Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce

15743123 · Dmitriy Zaporozhets · 36ecc6d3 · 87df927f · 15743123 · 15743123
Commit 15743123 authored Jul 01, 2015 by Dmitriy Zaporozhets
7 changed files
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -25,6 +25,7 @@ v 7.13.0 (unreleased)
  - Explicit error when commit not found in the CI
  - Improve performance for issue and merge request pages 
  - Users with guest access level can not set assignee, labels or milestones for issue and merge request
+  - Reporter role can manage issue tracker now: edit any issue, set assignee or milestone and manage labels
 v 7.12.0
  - Fix Error 500 when one user attempts to access a personal, internal snippet (Stan Hu)

--- a/Gemfile
+++ b/Gemfile
@@ -9,7 +9,7 @@ gem "default_value_for", "~> 3.0.0"
 gem "mysql2", group: :mysql
 gem "pg", group: :postgres
-# Auth
+# Authentication libraries
 gem "devise", '3.2.4'
 gem "devise-async", '0.9.0'
 gem 'omniauth', "~> 1.2.2"

--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -155,7 +155,10 @@ class Ability
      project_guest_rules + [
        :download_code,
        :fork_project,
-        :create_project_snippet
+        :create_project_snippet,
+        :update_issue,
+        :admin_issue,
+        :admin_label,
      ]
    end
@@ -163,9 +166,6 @@ class Ability
      project_report_rules + [
        :create_merge_request,
        :create_wiki,
-        :update_issue,
-        :admin_issue,
-        :admin_label,
        :push_code
      ]
    end

--- a/doc/permissions/permissions.md
+++ b/doc/permissions/permissions.md
@@ -15,6 +15,8 @@ If a user is a GitLab administrator they receive all permissions.
 | Pull project code                     |         | ✓          | ✓           | ✓        | ✓      |
 | Download project                      |         | ✓          | ✓           | ✓        | ✓      |
 | Create code snippets                  |         | ✓          | ✓           | ✓        | ✓      |
+| Manage issue tracker                  |         | ✓          | ✓           | ✓        | ✓      |
+| Manage labels                         |         | ✓          | ✓           | ✓        | ✓      |
 | Create new merge request              |         |            | ✓           | ✓        | ✓      |
 | Create new branches                   |         |            | ✓           | ✓        | ✓      |
 | Push to non-protected branches        |         |            | ✓           | ✓        | ✓      |
@@ -22,8 +24,6 @@ If a user is a GitLab administrator they receive all permissions.
 | Remove non-protected branches         |         |            | ✓           | ✓        | ✓      |
 | Add tags                              |         |            | ✓           | ✓        | ✓      |
 | Write a wiki                          |         |            | ✓           | ✓        | ✓      |
-| Manage issue tracker                  |         |            | ✓           | ✓        | ✓      |
-| Manage labels                         |         |            | ✓           | ✓        | ✓      |
 | Create new milestones                 |         |            |             | ✓        | ✓      |
 | Add new team members                  |         |            |             | ✓        | ✓      |
 | Push to protected branches            |         |            |             | ✓        | ✓      |

--- a/spec/features/security/project/internal_access_spec.rb
+++ b/spec/features/security/project/internal_access_spec.rb
@@ -138,6 +138,18 @@ describe "Internal Project Access", feature: true  do
    it { is_expected.to be_denied_for :visitor }
  end
+  describe "GET /:project_path/issues/:id/edit" do
+    let(:issue) { create(:issue, project: project) }
+    subject { edit_namespace_project_issue_path(project.namespace, project, issue) }
+    it { is_expected.to be_allowed_for master }
+    it { is_expected.to be_allowed_for reporter }
+    it { is_expected.to be_allowed_for :admin }
+    it { is_expected.to be_denied_for guest }
+    it { is_expected.to be_denied_for :user }
+    it { is_expected.to be_denied_for :visitor }
+  end
  describe "GET /:project_path/snippets" do
    subject { namespace_project_snippets_path(project.namespace, project) }

--- a/spec/features/security/project/private_access_spec.rb
+++ b/spec/features/security/project/private_access_spec.rb
@@ -138,6 +138,18 @@ describe "Private Project Access", feature: true  do
    it { is_expected.to be_denied_for :visitor }
  end
+  describe "GET /:project_path/issues/:id/edit" do
+    let(:issue) { create(:issue, project: project) }
+    subject { edit_namespace_project_issue_path(project.namespace, project, issue) }
+    it { is_expected.to be_allowed_for master }
+    it { is_expected.to be_allowed_for reporter }
+    it { is_expected.to be_allowed_for :admin }
+    it { is_expected.to be_denied_for guest }
+    it { is_expected.to be_denied_for :user }
+    it { is_expected.to be_denied_for :visitor }
+  end
  describe "GET /:project_path/snippets" do
    subject { namespace_project_snippets_path(project.namespace, project) }

--- a/spec/features/security/project/public_access_spec.rb
+++ b/spec/features/security/project/public_access_spec.rb
@@ -143,6 +143,18 @@ describe "Public Project Access", feature: true  do
    it { is_expected.to be_allowed_for :visitor }
  end
+  describe "GET /:project_path/issues/:id/edit" do
+    let(:issue) { create(:issue, project: project) }
+    subject { edit_namespace_project_issue_path(project.namespace, project, issue) }
+    it { is_expected.to be_allowed_for master }
+    it { is_expected.to be_allowed_for reporter }
+    it { is_expected.to be_allowed_for :admin }
+    it { is_expected.to be_denied_for guest }
+    it { is_expected.to be_denied_for :user }
+    it { is_expected.to be_denied_for :visitor }
+  end
  describe "GET /:project_path/snippets" do
    subject { namespace_project_snippets_path(project.namespace, project) }