Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
0a384b40
Commit
0a384b40
authored
Apr 02, 2018
by
Douwe Maan
Committed by
Bob Van Landuyt
Apr 10, 2018
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Remove edit_note and update_note abilities in favor of admin_note
parent
a3411e7e
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
3 additions
and
77 deletions
+3
-77
app/helpers/notes_helper.rb
app/helpers/notes_helper.rb
+0
-4
app/models/ability.rb
app/models/ability.rb
+0
-4
app/policies/issuable_policy.rb
app/policies/issuable_policy.rb
+0
-2
app/policies/note_policy.rb
app/policies/note_policy.rb
+1
-5
app/serializers/note_entity.rb
app/serializers/note_entity.rb
+1
-1
app/views/shared/notes/_note.html.haml
app/views/shared/notes/_note.html.haml
+1
-1
spec/models/ability_spec.rb
spec/models/ability_spec.rb
+0
-56
spec/policies/note_policy_spec.rb
spec/policies/note_policy_spec.rb
+0
-4
No files found.
app/helpers/notes_helper.rb
View file @
0a384b40
...
...
@@ -8,10 +8,6 @@ module NotesHelper
end
end
def
note_editable?
(
note
)
Ability
.
can_edit_note?
(
current_user
,
note
)
end
def
note_supports_quick_actions?
(
note
)
Notes
::
QuickActionsService
.
supported?
(
note
)
end
...
...
app/models/ability.rb
View file @
0a384b40
...
...
@@ -46,10 +46,6 @@ class Ability
end
end
def
can_edit_note?
(
user
,
note
)
allowed?
(
user
,
:edit_note
,
note
)
end
def
allowed?
(
user
,
action
,
subject
=
:global
,
opts
=
{})
if
subject
.
is_a?
(
Hash
)
opts
,
subject
=
subject
,
:global
...
...
app/policies/issuable_policy.rb
View file @
0a384b40
...
...
@@ -18,9 +18,7 @@ class IssuablePolicy < BasePolicy
rule
{
locked
&
~
is_project_member
}.
policy
do
prevent
:create_note
prevent
:update_note
prevent
:admin_note
prevent
:resolve_note
prevent
:edit_note
end
end
app/policies/note_policy.rb
View file @
0a384b40
...
...
@@ -8,14 +8,10 @@ class NotePolicy < BasePolicy
condition
(
:editable
,
scope: :subject
)
{
@subject
.
editable?
}
rule
{
~
editable
|
anonymous
}.
prevent
:edit_note
rule
{
is_author
|
admin
}.
enable
:edit_note
rule
{
can?
(
:master_access
)
}.
enable
:edit_note
rule
{
~
editable
}.
prevent
:admin_note
rule
{
is_author
}.
policy
do
enable
:read_note
enable
:update_note
enable
:admin_note
enable
:resolve_note
end
...
...
app/serializers/note_entity.rb
View file @
0a384b40
...
...
@@ -15,7 +15,7 @@ class NoteEntity < API::Entities::Note
expose
:current_user
do
expose
:can_edit
do
|
note
|
Ability
.
can_edit_note?
(
request
.
current_user
,
note
)
Ability
.
allowed?
(
request
.
current_user
,
:admin_note
,
note
)
end
end
...
...
app/views/shared/notes/_note.html.haml
View file @
0a384b40
...
...
@@ -2,7 +2,7 @@
-
return
if
note
.
cross_reference_not_visible_for?
(
current_user
)
-
show_image_comment_badge
=
local_assigns
.
fetch
(
:show_image_comment_badge
,
false
)
-
note_editable
=
note_editable?
(
note
)
-
note_editable
=
can?
(
current_user
,
:admin_note
,
note
)
-
note_counter
=
local_assigns
.
fetch
(
:note_counter
,
0
)
%li
.timeline-entry
{
id:
dom_id
(
note
),
...
...
spec/models/ability_spec.rb
View file @
0a384b40
...
...
@@ -7,62 +7,6 @@ describe Ability do
end
end
describe
'.can_edit_note?'
do
let
(
:project
)
{
create
(
:project
)
}
let
(
:note
)
{
create
(
:note_on_issue
,
project:
project
)
}
context
'using an anonymous user'
do
it
'returns false'
do
expect
(
described_class
.
can_edit_note?
(
nil
,
note
)).
to
be_falsy
end
end
context
'using a system note'
do
it
'returns false'
do
system_note
=
create
(
:note
,
system:
true
)
user
=
create
(
:user
)
expect
(
described_class
.
can_edit_note?
(
user
,
system_note
)).
to
be_falsy
end
end
context
'using users with different access levels'
do
let
(
:user
)
{
create
(
:user
)
}
it
'returns true for the author'
do
expect
(
described_class
.
can_edit_note?
(
note
.
author
,
note
)).
to
be_truthy
end
it
'returns false for a guest user'
do
project
.
add_guest
(
user
)
expect
(
described_class
.
can_edit_note?
(
user
,
note
)).
to
be_falsy
end
it
'returns false for a developer'
do
project
.
add_developer
(
user
)
expect
(
described_class
.
can_edit_note?
(
user
,
note
)).
to
be_falsy
end
it
'returns true for a master'
do
project
.
add_master
(
user
)
expect
(
described_class
.
can_edit_note?
(
user
,
note
)).
to
be_truthy
end
it
'returns true for a group owner'
do
group
=
create
(
:group
)
project
.
project_group_links
.
create
(
group:
group
,
group_access:
Gitlab
::
Access
::
MASTER
)
group
.
add_owner
(
user
)
expect
(
described_class
.
can_edit_note?
(
user
,
note
)).
to
be_truthy
end
end
end
describe
'.users_that_can_read_project'
do
context
'using a public project'
do
it
'returns all the users'
do
...
...
spec/policies/note_policy_spec.rb
View file @
0a384b40
...
...
@@ -18,7 +18,6 @@ describe NotePolicy, mdoels: true do
context
'when the project is public'
do
context
'when the note author is not a project member'
do
it
'can edit a note'
do
expect
(
policies
).
to
be_allowed
(
:update_note
)
expect
(
policies
).
to
be_allowed
(
:admin_note
)
expect
(
policies
).
to
be_allowed
(
:resolve_note
)
expect
(
policies
).
to
be_allowed
(
:read_note
)
...
...
@@ -29,7 +28,6 @@ describe NotePolicy, mdoels: true do
it
'can edit note'
do
policies
=
policies
(
create
(
:project_snippet
,
project:
project
))
expect
(
policies
).
to
be_allowed
(
:update_note
)
expect
(
policies
).
to
be_allowed
(
:admin_note
)
expect
(
policies
).
to
be_allowed
(
:resolve_note
)
expect
(
policies
).
to
be_allowed
(
:read_note
)
...
...
@@ -47,7 +45,6 @@ describe NotePolicy, mdoels: true do
end
it
'can edit a note'
do
expect
(
policies
).
to
be_allowed
(
:update_note
)
expect
(
policies
).
to
be_allowed
(
:admin_note
)
expect
(
policies
).
to
be_allowed
(
:resolve_note
)
expect
(
policies
).
to
be_allowed
(
:read_note
)
...
...
@@ -56,7 +53,6 @@ describe NotePolicy, mdoels: true do
context
'when the note author is not a project member'
do
it
'can not edit a note'
do
expect
(
policies
).
to
be_disallowed
(
:update_note
)
expect
(
policies
).
to
be_disallowed
(
:admin_note
)
expect
(
policies
).
to
be_disallowed
(
:resolve_note
)
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment