Commit 12c1bd34 authored by Alper Akgun's avatar Alper Akgun Committed by Mayra Cabrera

Onboarding project welcome viewing to be based on policy

parent aff5ebaf
...@@ -3,33 +3,37 @@ ...@@ -3,33 +3,37 @@
module EE module EE
module Registrations module Registrations
module WelcomeController module WelcomeController
extend ActiveSupport::Concern
extend ::Gitlab::Utils::Override extend ::Gitlab::Utils::Override
include ::Gitlab::Utils::StrongMemoize
TRIAL_ONBOARDING_BOARD_NAME = 'GitLab onboarding' TRIAL_ONBOARDING_BOARD_NAME = 'GitLab onboarding'
def trial_getting_started prepended do
project = learn_gitlab_project before_action :authorized_for_trial_onboarding!,
return access_denied! unless current_user.id == project.creator_id only: [
:trial_getting_started,
:trial_onboarding_board
]
end
def trial_getting_started
render locals: { learn_gitlab_project: learn_gitlab_project } render locals: { learn_gitlab_project: learn_gitlab_project }
end end
def trial_onboarding_board
board = learn_gitlab_project.boards.find_by_name(TRIAL_ONBOARDING_BOARD_NAME)
path = board ? project_board_path(learn_gitlab_project, board) : project_boards_path(learn_gitlab_project)
redirect_to path
end
def continuous_onboarding_getting_started def continuous_onboarding_getting_started
project = ::Project.find(params[:project_id]) project = ::Project.find(params[:project_id])
return access_denied! unless current_user.id == project.creator_id return access_denied! unless can?(current_user, :owner_access, project)
render locals: { project: project } render locals: { project: project }
end end
def trial_onboarding_board
project = learn_gitlab_project
return access_denied! unless current_user.id == project.creator_id
board = project.boards.find_by_name(TRIAL_ONBOARDING_BOARD_NAME)
path = board ? project_board_path(project, board) : project_boards_path(project)
redirect_to path
end
private private
override :update_params override :update_params
...@@ -58,8 +62,14 @@ module EE ...@@ -58,8 +62,14 @@ module EE
helpers.signup_onboarding_enabled? helpers.signup_onboarding_enabled?
end end
def authorized_for_trial_onboarding!
access_denied! unless can?(current_user, :owner_access, learn_gitlab_project)
end
def learn_gitlab_project def learn_gitlab_project
::Project.find(params[:learn_gitlab_project_id]) strong_memoize(:learn_gitlab_project) do
::Project.find(params[:learn_gitlab_project_id])
end
end end
end end
end end
......
...@@ -4,10 +4,12 @@ require 'spec_helper' ...@@ -4,10 +4,12 @@ require 'spec_helper'
RSpec.describe Registrations::WelcomeController do RSpec.describe Registrations::WelcomeController do
let_it_be(:user) { create(:user) } let_it_be(:user) { create(:user) }
let_it_be(:another_user) { create(:user) } let_it_be(:group) { create(:group) }
let_it_be(:project) { create(:project, creator: user) } let_it_be(:project) { create(:project) }
describe '#continuous_onboarding_getting_started' do describe '#continuous_onboarding_getting_started' do
let_it_be(:project) { create(:project, group: group) }
subject(:continuous_onboarding_getting_started) do subject(:continuous_onboarding_getting_started) do
get :continuous_onboarding_getting_started, params: { project_id: project.id } get :continuous_onboarding_getting_started, params: { project_id: project.id }
end end
...@@ -16,17 +18,19 @@ RSpec.describe Registrations::WelcomeController do ...@@ -16,17 +18,19 @@ RSpec.describe Registrations::WelcomeController do
it { is_expected.to redirect_to new_user_session_path } it { is_expected.to redirect_to new_user_session_path }
end end
context 'with the creator user signed in' do context 'with an owner user signed in' do
before do before do
sign_in(user) sign_in(user)
project.group.add_owner(user)
end end
it { is_expected.to render_template(:continuous_onboarding_getting_started) } it { is_expected.to render_template(:continuous_onboarding_getting_started) }
end end
context 'with any other user signed in except the creator' do context 'with a non-owner user signed in' do
before do before do
sign_in(another_user) sign_in(user)
project.group.add_maintainer(user)
end end
it { is_expected.to have_gitlab_http_status(:not_found) } it { is_expected.to have_gitlab_http_status(:not_found) }
...@@ -34,6 +38,8 @@ RSpec.describe Registrations::WelcomeController do ...@@ -34,6 +38,8 @@ RSpec.describe Registrations::WelcomeController do
end end
describe '#trial_getting_started' do describe '#trial_getting_started' do
let_it_be(:project) { create(:project, group: group) }
subject(:trial_getting_started) do subject(:trial_getting_started) do
get :trial_getting_started, params: { learn_gitlab_project_id: project.id } get :trial_getting_started, params: { learn_gitlab_project_id: project.id }
end end
...@@ -42,17 +48,19 @@ RSpec.describe Registrations::WelcomeController do ...@@ -42,17 +48,19 @@ RSpec.describe Registrations::WelcomeController do
it { is_expected.to redirect_to new_user_session_path } it { is_expected.to redirect_to new_user_session_path }
end end
context 'with the creator user signed in' do context 'with an owner user signed in' do
before do before do
sign_in(user) sign_in(user)
project.group.add_owner(user)
end end
it { is_expected.to render_template(:trial_getting_started) } it { is_expected.to render_template(:trial_getting_started) }
end end
context 'with any other user signed in except the creator' do context 'with a non-owner user signed' do
before do before do
sign_in(another_user) sign_in(user)
project.group.add_maintainer(user)
end end
it { is_expected.to have_gitlab_http_status(:not_found) } it { is_expected.to have_gitlab_http_status(:not_found) }
...@@ -60,6 +68,8 @@ RSpec.describe Registrations::WelcomeController do ...@@ -60,6 +68,8 @@ RSpec.describe Registrations::WelcomeController do
end end
describe '#trial_onboarding_board' do describe '#trial_onboarding_board' do
let_it_be(:project) { create(:project, group: group) }
subject(:trial_onboarding_board) do subject(:trial_onboarding_board) do
get :trial_onboarding_board, params: { learn_gitlab_project_id: project.id } get :trial_onboarding_board, params: { learn_gitlab_project_id: project.id }
end end
...@@ -68,17 +78,19 @@ RSpec.describe Registrations::WelcomeController do ...@@ -68,17 +78,19 @@ RSpec.describe Registrations::WelcomeController do
it { is_expected.to redirect_to new_user_session_path } it { is_expected.to redirect_to new_user_session_path }
end end
context 'with any other user signed in except the creator' do context 'with a non-owner user signin' do
before do before do
sign_in(another_user) sign_in(user)
project.group.add_maintainer(user)
end end
it { is_expected.to have_gitlab_http_status(:not_found) } it { is_expected.to have_gitlab_http_status(:not_found) }
end end
context 'with the creator user signed in' do context 'with an owner user signs in' do
before do before do
sign_in(user) sign_in(user)
project.group.add_owner(user)
end end
context 'gitlab onboarding project is not imported yet' do context 'gitlab onboarding project is not imported yet' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment