []
rules << :create_group if user.can_create_group rules << :create_group if user.can_create_group
...@@ -58,19 +87,9 @@ class Ability ...@@ -58,19 +87,9 @@ class Ability
end end
def public_project_rules def public_project_rules
[ project_guest_rules + [
:download_code, :download_code,
:fork_project, :fork_project,
:read_project,
:read_wiki,
:read_issue,
:read_milestone,
:read_project_snippet,
:read_team_member,
:read_merge_request,
:read_note,
:write_issue,
:write_note
] ]
end end
...@@ -135,7 +154,7 @@ class Ability ...@@ -135,7 +154,7 @@ class Ability
def group_abilities user, group def group_abilities user, group
rules = [] rules = []
if group.users.include?(user) if group.users.include?(user) || user.admin?
rules << :read_group rules << :read_group
end end
......
...@@ -32,6 +32,10 @@ class Group < Namespace ...@@ -32,6 +32,10 @@ class Group < Namespace
end end
end end
def add_user(user, group_access)
self.users_groups.create(user_id: user.id, group_access: group_access)
end
def change_owner(user) def change_owner(user)
self.owner = user self.owner = user
membership = users_groups.where(user_id: user.id).first membership = users_groups.where(user_id: user.id).first
......
%header.navbar.navbar-static-top.navbar-gitlab
.navbar-inner
.container
%div.app_logo
%span.separator
= link_to public_root_path, class: "home" do
%h1 GITLAB
%span.separator
%h1.project_name
- if @project
= project_title(@project)
- else
Public Projects
%ul.nav
%li
%a
%div.hide.turbolink-spinner
%i.icon-refresh.icon-spin
Loading...
%li
= link_to "Sign in", new_session_path(:user), class: 'btn btn-sign-in'
...@@ -6,5 +6,10 @@ ...@@ -6,5 +6,10 @@
.container .container
.content .content
%center %center
= image_tag image_path "login-logo.png" %h1 GitLab
%p.light
GitLab is open source software to collaborate on code.
%br
#{link_to "Sign in", new_user_session_path} or browse for #{link_to "public projects", public_projects_path}.
%hr
= yield = yield
!!! 5 !!! 5
%html{ lang: "en"} %html{ lang: "en"}
= render "layouts/head", title: "Public Projects" = render "layouts/head", title: "Public Projects"
%body{class: "#{app_theme} application", :'data-page' => body_data_page} %body{class: "ui_mars application", :'data-page' => body_data_page}
- if current_user - if current_user
= render "layouts/head_panel", title: "Public Projects" = render "layouts/head_panel", title: "Public Projects"
- else - else
%header.navbar.navbar-static-top.navbar-gitlab = render "layouts/public_head_panel"
.navbar-inner
.container
%div.app_logo
%span.separator
= link_to public_root_path, class: "home" do
%h1 GITLAB
%span.separator
%h1.project_name Public Projects
%ul.nav
%li
%a
%div.hide.turbolink-spinner
%i.icon-refresh.icon-spin
Loading...
%li
= link_to "Sign in", new_session_path(:user)
.container.navless-container .container.navless-container
.content .content= yield
= yield
!!! 5
%html{ lang: "en"}
= render "layouts/head", title: @project.name_with_namespace
%body{class: "ui_mars application", :'data-page' => body_data_page}
= render "layouts/public_head_panel"
%nav.main-nav
.container= render 'layouts/nav/project'
.container
.content= yield
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
.span3.pull-right .span3.pull-right
.pull-right .pull-right
- unless @project.empty_repo? - unless @project.empty_repo?
- if can?(current_user, :fork_project, @project) && @project.namespace != current_user.namespace - if current_user && can?(current_user, :fork_project, @project) && @project.namespace != current_user.namespace
- if current_user.already_forked?(@project) - if current_user.already_forked?(@project)
= link_to project_path(current_user.fork_of(@project)), class: 'btn grouped disabled' do = link_to project_path(current_user.fork_of(@project)), class: 'btn grouped disabled' do
%i.icon-code-fork %i.icon-code-fork
...@@ -19,6 +19,7 @@ ...@@ -19,6 +19,7 @@
%i.icon-download-alt %i.icon-download-alt
%span.only-wide Download %span.only-wide Download
- if current_user
.dropdown.pull-right .dropdown.pull-right
%a.dropdown-toggle.btn{href: '#', "data-toggle" => "dropdown"} %a.dropdown-toggle.btn{href: '#', "data-toggle" => "dropdown"}
%i.icon-plus-sign-alt %i.icon-plus-sign-alt
......
...@@ -21,7 +21,7 @@ ...@@ -21,7 +21,7 @@
Stats Stats
- if current_controller?(:commits) && current_user.private_token - if current_user && current_controller?(:commits) && current_user.private_token
%li.pull-right %li.pull-right
= link_to project_commits_path(@project, @ref, {format: :atom, private_token: current_user.private_token}), title: "Feed" do = link_to project_commits_path(@project, @ref, {format: :atom, private_token: current_user.private_token}), title: "Feed" do
%i.icon-rss %i.icon-rss
...@@ -16,8 +16,8 @@ ...@@ -16,8 +16,8 @@
%legend Git global setup: %legend Git global setup:
%pre.dark %pre.dark
:preserve :preserve
git config --global user.name "#{current_user.name}" git config --global user.name "#{git_user_name}"
git config --global user.email "#{current_user.email}" git config --global user.email "#{git_user_email}"
%fieldset %fieldset
%legend Create Repository %legend Create Repository
......
...@@ -5,6 +5,7 @@ ...@@ -5,6 +5,7 @@
= link_to 'Milestones', project_milestones_path(@project), class: "tab" = link_to 'Milestones', project_milestones_path(@project), class: "tab"
= nav_link(controller: :labels) do = nav_link(controller: :labels) do
= link_to 'Labels', project_labels_path(@project), class: "tab" = link_to 'Labels', project_labels_path(@project), class: "tab"
- if current_user
%li.pull-right %li.pull-right
= link_to project_issues_path(@project, :atom, { private_token: current_user.private_token }) do = link_to project_issues_path(@project, :atom, { private_token: current_user.private_token }) do
%i.icon-rss %i.icon-rss
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
%i.icon-link %i.icon-link
Link here Link here
&nbsp; &nbsp;
- if(note.author_id == current_user.id) || can?(current_user, :admin_note, @project) - if(note.author_id == current_user.try(:id)) || can?(current_user, :admin_note, @project)
= link_to "#", title: "Edit comment", class: "js-note-edit" do = link_to "#", title: "Edit comment", class: "js-note-edit" do
%i.icon-edit %i.icon-edit
Edit Edit
......
- if tree.readme
= render "projects/tree/readme", readme: tree.readme
- else
.alert
%h3.nothing_here_message This project does not have README file
...@@ -2,29 +2,40 @@ ...@@ -2,29 +2,40 @@
.span6 .span6
%h3.page-title %h3.page-title
Projects (#{@projects.total_count}) Projects (#{@projects.total_count})
%small with read-only access .light
You can browse public projects in read-only mode until signed in.
.span6 .span6
.pull-right .pull-right
= form_tag public_projects_path, method: :get, class: 'form-inline' do |f| = form_tag public_projects_path, method: :get, class: 'form-inline' do |f|
.search-holder .search-holder
.controls
= search_field_tag :search, params[:search], placeholder: "Filter by name", class: "span3 search-text-input", id: "projects_search" = search_field_tag :search, params[:search], placeholder: "Filter by name", class: "span3 search-text-input", id: "projects_search"
= submit_tag 'Search', class: "btn btn-primary wide" = submit_tag 'Search', class: "btn btn-primary wide"
%hr
.public-projects .public-projects
%ul.bordered-list %ul.bordered-list.top-list
- @projects.each do |project| - @projects.each do |project|
%li %li
.project-title %h4
%i.icon-share.cgray = link_to project_path(project) do
= link_to public_project_path(project) do = project.name_with_namespace
%strong= project.name_with_namespace
.pull-right .pull-right
%pre.public-clone git clone #{project.http_url_to_repo} %pre.public-clone git clone #{project.http_url_to_repo}
- if project.description.present? - if project.description.present?
%div.description %p
= project.description = project.description
.repo-info
- unless project.empty_repo?
= link_to pluralize(project.repository.round_commit_count, 'commit'), project_commits_path(project, project.default_branch)
&middot;
= link_to pluralize(project.repository.branch_names.count, 'branch'), project_branches_path(project)
&middot;
= link_to pluralize(project.repository.tag_names.count, 'tag'), project_tags_path(project)
- else
%i.icon-warning-sign
Empty repository
- unless @projects.present? - unless @projects.present?
%h3.nothing_here_message No public projects %h3.nothing_here_message No public projects
......
%h3.page-title
= @project.name_with_namespace
.pull-right
%pre.public-clone git clone #{@project.http_url_to_repo}
.pull-right
- if current_user
= link_to 'Browse project', @project, class: 'btn btn-create append-right-10'
%div
= link_to public_root_path do
&larr; To projects list
.pull-right
%span.light= @project.description
%br
.row
- unless @project.empty_repo?
.span9
= render 'tree', tree: @tree
.span3
%h5 Repository:
%div
%p
%span.light Bare size is
#{@project.repository.size} MB
%p
= pluralize(@repository.round_commit_count, 'commit')
%p
= pluralize(@repository.branch_names.count, 'branch')
%p
= pluralize(@repository.tag_names.count, 'tag')
- if @recent_tags.present?
%hr
%h5 Most Recent Tags:
%ul.unstyled
- @recent_tags.each do |tag|
%li
%p
%i.icon-tag
%strong= tag.name
%small.light.pull-right
%i.icon-calendar
= time_ago_in_words(tag.commit.committed_date)
ago
- else
= 'Empty Repository'
...@@ -55,8 +55,6 @@ Gitlab::Application.routes.draw do ...@@ -55,8 +55,6 @@ Gitlab::Application.routes.draw do
# #
namespace :public do namespace :public do
resources :projects, only: [:index] resources :projects, only: [:index]
resources :projects, constraints: { id: /[a-zA-Z.\/0-9_\-]+/ }, only: [:show]
root to: "projects#index" root to: "projects#index"
end end
......
...@@ -9,11 +9,10 @@ Feature: Public Projects Feature ...@@ -9,11 +9,10 @@ Feature: Public Projects Feature
And I should not see project "Enterprise" And I should not see project "Enterprise"
Scenario: I visit public project page Scenario: I visit public project page
When I visit public page for "Community" project When I visit project "Community" page
Then I should see public project details Then I should see project "Community" home page
And I should see project readme
Scenario: I visit an empty public project page Scenario: I visit an empty public project page
Given public empty project "Empty Public Project" Given public empty project "Empty Public Project"
When I visit empty public project page When I visit empty project page
Then I should see empty public project details Then I should see empty public project details
...@@ -11,7 +11,6 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps ...@@ -11,7 +11,6 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps
step 'I should see project "Empty Public Project"' do step 'I should see project "Empty Public Project"' do
page.should have_content "Empty Public Project" page.should have_content "Empty Public Project"
puts page.save_page('foo.html')
end end
step 'I should see public project details' do step 'I should see public project details' do
...@@ -24,26 +23,35 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps ...@@ -24,26 +23,35 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps
end end
step 'public project "Community"' do step 'public project "Community"' do
create :project_with_code, name: 'Community', public: true create :project_with_code, name: 'Community', public: true, default_branch: 'master'
end end
step 'public empty project "Empty Public Project"' do step 'public empty project "Empty Public Project"' do
create :project, name: 'Empty Public Project', public: true create :project, name: 'Empty Public Project', public: true
end end
step 'I visit empty public project page' do step 'I visit empty project page' do
project = Project.find_by_name('Empty Public Project') project = Project.find_by_name('Empty Public Project')
visit public_project_path(project) visit project_path(project)
end
step 'I visit project "Community" page' do
project = Project.find_by_name('Community')
visit project_path(project)
end end
step 'I should see empty public project details' do step 'I should see empty public project details' do
page.should have_content 'Empty Repository' page.should have_content 'Git global setup'
end end
step 'private project "Enterprise"' do step 'private project "Enterprise"' do
create :project, name: 'Enterprise' create :project, name: 'Enterprise'
end end
step 'I should see project "Community" home page' do
page.should have_content 'Repo size is'
end
private private
def project def project
......
require 'spec_helper'
describe "Dashboard access" do
describe "GET /dashboard" do
subject { dashboard_path }
it { should be_allowed_for :admin }
it { should be_allowed_for :user }
it { should be_denied_for :visitor }
end
describe "GET /dashboard/issues" do
subject { issues_dashboard_path }
it { should be_allowed_for :admin }
it { should be_allowed_for :user }
it { should be_denied_for :visitor }
end
describe "GET /dashboard/merge_requests" do
subject { merge_requests_dashboard_path }
it { should be_allowed_for :admin }
it { should be_allowed_for :user }
it { should be_denied_for :visitor }
end
describe "GET /dashboard/projects" do
subject { projects_dashboard_path }
it { should be_allowed_for :admin }
it { should be_allowed_for :user }
it { should be_denied_for :visitor }
end
describe "GET /help" do
subject { help_path }
it { should be_allowed_for :admin }
it { should be_allowed_for :user }
it { should be_denied_for :visitor }
end
describe "GET /projects/new" do
it { new_project_path.should be_allowed_for :admin }
it { new_project_path.should be_allowed_for :user }
it { new_project_path.should be_denied_for :visitor }
end
describe "GET /groups/new" do
it { new_group_path.should be_allowed_for :admin }
it { new_group_path.should be_allowed_for :user }
it { new_group_path.should be_denied_for :visitor }
end
end
require 'spec_helper'
describe "Group access" do
describe "GET /projects/new" do
it { new_group_path.should be_allowed_for :admin }
it { new_group_path.should be_allowed_for :user }
it { new_group_path.should be_denied_for :visitor }
end
describe "Group" do
let(:group) { create(:group) }
let(:master) { create(:user) }
let(:reporter) { create(:user) }
let(:guest) { create(:user) }
before do
group.add_user(master, Gitlab::Access::MASTER)
group.add_user(reporter, Gitlab::Access::REPORTER)
group.add_user(guest, Gitlab::Access::GUEST)
end
describe "GET /groups/:path" do
subject { group_path(group) }
it { should be_allowed_for group.owner }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /groups/:path/issues" do
subject { issues_group_path(group) }
it { should be_allowed_for group.owner }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /groups/:path/merge_requests" do
subject { merge_requests_group_path(group) }
it { should be_allowed_for group.owner }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /groups/:path/members" do
subject { members_group_path(group) }
it { should be_allowed_for group.owner }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /groups/:path/edit" do
subject { edit_group_path(group) }
it { should be_allowed_for group.owner }
it { should be_denied_for master }
it { should be_denied_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
end
end
...@@ -45,5 +45,32 @@ describe "Users Security" do ...@@ -45,5 +45,32 @@ describe "Users Security" do
it { should be_allowed_for :user } it { should be_allowed_for :user }
it { should be_denied_for :visitor } it { should be_denied_for :visitor }
end end
describe "GET /profile/history" do
subject { history_profile_path }
it { should be_allowed_for @u1 }
it { should be_allowed_for :admin }
it { should be_allowed_for :user }
it { should be_denied_for :visitor }
end
describe "GET /profile/notifications" do
subject { profile_notifications_path }
it { should be_allowed_for @u1 }
it { should be_allowed_for :admin }
it { should be_allowed_for :user }
it { should be_denied_for :visitor }
end
describe "GET /profile/groups" do
subject { profile_groups_path }
it { should be_allowed_for @u1 }
it { should be_allowed_for :admin }
it { should be_allowed_for :user }
it { should be_denied_for :visitor }
end
end end
end end
require 'spec_helper'
describe "Private Project Access" do
let(:project) { create(:project_with_code) }
let(:master) { create(:user) }
let(:guest) { create(:user) }
let(:reporter) { create(:user) }
before do
# full access
project.team << [master, :master]
# readonly
project.team << [reporter, :reporter]
end
describe "GET /:project_path" do
subject { project_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/tree/master" do
subject { project_tree_path(project, project.repository.root_ref) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/commits/master" do
subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/commit/:sha" do
subject { project_commit_path(project, project.repository.commit) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/compare" do
subject { project_compare_index_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/team" do
subject { project_team_index_path(project) }
it { should be_allowed_for master }
it { should be_denied_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/wall" do
subject { project_wall_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/blob" do
before do
commit = project.repository.commit
path = commit.tree.contents.select { |i| i.is_a?(Grit::Blob) }.first.name
@blob_path = project_blob_path(project, File.join(commit.id, path))
end
it { @blob_path.should be_allowed_for master }
it { @blob_path.should be_allowed_for reporter }
it { @blob_path.should be_allowed_for :admin }
it { @blob_path.should be_denied_for guest }
it { @blob_path.should be_denied_for :user }
it { @blob_path.should be_denied_for :visitor }
end
describe "GET /:project_path/edit" do
subject { edit_project_path(project) }
it { should be_allowed_for master }
it { should be_denied_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/deploy_keys" do
subject { project_deploy_keys_path(project) }
it { should be_allowed_for master }
it { should be_denied_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/issues" do
subject { project_issues_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/snippets" do
subject { project_snippets_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/merge_requests" do
subject { project_merge_requests_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/branches/recent" do
subject { recent_project_branches_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/branches" do
subject { project_branches_path(project) }
before do
# Speed increase
Project.any_instance.stub(:branches).and_return([])
end
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/tags" do
subject { project_tags_path(project) }
before do
# Speed increase
Project.any_instance.stub(:tags).and_return([])
end
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/hooks" do
subject { project_hooks_path(project) }
it { should be_allowed_for master }
it { should be_denied_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
end
require 'spec_helper'
describe "Public Project Access" do
let(:project) { create(:project_with_code) }
let(:master) { create(:user) }
let(:guest) { create(:user) }
let(:reporter) { create(:user) }
before do
# public project
project.public = true
project.save!
# full access
project.team << [master, :master]
# readonly
project.team << [reporter, :reporter]
end
describe "Project should be public" do
subject { project }
its(:public?) { should be_true }
end
describe "GET /:project_path" do
subject { project_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_allowed_for :user }
it { should be_allowed_for :visitor }
end
describe "GET /:project_path/tree/master" do
subject { project_tree_path(project, project.repository.root_ref) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_allowed_for :user }
it { should be_allowed_for :visitor }
end
describe "GET /:project_path/commits/master" do
subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_allowed_for :user }
it { should be_allowed_for :visitor }
end
describe "GET /:project_path/commit/:sha" do
subject { project_commit_path(project, project.repository.commit) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_allowed_for :user }
it { should be_allowed_for :visitor }
end
describe "GET /:project_path/compare" do
subject { project_compare_index_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_allowed_for :user }
it { should be_allowed_for :visitor }
end
describe "GET /:project_path/team" do
subject { project_team_index_path(project) }
it { should be_allowed_for master }
it { should be_denied_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/wall" do
subject { project_wall_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_allowed_for :user }
it { should be_allowed_for :visitor }
end
describe "GET /:project_path/blob" do
before do
commit = project.repository.commit
path = commit.tree.contents.select { |i| i.is_a?(Grit::Blob) }.first.name
@blob_path = project_blob_path(project, File.join(commit.id, path))
end
it { @blob_path.should be_allowed_for master }
it { @blob_path.should be_allowed_for reporter }
it { @blob_path.should be_allowed_for :admin }
it { @blob_path.should be_allowed_for guest }
it { @blob_path.should be_allowed_for :user }
it { @blob_path.should be_allowed_for :visitor }
end
describe "GET /:project_path/edit" do
subject { edit_project_path(project) }
it { should be_allowed_for master }
it { should be_denied_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/deploy_keys" do
subject { project_deploy_keys_path(project) }
it { should be_allowed_for master }
it { should be_denied_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/issues" do
subject { project_issues_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_allowed_for :user }
it { should be_allowed_for :visitor }
end
describe "GET /:project_path/snippets" do
subject { project_snippets_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_allowed_for :user }
it { should be_allowed_for :visitor }
end
describe "GET /:project_path/snippets/new" do
subject { new_project_snippet_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/merge_requests" do
subject { project_merge_requests_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_allowed_for :user }
it { should be_allowed_for :visitor }
end
describe "GET /:project_path/merge_requests/new" do
subject { new_project_merge_request_path(project) }
it { should be_allowed_for master }
it { should be_denied_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
describe "GET /:project_path/branches/recent" do
subject { recent_project_branches_path(project) }
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_allowed_for :user }
it { should be_allowed_for :visitor }
end
describe "GET /:project_path/branches" do
subject { project_branches_path(project) }
before do
# Speed increase
Project.any_instance.stub(:branches).and_return([])
end
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_allowed_for :user }
it { should be_allowed_for :visitor }
end
describe "GET /:project_path/tags" do
subject { project_tags_path(project) }
before do
# Speed increase
Project.any_instance.stub(:tags).and_return([])
end
it { should be_allowed_for master }
it { should be_allowed_for reporter }
it { should be_allowed_for :admin }
it { should be_allowed_for guest }
it { should be_allowed_for :user }
it { should be_allowed_for :visitor }
end
describe "GET /:project_path/hooks" do
subject { project_hooks_path(project) }
it { should be_allowed_for master }
it { should be_denied_for reporter }
it { should be_allowed_for :admin }
it { should be_denied_for guest }
it { should be_denied_for :user }
it { should be_denied_for :visitor }
end
end
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment