Commit 91571c07 authored by Ciro Santillli's avatar Ciro Santillli

User pages are visible to users without login

... if the user is authorized to at least one public project.
parent 1284f21c
...@@ -12,6 +12,7 @@ v 6.6.0 ...@@ -12,6 +12,7 @@ v 6.6.0
- Mobile UI improvements (Drew Blessing) - Mobile UI improvements (Drew Blessing)
- Fix block/remove UI for admin::users#show page - Fix block/remove UI for admin::users#show page
- Show users' group membership on users' activity page - Show users' group membership on users' activity page
- User pages are visible without login if user is authorized to a public project
v 6.5.1 v 6.5.1
- Fix branch selectbox when create merge request from fork - Fix branch selectbox when create merge request from fork
......
...@@ -56,7 +56,7 @@ header { ...@@ -56,7 +56,7 @@ header {
font-size: 18px; font-size: 18px;
.app_logo { margin-left: -15px; } .app_logo { margin-left: -15px; }
.project_name { .title {
display: inline-block; display: inline-block;
overflow: hidden; overflow: hidden;
text-overflow: ellipsis; text-overflow: ellipsis;
...@@ -127,7 +127,7 @@ header { ...@@ -127,7 +127,7 @@ header {
* Project / Area name * Project / Area name
* *
*/ */
.project_name { .title {
position: relative; position: relative;
float: left; float: left;
margin: 0; margin: 0;
...@@ -227,7 +227,7 @@ header { ...@@ -227,7 +227,7 @@ header {
} }
} }
} }
.project_name { .title {
a { a {
color: #BBB; color: #BBB;
&:hover { &:hover {
......
class UsersController < ApplicationController class UsersController < ApplicationController
layout 'navless'
skip_before_filter :authenticate_user!, only: [:show]
layout :determine_layout
def show def show
@user = User.find_by!(username: params[:username]) @user = User.find_by_username!(params[:username])
@projects = @user.authorized_projects.where(id: current_user.authorized_projects.pluck(:id)).includes(:namespace) @projects = @user.authorized_projects.includes(:namespace).select {|project| can?(current_user, :read_project, project)}
if !current_user && @projects.empty?
return authenticate_user!
end
@events = @user.recent_events.where(project_id: @projects.map(&:id)).limit(20) @events = @user.recent_events.where(project_id: @projects.map(&:id)).limit(20)
@title = @user.name @title = @user.name
end end
def determine_layout
if current_user
'navless'
else
'public_users'
end
end
end end
...@@ -44,3 +44,18 @@ ...@@ -44,3 +44,18 @@
%li Go to your project dashboard %li Go to your project dashboard
%li Click on the "Edit" tab %li Click on the "Edit" tab
%li Change "Visibility Level" %li Change "Visibility Level"
%h4 Visibility of users
The public page of users, located at
= succeed "," do
%code u/username
is visible if either:
%ul
%li
You are logged in.
%li
%p
You are logged out, and the target user is authorized to (is Guest, Reporter, etc.)
at least one public project.
%p Otherwise, you will be redirected to the sign in page.
When visiting the public page of an user, you will only see listed projects which you can view yourself.
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
= link_to root_path, class: "home has_bottom_tooltip", title: "Dashboard" do = link_to root_path, class: "home has_bottom_tooltip", title: "Dashboard" do
%h1 GITLAB %h1 GITLAB
%span.separator %span.separator
%h1.project_name= title %h1.title= title
%button.navbar-toggle{"data-target" => ".navbar-collapse", "data-toggle" => "collapse", type: "button"} %button.navbar-toggle{"data-target" => ".navbar-collapse", "data-toggle" => "collapse", type: "button"}
%span.sr-only Toggle navigation %span.sr-only Toggle navigation
......
...@@ -6,11 +6,7 @@ ...@@ -6,11 +6,7 @@
= link_to public_root_path, class: "home" do = link_to public_root_path, class: "home" do
%h1 GITLAB %h1 GITLAB
%span.separator %span.separator
%h1.project_name %h1.title= title
- if @project
= project_title(@project)
- else
Public Projects
.pull-right .pull-right
= link_to "Sign in", new_session_path(:user), class: 'btn btn-sign-in btn-new' = link_to "Sign in", new_session_path(:user), class: 'btn btn-sign-in btn-new'
......
...@@ -5,7 +5,6 @@ ...@@ -5,7 +5,6 @@
- if current_user - if current_user
= render "layouts/head_panel", title: "Public Projects" = render "layouts/head_panel", title: "Public Projects"
- else - else
= render "layouts/public_head_panel" = render "layouts/public_head_panel", title: "Public Projects"
.container.navless-container .container.navless-container
.content= yield .content= yield
...@@ -2,8 +2,8 @@ ...@@ -2,8 +2,8 @@
%html{ lang: "en"} %html{ lang: "en"}
= render "layouts/head", title: @project.name_with_namespace = render "layouts/head", title: @project.name_with_namespace
%body{class: "#{app_theme} application", :'data-page' => body_data_page} %body{class: "#{app_theme} application", :'data-page' => body_data_page}
= render "layouts/public_head_panel" = render "layouts/public_head_panel", title: @project.name_with_namespace
%nav.main-nav.navbar-collapse.collapse %nav.main-nav
.container= render 'layouts/nav/project' .container= render 'layouts/nav/project'
.container .container
.content= yield .content= yield
!!! 5
%html{ lang: "en"}
= render "layouts/head", title: @title
%body{class: "#{app_theme} application", :'data-page' => body_data_page}
= render "layouts/public_head_panel", title: @title
.container.navless-container
.content= yield
...@@ -2,7 +2,7 @@ Feature: Admin Groups ...@@ -2,7 +2,7 @@ Feature: Admin Groups
Background: Background:
Given I sign in as an admin Given I sign in as an admin
And I have group with projects And I have group with projects
And Create gitlab user "John" And Create user "John Doe"
And I visit admin groups page And I visit admin groups page
Scenario: See group list Scenario: See group list
...@@ -17,5 +17,5 @@ Feature: Admin Groups ...@@ -17,5 +17,5 @@ Feature: Admin Groups
@javascript @javascript
Scenario: Add user into projects in group Scenario: Add user into projects in group
When I visit admin group page When I visit admin group page
When I select user "John" from user list as "Reporter" When I select user "John Doe" from user list as "Reporter"
Then I should see "John" in team list in every project as "Reporter" Then I should see "John Doe" in team list in every project as "Reporter"
...@@ -21,10 +21,10 @@ Feature: Groups ...@@ -21,10 +21,10 @@ Feature: Groups
@javascript @javascript
Scenario: I should add user to projects in Group Scenario: I should add user to projects in Group
Given I have new user "John" Given Create user "John Doe"
When I visit group members page When I visit group members page
And I select user "John" from list with role "Reporter" And I select user "John Doe" from list with role "Reporter"
Then I should see user "John" in team list Then I should see user "John Doe" in team list
Scenario: I should see edit group page Scenario: I should see edit group page
When I visit group settings page When I visit group settings page
......
class AdminGroups < Spinach::FeatureSteps class AdminGroups < Spinach::FeatureSteps
include SharedAuthentication include SharedAuthentication
include SharedPaths include SharedPaths
include SharedUser
include SharedActiveTab include SharedActiveTab
include Select2Helper include Select2Helper
...@@ -20,10 +21,6 @@ class AdminGroups < Spinach::FeatureSteps ...@@ -20,10 +21,6 @@ class AdminGroups < Spinach::FeatureSteps
@project.team << [current_user, :master] @project.team << [current_user, :master]
end end
And 'Create gitlab user "John"' do
create(:user, name: "John")
end
And 'submit form with new group info' do And 'submit form with new group info' do
fill_in 'group_name', with: 'gitlab' fill_in 'group_name', with: 'gitlab'
fill_in 'group_description', with: 'Group description' fill_in 'group_description', with: 'Group description'
...@@ -39,8 +36,8 @@ class AdminGroups < Spinach::FeatureSteps ...@@ -39,8 +36,8 @@ class AdminGroups < Spinach::FeatureSteps
current_path.should == admin_group_path(Group.last) current_path.should == admin_group_path(Group.last)
end end
When 'I select user "John" from user list as "Reporter"' do When 'I select user "John Doe" from user list as "Reporter"' do
user = User.find_by(name: "John") user = User.find_by(name: "John Doe")
select2(user.id, from: "#user_ids", multiple: true) select2(user.id, from: "#user_ids", multiple: true)
within "#new_team_member" do within "#new_team_member" do
select "Reporter", from: "group_access" select "Reporter", from: "group_access"
...@@ -48,9 +45,9 @@ class AdminGroups < Spinach::FeatureSteps ...@@ -48,9 +45,9 @@ class AdminGroups < Spinach::FeatureSteps
click_button "Add users into group" click_button "Add users into group"
end end
Then 'I should see "John" in team list in every project as "Reporter"' do Then 'I should see "John Doe" in team list in every project as "Reporter"' do
within ".group-users-list" do within ".group-users-list" do
page.should have_content "John" page.should have_content "John Doe"
page.should have_content "Reporter" page.should have_content "Reporter"
end end
end end
......
class Groups < Spinach::FeatureSteps class Groups < Spinach::FeatureSteps
include SharedAuthentication include SharedAuthentication
include SharedPaths include SharedPaths
include SharedUser
include Select2Helper include Select2Helper
Then 'I should see projects list' do Then 'I should see projects list' do
...@@ -34,12 +35,8 @@ class Groups < Spinach::FeatureSteps ...@@ -34,12 +35,8 @@ class Groups < Spinach::FeatureSteps
end end
end end
Given 'I have new user "John"' do And 'I select user "John Doe" from list with role "Reporter"' do
create(:user, name: "John") user = User.find_by(name: "John Doe")
end
And 'I select user "John" from list with role "Reporter"' do
user = User.find_by(name: "John")
within ".users-group-form" do within ".users-group-form" do
select2(user.id, from: "#user_ids", multiple: true) select2(user.id, from: "#user_ids", multiple: true)
select "Reporter", from: "group_access" select "Reporter", from: "group_access"
...@@ -47,9 +44,9 @@ class Groups < Spinach::FeatureSteps ...@@ -47,9 +44,9 @@ class Groups < Spinach::FeatureSteps
click_button "Add users into group" click_button "Add users into group"
end end
Then 'I should see user "John" in team list' do Then 'I should see user "John Doe" in team list' do
projects_with_access = find(".ui-box .well-list") projects_with_access = find(".ui-box .well-list")
projects_with_access.should have_content("John") projects_with_access.should have_content("John Doe")
end end
Given 'project from group has issues assigned to me' do Given 'project from group has issues assigned to me' do
......
...@@ -3,12 +3,8 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps ...@@ -3,12 +3,8 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps
include SharedPaths include SharedPaths
include SharedProject include SharedProject
step 'I should see project "Community"' do step 'public empty project "Empty Public Project"' do
page.should have_content "Community" create :empty_project, name: 'Empty Public Project', visibility_level: Gitlab::VisibilityLevel::PUBLIC
end
step 'I should not see project "Enterprise"' do
page.should_not have_content "Enterprise"
end end
step 'I should see project "Empty Public Project"' do step 'I should see project "Empty Public Project"' do
...@@ -24,14 +20,6 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps ...@@ -24,14 +20,6 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps
page.should have_content 'README.md' page.should have_content 'README.md'
end end
step 'public project "Community"' do
create :project, name: 'Community', visibility_level: Gitlab::VisibilityLevel::PUBLIC
end
step 'public empty project "Empty Public Project"' do
create :empty_project, name: 'Empty Public Project', visibility_level: Gitlab::VisibilityLevel::PUBLIC
end
step 'I visit empty project page' do step 'I visit empty project page' do
project = Project.find_by(name: 'Empty Public Project') project = Project.find_by(name: 'Empty Public Project')
visit project_path(project) visit project_path(project)
...@@ -60,10 +48,6 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps ...@@ -60,10 +48,6 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps
end end
end end
step 'private project "Enterprise"' do
create :project, name: 'Enterprise'
end
step 'I visit project "Enterprise" page' do step 'I visit project "Enterprise" page' do
project = Project.find_by(name: 'Enterprise') project = Project.find_by(name: 'Enterprise')
visit project_path(project) visit project_path(project)
...@@ -75,18 +59,6 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps ...@@ -75,18 +59,6 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps
end end
end end
step 'internal project "Internal"' do
create :project, name: 'Internal', visibility_level: Gitlab::VisibilityLevel::INTERNAL
end
step 'I should see project "Internal"' do
page.should have_content "Internal"
end
step 'I should not see project "Internal"' do
page.should_not have_content "Internal"
end
step 'I visit project "Internal" page' do step 'I visit project "Internal" page' do
project = Project.find_by(name: 'Internal') project = Project.find_by(name: 'Internal')
visit project_path(project) visit project_path(project)
......
...@@ -5,6 +5,14 @@ module SharedPaths ...@@ -5,6 +5,14 @@ module SharedPaths
visit new_project_path visit new_project_path
end end
# ----------------------------------------
# User
# ----------------------------------------
step 'I visit user "John Doe" page' do
visit user_path("john_doe")
end
# ---------------------------------------- # ----------------------------------------
# Group # Group
# ---------------------------------------- # ----------------------------------------
......
...@@ -65,4 +65,68 @@ module SharedProject ...@@ -65,4 +65,68 @@ module SharedProject
def current_project def current_project
@project ||= Project.first @project ||= Project.first
end end
# ----------------------------------------
# Visibility level
# ----------------------------------------
step 'private project "Enterprise"' do
create :project, name: 'Enterprise'
end
step 'I should see project "Enterprise"' do
page.should have_content "Enterprise"
end
step 'I should not see project "Enterprise"' do
page.should_not have_content "Enterprise"
end
step 'internal project "Internal"' do
create :project, name: 'Internal', visibility_level: Gitlab::VisibilityLevel::INTERNAL
end
step 'I should see project "Internal"' do
page.should have_content "Internal"
end
step 'I should not see project "Internal"' do
page.should_not have_content "Internal"
end
step 'public project "Community"' do
create :project, name: 'Community', visibility_level: Gitlab::VisibilityLevel::PUBLIC
end
step 'I should see project "Community"' do
page.should have_content "Community"
end
step 'I should not see project "Community"' do
page.should_not have_content "Community"
end
step '"John Doe" is authorized to private project "Enterprise"' do
user = User.find_by(name: "John Doe")
user ||= create(:user, name: "John Doe", username: "john_doe")
project = Project.find_by(name: "Enterprise")
project ||= create(:project, name: "Enterprise", namespace: user.namespace)
project.team << [user, :master]
end
step '"John Doe" is authorized to internal project "Internal"' do
user = User.find_by(name: "John Doe")
user ||= create(:user, name: "John Doe", username: "john_doe")
project = Project.find_by(name: "Internal")
project ||= create :project, name: 'Internal', visibility_level: Gitlab::VisibilityLevel::INTERNAL
project.team << [user, :master]
end
step '"John Doe" is authorized to public project "Community"' do
user = User.find_by(name: "John Doe")
user ||= create(:user, name: "John Doe", username: "john_doe")
project = Project.find_by(name: "Community")
project ||= create :project, name: 'Community', visibility_level: Gitlab::VisibilityLevel::PUBLIC
project.team << [user, :master]
end
end end
module SharedUser
include Spinach::DSL
step 'Create user "John Doe"' do
create(:user, name: "John Doe", username: "john_doe")
end
step 'I sign in as "John Doe"' do
login_with(User.find_by(name: "John Doe"))
end
end
class Spinach::Features::User < Spinach::FeatureSteps
include SharedAuthentication
include SharedPaths
include SharedUser
include SharedProject
step 'I should see user "John Doe" page' do
expect(page.title).to match(/^\s*John Doe/)
end
end
Feature: User
Background:
Given Create user "John Doe"
And "John Doe" is authorized to private project "Enterprise"
# Signed out
Scenario: I visit user "John Doe" page while not signed in when he is authorized to a public project
Given "John Doe" is authorized to internal project "Internal"
And "John Doe" is authorized to public project "Community"
When I visit user "John Doe" page
Then I should see user "John Doe" page
And I should not see project "Enterprise"
And I should not see project "Internal"
And I should see project "Community"
Scenario: I visit user "John Doe" page while not signed in when he is not authorized to a public project
Given "John Doe" is authorized to internal project "Internal"
When I visit user "John Doe" page
Then I should be redirected to sign in page
# Signed in as someone else
Scenario: I visit user "John Doe" page while signed in as someone else when he is authorized to a public project
Given "John Doe" is authorized to public project "Community"
And "John Doe" is authorized to internal project "Internal"
And I sign in as a user
When I visit user "John Doe" page
Then I should see user "John Doe" page
And I should not see project "Enterprise"
And I should see project "Internal"
And I should see project "Community"
Scenario: I visit user "John Doe" page while signed in as someone else when he is not authorized to a public project
Given "John Doe" is authorized to internal project "Internal"
And I sign in as a user
When I visit user "John Doe" page
Then I should see user "John Doe" page
And I should not see project "Enterprise"
And I should see project "Internal"
And I should not see project "Community"
Scenario: I visit user "John Doe" page while signed in as someone else when he is not authorized to a project I can see
Given I sign in as a user
When I visit user "John Doe" page
Then I should see user "John Doe" page
And I should not see project "Enterprise"
And I should not see project "Internal"
And I should not see project "Community"
# Signed in as the user himself
Scenario: I visit user "John Doe" page while signed in as "John Doe" when he has a public project
Given "John Doe" is authorized to internal project "Internal"
And "John Doe" is authorized to public project "Community"
And I sign in as "John Doe"
When I visit user "John Doe" page
Then I should see user "John Doe" page
And I should see project "Enterprise"
And I should see project "Internal"
And I should see project "Community"
Scenario: I visit user "John Doe" page while signed in as "John Doe" when he has no public project
Given I sign in as "John Doe"
When I visit user "John Doe" page
Then I should see user "John Doe" page
And I should see project "Enterprise"
And I should not see project "Internal"
And I should not see project "Community"
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment