Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kazuhiko Shiozaki
gitlab-ce
Commits
b4c36130
Commit
b4c36130
authored
Feb 04, 2016
by
Kamil Trzcinski
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Rename allow_guest_to_access_builds to public_builds
parent
6a5a175d
Changes
12
Show whitespace changes
Inline
Side-by-side
Showing
12 changed files
with
202 additions
and
96 deletions
+202
-96
app/controllers/projects_controller.rb
app/controllers/projects_controller.rb
+1
-1
app/models/ability.rb
app/models/ability.rb
+5
-5
app/views/projects/edit.html.haml
app/views/projects/edit.html.haml
+4
-4
db/migrate/20160202164642_add_allow_guest_to_access_builds_project.rb
...0160202164642_add_allow_guest_to_access_builds_project.rb
+1
-1
db/schema.rb
db/schema.rb
+17
-17
doc/api/projects.md
doc/api/projects.md
+5
-5
features/steps/shared/project.rb
features/steps/shared/project.rb
+8
-0
lib/api/entities.rb
lib/api/entities.rb
+2
-2
lib/api/projects.rb
lib/api/projects.rb
+6
-6
spec/features/builds_spec.rb
spec/features/builds_spec.rb
+1
-1
spec/features/commits_spec.rb
spec/features/commits_spec.rb
+98
-54
spec/features/security/project/public_access_spec.rb
spec/features/security/project/public_access_spec.rb
+54
-0
No files found.
app/controllers/projects_controller.rb
View file @
b4c36130
...
@@ -227,7 +227,7 @@ class ProjectsController < ApplicationController
...
@@ -227,7 +227,7 @@ class ProjectsController < ApplicationController
:issues_enabled
,
:merge_requests_enabled
,
:snippets_enabled
,
:issues_tracker_id
,
:default_branch
,
:issues_enabled
,
:merge_requests_enabled
,
:snippets_enabled
,
:issues_tracker_id
,
:default_branch
,
:wiki_enabled
,
:visibility_level
,
:import_url
,
:last_activity_at
,
:namespace_id
,
:avatar
,
:wiki_enabled
,
:visibility_level
,
:import_url
,
:last_activity_at
,
:namespace_id
,
:avatar
,
:builds_enabled
,
:build_allow_git_fetch
,
:build_timeout_in_minutes
,
:build_coverage_regex
,
:builds_enabled
,
:build_allow_git_fetch
,
:build_timeout_in_minutes
,
:build_coverage_regex
,
:
allow_guest_to_access
_builds
,
:
public
_builds
,
)
)
end
end
...
...
app/models/ability.rb
View file @
b4c36130
...
@@ -64,7 +64,7 @@ class Ability
...
@@ -64,7 +64,7 @@ class Ability
]
]
# Allow to read builds by anonymous user if guests are allowed
# Allow to read builds by anonymous user if guests are allowed
rules
<<
:read_build
if
project
.
allow_guest_to_access
_builds?
rules
<<
:read_build
if
project
.
public
_builds?
rules
-
project_disabled_features_rules
(
project
)
rules
-
project_disabled_features_rules
(
project
)
else
else
...
@@ -132,9 +132,9 @@ class Ability
...
@@ -132,9 +132,9 @@ class Ability
rules
.
push
(
*
public_project_rules
)
rules
.
push
(
*
public_project_rules
)
end
end
# Allow to read builds
if guests are allowed
# Allow to read builds
for internal projects
if
team
.
guest?
(
user
)
||
project
.
public?
||
project
.
internal?
if
project
.
public?
||
project
.
internal?
rules
<<
:read_build
if
project
.
allow_guest_to_access
_builds?
rules
<<
:read_build
if
project
.
public
_builds?
end
end
if
project
.
owner
==
user
||
user
.
admin?
if
project
.
owner
==
user
||
user
.
admin?
...
@@ -172,7 +172,6 @@ class Ability
...
@@ -172,7 +172,6 @@ class Ability
:read_project_member
,
:read_project_member
,
:read_merge_request
,
:read_merge_request
,
:read_note
,
:read_note
,
:read_commit_status
,
:create_project
,
:create_project
,
:create_issue
,
:create_issue
,
:create_note
:create_note
...
@@ -187,6 +186,7 @@ class Ability
...
@@ -187,6 +186,7 @@ class Ability
:update_issue
,
:update_issue
,
:admin_issue
,
:admin_issue
,
:admin_label
,
:admin_label
,
:read_commit_status
,
:read_build
,
:read_build
,
]
]
end
end
...
...
app/views/projects/edit.html.haml
View file @
b4c36130
...
@@ -162,10 +162,10 @@
...
@@ -162,10 +162,10 @@
.form-group
.form-group
.col-sm-offset-2.col-sm-10
.col-sm-offset-2.col-sm-10
.checkbox
.checkbox
=
f
.
label
:
allow_guest_to_access
_builds
do
=
f
.
label
:
public
_builds
do
=
f
.
check_box
:
allow_guest_to_access
_builds
=
f
.
check_box
:
public
_builds
%strong
Guests can see
builds
%strong
Public
builds
.help-block
Allow
guests and anonymous users to access builds including build trace and artifa
cts
.help-block
Allow
everyone to access builds for Public and Internal proje
cts
%fieldset
.features
%fieldset
.features
%legend
%legend
...
...
db/migrate/20160202164642_add_allow_guest_to_access_builds_project.rb
View file @
b4c36130
class
AddAllowGuestToAccessBuildsProject
<
ActiveRecord
::
Migration
class
AddAllowGuestToAccessBuildsProject
<
ActiveRecord
::
Migration
def
change
def
change
add_column
:projects
,
:
allow_guest_to_access
_builds
,
:boolean
,
default:
true
,
null:
false
add_column
:projects
,
:
public
_builds
,
:boolean
,
default:
true
,
null:
false
end
end
end
end
db/schema.rb
View file @
b4c36130
...
@@ -678,7 +678,7 @@ ActiveRecord::Schema.define(version: 20160202164642) do
...
@@ -678,7 +678,7 @@ ActiveRecord::Schema.define(version: 20160202164642) do
t
.
boolean
"build_allow_git_fetch"
,
default:
true
,
null:
false
t
.
boolean
"build_allow_git_fetch"
,
default:
true
,
null:
false
t
.
integer
"build_timeout"
,
default:
3600
,
null:
false
t
.
integer
"build_timeout"
,
default:
3600
,
null:
false
t
.
boolean
"pending_delete"
,
default:
false
t
.
boolean
"pending_delete"
,
default:
false
t
.
boolean
"
allow_guest_to_access_builds"
,
default:
true
,
null:
false
t
.
boolean
"
public_builds"
,
default:
true
,
null:
false
end
end
add_index
"projects"
,
[
"builds_enabled"
,
"shared_runners_enabled"
],
name:
"index_projects_on_builds_enabled_and_shared_runners_enabled"
,
using: :btree
add_index
"projects"
,
[
"builds_enabled"
,
"shared_runners_enabled"
],
name:
"index_projects_on_builds_enabled_and_shared_runners_enabled"
,
using: :btree
...
...
doc/api/projects.md
View file @
b4c36130
...
@@ -82,7 +82,7 @@ Parameters:
...
@@ -82,7 +82,7 @@ Parameters:
"forks_count"
:
0
,
"forks_count"
:
0
,
"star_count"
:
0
,
"star_count"
:
0
,
"runners_token"
:
"b8547b1dc37721d05889db52fa2f02"
,
"runners_token"
:
"b8547b1dc37721d05889db52fa2f02"
,
"
allow_guest_to_access
_builds"
:
true
"
public
_builds"
:
true
},
},
{
{
"id"
:
6
,
"id"
:
6
,
...
@@ -140,7 +140,7 @@ Parameters:
...
@@ -140,7 +140,7 @@ Parameters:
"forks_count"
:
0
,
"forks_count"
:
0
,
"star_count"
:
0
,
"star_count"
:
0
,
"runners_token"
:
"b8547b1dc37721d05889db52fa2f02"
,
"runners_token"
:
"b8547b1dc37721d05889db52fa2f02"
,
"
allow_guest_to_access
_builds"
:
true
"
public
_builds"
:
true
}
}
]
]
```
```
...
@@ -427,7 +427,7 @@ Parameters:
...
@@ -427,7 +427,7 @@ Parameters:
-
`public`
(optional) - if
`true`
same as setting visibility_level = 20
-
`public`
(optional) - if
`true`
same as setting visibility_level = 20
-
`visibility_level`
(optional)
-
`visibility_level`
(optional)
-
`import_url`
(optional)
-
`import_url`
(optional)
-
`
allow_guest_to_access
_builds`
(optional)
-
`
public
_builds`
(optional)
### Create project for user
### Create project for user
...
@@ -450,7 +450,7 @@ Parameters:
...
@@ -450,7 +450,7 @@ Parameters:
-
`public`
(optional) - if
`true`
same as setting visibility_level = 20
-
`public`
(optional) - if
`true`
same as setting visibility_level = 20
-
`visibility_level`
(optional)
-
`visibility_level`
(optional)
-
`import_url`
(optional)
-
`import_url`
(optional)
-
`
allow_guest_to_access
_builds`
(optional)
-
`
public
_builds`
(optional)
### Edit project
### Edit project
...
@@ -474,7 +474,7 @@ Parameters:
...
@@ -474,7 +474,7 @@ Parameters:
-
`snippets_enabled`
(optional)
-
`snippets_enabled`
(optional)
-
`public`
(optional) - if
`true`
same as setting visibility_level = 20
-
`public`
(optional) - if
`true`
same as setting visibility_level = 20
-
`visibility_level`
(optional)
-
`visibility_level`
(optional)
-
`
allow_guest_to_access
_builds`
(optional)
-
`
public
_builds`
(optional)
On success, method returns 200 with the updated project. If parameters are
On success, method returns 200 with the updated project. If parameters are
invalid, 400 is returned.
invalid, 400 is returned.
...
...
features/steps/shared/project.rb
View file @
b4c36130
...
@@ -240,6 +240,14 @@ module SharedProject
...
@@ -240,6 +240,14 @@ module SharedProject
end
end
end
end
step
'public access for builds is enabled'
do
@project
.
update
(
public_builds:
true
)
end
step
'public access for builds is disabled'
do
@project
.
update
(
public_builds:
false
)
end
def
user_owns_project
(
user_name
:,
project_name
:,
visibility: :private
)
def
user_owns_project
(
user_name
:,
project_name
:,
visibility: :private
)
user
=
user_exists
(
user_name
,
username:
user_name
.
gsub
(
/\s/
,
''
).
underscore
)
user
=
user_exists
(
user_name
,
username:
user_name
.
gsub
(
/\s/
,
''
).
underscore
)
project
=
Project
.
find_by
(
name:
project_name
)
project
=
Project
.
find_by
(
name:
project_name
)
...
...
lib/api/entities.rb
View file @
b4c36130
...
@@ -72,7 +72,7 @@ module API
...
@@ -72,7 +72,7 @@ module API
expose
:star_count
,
:forks_count
expose
:star_count
,
:forks_count
expose
:open_issues_count
,
if:
lambda
{
|
project
,
options
|
project
.
issues_enabled?
&&
project
.
default_issues_tracker?
}
expose
:open_issues_count
,
if:
lambda
{
|
project
,
options
|
project
.
issues_enabled?
&&
project
.
default_issues_tracker?
}
expose
:runners_token
,
if:
lambda
{
|
_project
,
options
|
options
[
:user_can_admin_project
]
}
expose
:runners_token
,
if:
lambda
{
|
_project
,
options
|
options
[
:user_can_admin_project
]
}
expose
:
allow_guest_to_access
_builds
expose
:
public
_builds
end
end
class
ProjectMember
<
UserBasic
class
ProjectMember
<
UserBasic
...
@@ -384,7 +384,7 @@ module API
...
@@ -384,7 +384,7 @@ module API
# for downloading of artifacts (see: https://gitlab.com/gitlab-org/gitlab-ce/issues/4255)
# for downloading of artifacts (see: https://gitlab.com/gitlab-org/gitlab-ce/issues/4255)
expose
:download_url
do
|
repo_obj
,
options
|
expose
:download_url
do
|
repo_obj
,
options
|
if
options
[
:user_can_download_artifacts
]
if
options
[
:user_can_download_artifacts
]
repo_obj
.
download_url
repo_obj
.
artifacts_
download_url
end
end
end
end
expose
:commit
,
with:
RepoCommit
do
|
repo_obj
,
_options
|
expose
:commit
,
with:
RepoCommit
do
|
repo_obj
,
_options
|
...
...
lib/api/projects.rb
View file @
b4c36130
...
@@ -99,7 +99,7 @@ module API
...
@@ -99,7 +99,7 @@ module API
# public (optional) - if true same as setting visibility_level = 20
# public (optional) - if true same as setting visibility_level = 20
# visibility_level (optional) - 0 by default
# visibility_level (optional) - 0 by default
# import_url (optional)
# import_url (optional)
#
allow_guest_to_access
_builds (optional)
#
public
_builds (optional)
# Example Request
# Example Request
# POST /projects
# POST /projects
post
do
post
do
...
@@ -117,7 +117,7 @@ module API
...
@@ -117,7 +117,7 @@ module API
:public
,
:public
,
:visibility_level
,
:visibility_level
,
:import_url
,
:import_url
,
:
allow_guest_to_access
_builds
]
:
public
_builds
]
attrs
=
map_public_to_visibility_level
(
attrs
)
attrs
=
map_public_to_visibility_level
(
attrs
)
@project
=
::
Projects
::
CreateService
.
new
(
current_user
,
attrs
).
execute
@project
=
::
Projects
::
CreateService
.
new
(
current_user
,
attrs
).
execute
if
@project
.
saved?
if
@project
.
saved?
...
@@ -147,7 +147,7 @@ module API
...
@@ -147,7 +147,7 @@ module API
# public (optional) - if true same as setting visibility_level = 20
# public (optional) - if true same as setting visibility_level = 20
# visibility_level (optional)
# visibility_level (optional)
# import_url (optional)
# import_url (optional)
#
allow_guest_to_access
_builds (optional)
#
public
_builds (optional)
# Example Request
# Example Request
# POST /projects/user/:user_id
# POST /projects/user/:user_id
post
"user/:user_id"
do
post
"user/:user_id"
do
...
@@ -165,7 +165,7 @@ module API
...
@@ -165,7 +165,7 @@ module API
:public
,
:public
,
:visibility_level
,
:visibility_level
,
:import_url
,
:import_url
,
:
allow_guest_to_access
_builds
]
:
public
_builds
]
attrs
=
map_public_to_visibility_level
(
attrs
)
attrs
=
map_public_to_visibility_level
(
attrs
)
@project
=
::
Projects
::
CreateService
.
new
(
user
,
attrs
).
execute
@project
=
::
Projects
::
CreateService
.
new
(
user
,
attrs
).
execute
if
@project
.
saved?
if
@project
.
saved?
...
@@ -209,7 +209,7 @@ module API
...
@@ -209,7 +209,7 @@ module API
# shared_runners_enabled (optional)
# shared_runners_enabled (optional)
# public (optional) - if true same as setting visibility_level = 20
# public (optional) - if true same as setting visibility_level = 20
# visibility_level (optional) - visibility level of a project
# visibility_level (optional) - visibility level of a project
#
allow_guest_to_access
_builds (optional)
#
public
_builds (optional)
# Example Request
# Example Request
# PUT /projects/:id
# PUT /projects/:id
put
':id'
do
put
':id'
do
...
@@ -225,7 +225,7 @@ module API
...
@@ -225,7 +225,7 @@ module API
:shared_runners_enabled
,
:shared_runners_enabled
,
:public
,
:public
,
:visibility_level
,
:visibility_level
,
:
allow_guest_to_access
_builds
]
:
public
_builds
]
attrs
=
map_public_to_visibility_level
(
attrs
)
attrs
=
map_public_to_visibility_level
(
attrs
)
authorize_admin_project
authorize_admin_project
authorize!
:rename_project
,
user_project
if
attrs
[
:name
].
present?
authorize!
:rename_project
,
user_project
if
attrs
[
:name
].
present?
...
...
spec/features/builds_spec.rb
View file @
b4c36130
...
@@ -8,7 +8,7 @@ describe "Builds" do
...
@@ -8,7 +8,7 @@ describe "Builds" do
@commit
=
FactoryGirl
.
create
:ci_commit
@commit
=
FactoryGirl
.
create
:ci_commit
@build
=
FactoryGirl
.
create
:ci_build
,
commit:
@commit
@build
=
FactoryGirl
.
create
:ci_build
,
commit:
@commit
@project
=
@commit
.
project
@project
=
@commit
.
project
@project
.
team
<<
[
@user
,
:
mast
er
]
@project
.
team
<<
[
@user
,
:
develop
er
]
end
end
describe
"GET /:project/builds"
do
describe
"GET /:project/builds"
do
...
...
spec/features/commits_spec.rb
View file @
b4c36130
...
@@ -8,7 +8,6 @@ describe 'Commits' do
...
@@ -8,7 +8,6 @@ describe 'Commits' do
describe
'CI'
do
describe
'CI'
do
before
do
before
do
login_as
:user
login_as
:user
project
.
team
<<
[
@user
,
:master
]
stub_ci_commit_to_return_yaml_file
stub_ci_commit_to_return_yaml_file
end
end
...
@@ -19,6 +18,10 @@ describe 'Commits' do
...
@@ -19,6 +18,10 @@ describe 'Commits' do
context
'commit status is Generic Commit Status'
do
context
'commit status is Generic Commit Status'
do
let!
(
:status
)
{
FactoryGirl
.
create
:generic_commit_status
,
commit:
commit
}
let!
(
:status
)
{
FactoryGirl
.
create
:generic_commit_status
,
commit:
commit
}
before
do
project
.
team
<<
[
@user
,
:reporter
]
end
describe
'Commit builds'
do
describe
'Commit builds'
do
before
do
before
do
visit
ci_status_path
(
commit
)
visit
ci_status_path
(
commit
)
...
@@ -37,6 +40,12 @@ describe 'Commits' do
...
@@ -37,6 +40,12 @@ describe 'Commits' do
context
'commit status is Ci Build'
do
context
'commit status is Ci Build'
do
let!
(
:build
)
{
FactoryGirl
.
create
:ci_build
,
commit:
commit
}
let!
(
:build
)
{
FactoryGirl
.
create
:ci_build
,
commit:
commit
}
let
(
:artifacts_file
)
{
fixture_file_upload
(
Rails
.
root
+
'spec/fixtures/banana_sample.gif'
,
'image/gif'
)
}
context
'when logged as developer'
do
before
do
project
.
team
<<
[
@user
,
:developer
]
end
describe
'Project commits'
do
describe
'Project commits'
do
before
do
before
do
...
@@ -61,8 +70,6 @@ describe 'Commits' do
...
@@ -61,8 +70,6 @@ describe 'Commits' do
end
end
context
'Download artifacts'
do
context
'Download artifacts'
do
let
(
:artifacts_file
)
{
fixture_file_upload
(
Rails
.
root
+
'spec/fixtures/banana_sample.gif'
,
'image/gif'
)
}
before
do
before
do
build
.
update_attributes
(
artifacts_file:
artifacts_file
)
build
.
update_attributes
(
artifacts_file:
artifacts_file
)
end
end
...
@@ -117,5 +124,42 @@ describe 'Commits' do
...
@@ -117,5 +124,42 @@ describe 'Commits' do
end
end
end
end
end
end
context
"when logged as reporter"
do
before
do
project
.
team
<<
[
@user
,
:reporter
]
build
.
update_attributes
(
artifacts_file:
artifacts_file
)
visit
ci_status_path
(
commit
)
end
it
do
expect
(
page
).
to
have_content
commit
.
sha
[
0
..
7
]
expect
(
page
).
to
have_content
commit
.
git_commit_message
expect
(
page
).
to
have_content
commit
.
git_author_name
expect
(
page
).
to
have_link
(
'Download artifacts'
)
expect
(
page
).
to_not
have_link
(
'Cancel running'
)
expect
(
page
).
to_not
have_link
(
'Retry failed'
)
end
end
context
'when accessing internal project with disallowed access'
do
before
do
project
.
update
(
visibility_level:
Gitlab
::
VisibilityLevel
::
INTERNAL
,
public_builds:
false
)
build
.
update_attributes
(
artifacts_file:
artifacts_file
)
visit
ci_status_path
(
commit
)
end
it
do
expect
(
page
).
to
have_content
commit
.
sha
[
0
..
7
]
expect
(
page
).
to
have_content
commit
.
git_commit_message
expect
(
page
).
to
have_content
commit
.
git_author_name
expect
(
page
).
to_not
have_link
(
'Download artifacts'
)
expect
(
page
).
to_not
have_link
(
'Cancel running'
)
expect
(
page
).
to_not
have_link
(
'Retry failed'
)
end
end
end
end
end
end
end
spec/features/security/project/public_access_spec.rb
View file @
b4c36130
...
@@ -96,6 +96,60 @@ describe "Public Project Access", feature: true do
...
@@ -96,6 +96,60 @@ describe "Public Project Access", feature: true do
it
{
is_expected
.
to
be_denied_for
:visitor
}
it
{
is_expected
.
to
be_denied_for
:visitor
}
end
end
describe
"GET /:project_path/builds"
do
subject
{
namespace_project_builds_path
(
project
.
namespace
,
project
)
}
context
"when allowed for public"
do
before
{
project
.
update
(
public_builds:
true
)
}
it
{
is_expected
.
to
be_allowed_for
master
}
it
{
is_expected
.
to
be_allowed_for
reporter
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
guest
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to
be_allowed_for
:visitor
}
end
context
"when disallowed for public"
do
before
{
project
.
update
(
public_builds:
false
)
}
it
{
is_expected
.
to
be_allowed_for
master
}
it
{
is_expected
.
to
be_allowed_for
reporter
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_denied_for
guest
}
it
{
is_expected
.
to
be_denied_for
:user
}
it
{
is_expected
.
to
be_denied_for
:visitor
}
end
end
describe
"GET /:project_path/builds/:id"
do
let
(
:commit
)
{
create
(
:ci_commit
,
project:
project
)
}
let
(
:build
)
{
create
(
:ci_build
,
commit:
commit
)
}
subject
{
namespace_project_build_path
(
project
.
namespace
,
project
,
build
.
id
)
}
context
"when allowed for public"
do
before
{
project
.
update
(
public_builds:
true
)
}
it
{
is_expected
.
to
be_allowed_for
master
}
it
{
is_expected
.
to
be_allowed_for
reporter
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
guest
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to
be_allowed_for
:visitor
}
end
context
"when disallowed for public"
do
before
{
project
.
update
(
public_builds:
false
)
}
it
{
is_expected
.
to
be_allowed_for
master
}
it
{
is_expected
.
to
be_allowed_for
reporter
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_denied_for
guest
}
it
{
is_expected
.
to
be_denied_for
:user
}
it
{
is_expected
.
to
be_denied_for
:visitor
}
end
end
describe
"GET /:project_path/blob"
do
describe
"GET /:project_path/blob"
do
before
do
before
do
commit
=
project
.
repository
.
commit
commit
=
project
.
repository
.
commit
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment