Commit 218c9742 authored by Kushal Pandya's avatar Kushal Pandya

Merge branch 'ap-14330-external-personal-snippets' into 'master'

Hide new snippet button from external users

Closes #14330

See merge request gitlab-org/gitlab!21718
parents cf42ec6d a958849e
......@@ -43,7 +43,7 @@
= f.check_box :external do
External
%p.light
External users cannot see internal or private projects unless access is explicitly granted. Also, external users cannot create projects or groups.
External users cannot see internal or private projects unless access is explicitly granted. Also, external users cannot create projects, groups, or personal snippets.
%row.hidden#warning_external_automatically_set.hidden
.badge.badge-warning.text-white
= _('Automatically marked as default internal user')
......@@ -3,6 +3,7 @@
- if current_user && current_user.snippets.any? || @snippets.any?
.page-title-controls
- if can?(current_user, :create_personal_snippet)
= link_to _("New snippet"), new_snippet_path, class: "btn btn-success", title: _("New snippet")
.top-area
......
- @hide_top_links = true
- page_title "Snippets"
- header_title "Snippets", dashboard_snippets_path
- button_path = new_snippet_path if can?(current_user, :create_personal_snippet)
= render 'dashboard/snippets_head'
- if current_user.snippets.exists?
......@@ -9,4 +10,4 @@
- if current_user.snippets.exists?
= render partial: 'shared/snippets/list', locals: { link_project: true }
- else
= render 'shared/empty_states/snippets', button_path: new_snippet_path
= render 'shared/empty_states/snippets', button_path: button_path
......@@ -8,7 +8,6 @@
- if can?(current_user, :create_project_snippet, @project)
.nav-controls
- if can?(current_user, :create_project_snippet, @project)
= link_to _("New snippet"), new_project_snippet_path(@project), class: "btn btn-success", title: _("New snippet")
= render 'shared/snippets/list'
......
......@@ -11,6 +11,7 @@
%p
= s_('SnippetsEmptyState|They can be either public or private.')
.text-center
- if button_path
= link_to s_('SnippetsEmptyState|New snippet'), button_path, class: 'btn btn-success', title: s_('SnippetsEmptyState|New snippet'), id: 'new_snippet_link'
- unless current_page?(dashboard_snippets_path)
= link_to s_('SnippetsEmptyState|Explore public snippets'), explore_snippets_path, class: 'btn btn-default', title: s_('SnippetsEmptyState|Explore public snippets')
......
......@@ -3,7 +3,7 @@
- current_user_empty_message_header = s_('UserProfile|You haven\'t created any snippets.')
- current_user_empty_message_description = s_('UserProfile|Snippets in GitLab can either be private, internal, or public.')
- primary_button_label = _('New snippet')
- primary_button_link = new_snippet_path
- primary_button_link = new_snippet_path if can?(current_user, :create_personal_snippet)
- visitor_empty_message = s_('UserProfile|No snippets found.')
.snippets-list-holder
......
---
title: Match external user new snippet button visibility to permissions
merge_request: 21718
author:
type: fixed
......@@ -253,7 +253,7 @@ project and should only have access to that project.
External users:
- Cannot create groups or projects.
- Cannot create groups, projects, or personal snippets.
- Can only access projects to which they are explicitly granted access,
thus hiding all other internal or private ones from them (like being
logged out).
......
......@@ -14,6 +14,11 @@ describe 'Dashboard snippets' do
end
it_behaves_like 'paginated snippets'
it 'shows new snippet button in header' do
parent_element = page.find('.page-title-controls')
expect(parent_element).to have_link('New snippet')
end
end
context 'when there are no project snippets', :js do
......@@ -30,6 +35,11 @@ describe 'Dashboard snippets' do
expect(element).to have_content("Snippets are small pieces of code or notes that you want to keep.")
expect(element.find('.svg-content img')['src']).to have_content('illustrations/snippets_empty')
end
it 'shows new snippet button in main content area' do
parent_element = page.find('.row.empty-state')
expect(parent_element).to have_link('New snippet')
end
end
context 'filtering by visibility' do
......@@ -78,4 +88,26 @@ describe 'Dashboard snippets' do
expect(page).to have_content(snippets[0].title)
end
end
context 'as an external user' do
let(:user) { create(:user, :external) }
before do
sign_in(user)
visit dashboard_snippets_path
end
context 'without snippets' do
it 'hides new snippet button' do
expect(page).not_to have_link('New snippet')
end
end
context 'with snippets' do
let!(:snippets) { create(:personal_snippet, author: user) }
it 'hides new snippet button' do
expect(page).not_to have_link('New snippet')
end
end
end
end
......@@ -6,30 +6,59 @@ describe 'Explore Snippets' do
let!(:public_snippet) { create(:personal_snippet, :public) }
let!(:internal_snippet) { create(:personal_snippet, :internal) }
let!(:private_snippet) { create(:personal_snippet, :private) }
let(:user) { nil }
it 'User should see snippets that are not private' do
sign_in create(:user)
before do
sign_in(user) if user
visit explore_snippets_path
end
context 'User' do
let(:user) { create(:user) }
it 'see snippets that are not private' do
expect(page).to have_content(public_snippet.title)
expect(page).to have_content(internal_snippet.title)
expect(page).not_to have_content(private_snippet.title)
end
it 'External user should see only public snippets' do
sign_in create(:user, :external)
visit explore_snippets_path
it 'shows new snippet button in header' do
parent_element = page.find('.page-title-controls')
expect(parent_element).to have_link('New snippet')
end
end
context 'External user' do
let(:user) { create(:user, :external) }
it 'see only public snippets' do
expect(page).to have_content(public_snippet.title)
expect(page).not_to have_content(internal_snippet.title)
expect(page).not_to have_content(private_snippet.title)
end
it 'Not authenticated user should see only public snippets' do
visit explore_snippets_path
context 'without snippets' do
before do
Snippet.delete_all
end
it 'hides new snippet button' do
expect(page).not_to have_link('New snippet')
end
end
context 'with snippets' do
it 'hides new snippet button' do
expect(page).not_to have_link('New snippet')
end
end
end
context 'Not authenticated user' do
it 'see only public snippets' do
expect(page).to have_content(public_snippet.title)
expect(page).not_to have_content(internal_snippet.title)
expect(page).not_to have_content(private_snippet.title)
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment