Commit e785b9d2 authored by Stan Hu's avatar Stan Hu

Fix Error 500 when one user attempts to access a personal, internal snippet

Closes #1815
parent 74a6732c
...@@ -9,6 +9,7 @@ v 7.13.0 (unreleased) ...@@ -9,6 +9,7 @@ v 7.13.0 (unreleased)
- Update ssl_ciphers in Nginx example to remove DHE settings. This will deny forward secrecy for Android 2.3.7, Java 6 and OpenSSL 0.9.8 - Update ssl_ciphers in Nginx example to remove DHE settings. This will deny forward secrecy for Android 2.3.7, Java 6 and OpenSSL 0.9.8
v 7.12.0 (unreleased) v 7.12.0 (unreleased)
- Fix Error 500 when one user attempts to access a personal, internal snippet (Stan Hu)
- Fix post-receive errors on a push when an external issue tracker is configured (Stan Hu) - Fix post-receive errors on a push when an external issue tracker is configured (Stan Hu)
- Update oauth button logos for Twitter and Google to recommended assets - Update oauth button logos for Twitter and Google to recommended assets
- Fix hooks for web based events with external issue references (Daniel Gerhardt) - Fix hooks for web based events with external issue references (Daniel Gerhardt)
......
...@@ -263,7 +263,7 @@ class Ability ...@@ -263,7 +263,7 @@ class Ability
:"modify_#{name}", :"modify_#{name}",
] ]
else else
if subject.respond_to?(:project) if subject.respond_to?(:project) && subject.project
project_abilities(user, subject.project) project_abilities(user, subject.project)
else else
[] []
......
...@@ -26,3 +26,14 @@ Feature: Snippets ...@@ -26,3 +26,14 @@ Feature: Snippets
Given I visit snippet page "Personal snippet one" Given I visit snippet page "Personal snippet one"
And I click link "Destroy" And I click link "Destroy"
Then I should not see "Personal snippet one" in snippets Then I should not see "Personal snippet one" in snippets
Scenario: I create new internal snippet
Given I logout directly
And I sign in as an admin
Then I visit new snippet page
And I submit new internal snippet
Then I visit snippet page "Internal personal snippet one"
And I logout directly
Then I sign in as a user
Given I visit new snippet page
Then I visit snippet page "Internal personal snippet one"
...@@ -28,6 +28,10 @@ module SharedAuthentication ...@@ -28,6 +28,10 @@ module SharedAuthentication
logout logout
end end
step "I logout directly" do
logout_direct
end
def current_user def current_user
@user || User.first @user || User.first
end end
......
...@@ -31,6 +31,18 @@ class Spinach::Features::Snippets < Spinach::FeatureSteps ...@@ -31,6 +31,18 @@ class Spinach::Features::Snippets < Spinach::FeatureSteps
click_button "Create snippet" click_button "Create snippet"
end end
step 'I submit new internal snippet' do
fill_in "personal_snippet_title", :with => "Internal personal snippet one"
fill_in "personal_snippet_file_name", :with => "my_snippet.rb"
choose 'personal_snippet_visibility_level_10'
page.within('.file-editor') do
find(:xpath, "//input[@id='personal_snippet_content']").set 'Content of internal snippet'
end
click_button "Create snippet"
end
step 'I should see snippet "Personal snippet three"' do step 'I should see snippet "Personal snippet three"' do
expect(page).to have_content "Personal snippet three" expect(page).to have_content "Personal snippet three"
expect(page).to have_content "Content of snippet three" expect(page).to have_content "Content of snippet three"
...@@ -58,7 +70,15 @@ class Spinach::Features::Snippets < Spinach::FeatureSteps ...@@ -58,7 +70,15 @@ class Spinach::Features::Snippets < Spinach::FeatureSteps
visit snippet_path(snippet) visit snippet_path(snippet)
end end
step 'I visit snippet page "Internal personal snippet one"' do
visit snippet_path(internal_snippet)
end
def snippet def snippet
@snippet ||= PersonalSnippet.find_by!(title: "Personal snippet one") @snippet ||= PersonalSnippet.find_by!(title: "Personal snippet one")
end end
def internal_snippet
@snippet ||= PersonalSnippet.find_by!(title: "Internal personal snippet one")
end
end end
...@@ -39,4 +39,9 @@ module LoginHelpers ...@@ -39,4 +39,9 @@ module LoginHelpers
def logout def logout
find(:css, ".fa.fa-sign-out").click find(:css, ".fa.fa-sign-out").click
end end
# Logout without JavaScript driver
def logout_direct
page.driver.submit :delete, '/users/sign_out', {}
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment