Commit 76eeb316 authored by Zeger-Jan van de Weg's avatar Zeger-Jan van de Weg

Create an external users tab on Admin user list

Also incorporates the review into this, mainly spec changes.
parent fc8d64b3
......@@ -30,6 +30,7 @@ v 8.6.0 (unreleased)
- Add main language of a project in the list of projects (Tiago Botelho)
- Add ability to show archived projects on dashboard, explore and group pages
- Move group activity to separate page
- Create external users which are excluded of internal and private projects unless access was explicitly granted
v 8.5.5
- Ensure removing a project removes associated Todo entries
......
......@@ -40,18 +40,23 @@ class ProjectsFinder
private
def group_projects(current_user, group)
if current_user
return [group.projects.public_only] unless current_user
if current_user.external?
[
group_projects_for_user(current_user, group),
group.projects.public_and_internal_only
group.projects.public_only
]
else
[group.projects.public_only]
[
group_projects_for_user(current_user, group),
group.projects.public_and_internal_only
]
end
end
def all_projects(current_user)
return [Project.public_only] unless current_user
return [public_projects] unless current_user
if current_user.external?
[current_user.authorized_projects, public_projects]
......
......@@ -229,6 +229,7 @@ class User < ActiveRecord::Base
# Scopes
scope :admins, -> { where(admin: true) }
scope :blocked, -> { with_states(:blocked, :ldap_blocked) }
scope :external, -> { where(external: true) }
scope :active, -> { with_state(:active) }
scope :not_in_project, ->(project) { project.users.present? ? where("id not in (:ids)", ids: project.users.map(&:id) ) : all }
scope :without_projects, -> { where('id NOT IN (SELECT DISTINCT(user_id) FROM members)') }
......@@ -284,6 +285,8 @@ class User < ActiveRecord::Base
self.with_two_factor
when 'wop'
self.without_projects
when 'external'
self.external
else
self.active
end
......@@ -855,9 +858,7 @@ class User < ActiveRecord::Base
def ensure_external_user_rights
return unless self.external?
self.can_create_team = false
self.can_create_group = false
self.projects_limit = 0
self.hide_project_limit = true
end
end
......@@ -58,13 +58,14 @@
= f.label :admin, class: 'control-label'
- if current_user == @user
.col-sm-10= f.check_box :admin, disabled: true
.col-sm-10 You cannot remove your own admin rights
.col-sm-10 You cannot remove your own admin rights.
- else
.col-sm-10= f.check_box :admin
.form-group
= f.label :external, class: 'control-label'
.col-sm-10= f.check_box :external
.col-sm-10 External users can not see internal or private projects unless access is explicitly granted. Also, external user can not create projects or groups.
%fieldset
%legend Profile
......
......@@ -19,6 +19,10 @@
= link_to admin_users_path(filter: 'two_factor_disabled') do
2FA Disabled
%small.badge= number_with_delimiter(User.without_two_factor.count)
%li.filter-external{class: "#{'active' if params[:filter] == 'external'}"}
= link_to admin_users_path(filter: 'external') do
External
%small.badge= number_with_delimiter(User.external.count)
%li{class: "#{'active' if params[:filter] == "blocked"}"}
= link_to admin_users_path(filter: "blocked") do
Blocked
......
......@@ -8,10 +8,12 @@ describe "Internal Project Access", feature: true do
let(:master) { create(:user) }
let(:guest) { create(:user) }
let(:reporter) { create(:user) }
let(:external_team_member) { create(:user, external: true) }
before do
# full access
project.team << [master, :master]
project.team << [external_team_member, :master]
# readonly
project.team << [reporter, :reporter]
......@@ -35,6 +37,7 @@ describe "Internal Project Access", feature: true do
it { is_expected.to be_allowed_for guest }
it { is_expected.to be_allowed_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -47,6 +50,7 @@ describe "Internal Project Access", feature: true do
it { is_expected.to be_allowed_for guest }
it { is_expected.to be_allowed_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -59,6 +63,7 @@ describe "Internal Project Access", feature: true do
it { is_expected.to be_allowed_for guest }
it { is_expected.to be_allowed_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -71,6 +76,7 @@ describe "Internal Project Access", feature: true do
it { is_expected.to be_allowed_for guest }
it { is_expected.to be_allowed_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -83,6 +89,7 @@ describe "Internal Project Access", feature: true do
it { is_expected.to be_allowed_for guest }
it { is_expected.to be_allowed_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -95,6 +102,7 @@ describe "Internal Project Access", feature: true do
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -108,6 +116,7 @@ describe "Internal Project Access", feature: true do
it { is_expected.to be_allowed_for guest }
it { is_expected.to be_allowed_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -120,6 +129,7 @@ describe "Internal Project Access", feature: true do
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -132,6 +142,7 @@ describe "Internal Project Access", feature: true do
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -144,6 +155,7 @@ describe "Internal Project Access", feature: true do
it { is_expected.to be_allowed_for guest }
it { is_expected.to be_allowed_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -157,6 +169,7 @@ describe "Internal Project Access", feature: true do
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -169,6 +182,7 @@ describe "Internal Project Access", feature: true do
it { is_expected.to be_allowed_for guest }
it { is_expected.to be_allowed_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -181,6 +195,7 @@ describe "Internal Project Access", feature: true do
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -193,6 +208,7 @@ describe "Internal Project Access", feature: true do
it { is_expected.to be_allowed_for guest }
it { is_expected.to be_allowed_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -205,6 +221,7 @@ describe "Internal Project Access", feature: true do
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -222,6 +239,7 @@ describe "Internal Project Access", feature: true do
it { is_expected.to be_allowed_for guest }
it { is_expected.to be_allowed_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -239,6 +257,7 @@ describe "Internal Project Access", feature: true do
it { is_expected.to be_allowed_for guest }
it { is_expected.to be_allowed_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -251,6 +270,7 @@ describe "Internal Project Access", feature: true do
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
end
......@@ -8,10 +8,12 @@ describe "Private Project Access", feature: true do
let(:master) { create(:user) }
let(:guest) { create(:user) }
let(:reporter) { create(:user) }
let(:external_team_member) { create(:user, external: true) }
before do
# full access
project.team << [master, :master]
project.team << [external_team_member, :master]
# readonly
project.team << [reporter, :reporter]
......@@ -35,6 +37,7 @@ describe "Private Project Access", feature: true do
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -47,6 +50,7 @@ describe "Private Project Access", feature: true do
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -59,6 +63,7 @@ describe "Private Project Access", feature: true do
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -70,6 +75,7 @@ describe "Private Project Access", feature: true do
it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -82,6 +88,7 @@ describe "Private Project Access", feature: true do
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -94,6 +101,7 @@ describe "Private Project Access", feature: true do
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -107,6 +115,7 @@ describe "Private Project Access", feature: true do
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -119,6 +128,7 @@ describe "Private Project Access", feature: true do
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -131,6 +141,7 @@ describe "Private Project Access", feature: true do
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -143,6 +154,7 @@ describe "Private Project Access", feature: true do
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -156,6 +168,7 @@ describe "Private Project Access", feature: true do
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -168,6 +181,7 @@ describe "Private Project Access", feature: true do
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -180,6 +194,7 @@ describe "Private Project Access", feature: true do
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -197,6 +212,7 @@ describe "Private Project Access", feature: true do
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -214,6 +230,7 @@ describe "Private Project Access", feature: true do
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
......@@ -226,6 +243,7 @@ describe "Private Project Access", feature: true do
it { is_expected.to be_denied_for guest }
it { is_expected.to be_denied_for :user }
it { is_expected.to be_denied_for :external }
it { is_expected.to be_allowed_for external_team_member }
it { is_expected.to be_denied_for :visitor }
end
end
......@@ -217,7 +217,6 @@ describe User, models: true do
it "sets other properties aswell" do
expect(external_user.can_create_team).to be_falsey
expect(external_user.can_create_group).to be_falsey
expect(external_user.hide_project_limit).to be_truthy
expect(external_user.projects_limit).to be 0
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment