Commit 91571c07 authored by Ciro Santillli's avatar Ciro Santillli

User pages are visible to users without login

... if the user is authorized to at least one public project.
parent 1284f21c
......@@ -12,6 +12,7 @@ v 6.6.0
- Mobile UI improvements (Drew Blessing)
- Fix block/remove UI for admin::users#show page
- Show users' group membership on users' activity page
- User pages are visible without login if user is authorized to a public project
v 6.5.1
- Fix branch selectbox when create merge request from fork
......
......@@ -56,7 +56,7 @@ header {
font-size: 18px;
.app_logo { margin-left: -15px; }
.project_name {
.title {
display: inline-block;
overflow: hidden;
text-overflow: ellipsis;
......@@ -127,7 +127,7 @@ header {
* Project / Area name
*
*/
.project_name {
.title {
position: relative;
float: left;
margin: 0;
......@@ -227,7 +227,7 @@ header {
}
}
}
.project_name {
.title {
a {
color: #BBB;
&:hover {
......
class UsersController < ApplicationController
layout 'navless'
skip_before_filter :authenticate_user!, only: [:show]
layout :determine_layout
def show
@user = User.find_by!(username: params[:username])
@projects = @user.authorized_projects.where(id: current_user.authorized_projects.pluck(:id)).includes(:namespace)
@user = User.find_by_username!(params[:username])
@projects = @user.authorized_projects.includes(:namespace).select {|project| can?(current_user, :read_project, project)}
if !current_user && @projects.empty?
return authenticate_user!
end
@events = @user.recent_events.where(project_id: @projects.map(&:id)).limit(20)
@title = @user.name
end
def determine_layout
if current_user
'navless'
else
'public_users'
end
end
end
......@@ -44,3 +44,18 @@
%li Go to your project dashboard
%li Click on the "Edit" tab
%li Change "Visibility Level"
%h4 Visibility of users
The public page of users, located at
= succeed "," do
%code u/username
is visible if either:
%ul
%li
You are logged in.
%li
%p
You are logged out, and the target user is authorized to (is Guest, Reporter, etc.)
at least one public project.
%p Otherwise, you will be redirected to the sign in page.
When visiting the public page of an user, you will only see listed projects which you can view yourself.
......@@ -6,7 +6,7 @@
= link_to root_path, class: "home has_bottom_tooltip", title: "Dashboard" do
%h1 GITLAB
%span.separator
%h1.project_name= title
%h1.title= title
%button.navbar-toggle{"data-target" => ".navbar-collapse", "data-toggle" => "collapse", type: "button"}
%span.sr-only Toggle navigation
......
......@@ -6,11 +6,7 @@
= link_to public_root_path, class: "home" do
%h1 GITLAB
%span.separator
%h1.project_name
- if @project
= project_title(@project)
- else
Public Projects
%h1.title= title
.pull-right
= link_to "Sign in", new_session_path(:user), class: 'btn btn-sign-in btn-new'
......
......@@ -5,7 +5,6 @@
- if current_user
= render "layouts/head_panel", title: "Public Projects"
- else
= render "layouts/public_head_panel"
= render "layouts/public_head_panel", title: "Public Projects"
.container.navless-container
.content= yield
......@@ -2,8 +2,8 @@
%html{ lang: "en"}
= render "layouts/head", title: @project.name_with_namespace
%body{class: "#{app_theme} application", :'data-page' => body_data_page}
= render "layouts/public_head_panel"
%nav.main-nav.navbar-collapse.collapse
= render "layouts/public_head_panel", title: @project.name_with_namespace
%nav.main-nav
.container= render 'layouts/nav/project'
.container
.content= yield
!!! 5
%html{ lang: "en"}
= render "layouts/head", title: @title
%body{class: "#{app_theme} application", :'data-page' => body_data_page}
= render "layouts/public_head_panel", title: @title
.container.navless-container
.content= yield
......@@ -2,7 +2,7 @@ Feature: Admin Groups
Background:
Given I sign in as an admin
And I have group with projects
And Create gitlab user "John"
And Create user "John Doe"
And I visit admin groups page
Scenario: See group list
......@@ -17,5 +17,5 @@ Feature: Admin Groups
@javascript
Scenario: Add user into projects in group
When I visit admin group page
When I select user "John" from user list as "Reporter"
Then I should see "John" in team list in every project as "Reporter"
When I select user "John Doe" from user list as "Reporter"
Then I should see "John Doe" in team list in every project as "Reporter"
......@@ -21,10 +21,10 @@ Feature: Groups
@javascript
Scenario: I should add user to projects in Group
Given I have new user "John"
Given Create user "John Doe"
When I visit group members page
And I select user "John" from list with role "Reporter"
Then I should see user "John" in team list
And I select user "John Doe" from list with role "Reporter"
Then I should see user "John Doe" in team list
Scenario: I should see edit group page
When I visit group settings page
......
class AdminGroups < Spinach::FeatureSteps
include SharedAuthentication
include SharedPaths
include SharedUser
include SharedActiveTab
include Select2Helper
......@@ -20,10 +21,6 @@ class AdminGroups < Spinach::FeatureSteps
@project.team << [current_user, :master]
end
And 'Create gitlab user "John"' do
create(:user, name: "John")
end
And 'submit form with new group info' do
fill_in 'group_name', with: 'gitlab'
fill_in 'group_description', with: 'Group description'
......@@ -39,8 +36,8 @@ class AdminGroups < Spinach::FeatureSteps
current_path.should == admin_group_path(Group.last)
end
When 'I select user "John" from user list as "Reporter"' do
user = User.find_by(name: "John")
When 'I select user "John Doe" from user list as "Reporter"' do
user = User.find_by(name: "John Doe")
select2(user.id, from: "#user_ids", multiple: true)
within "#new_team_member" do
select "Reporter", from: "group_access"
......@@ -48,9 +45,9 @@ class AdminGroups < Spinach::FeatureSteps
click_button "Add users into group"
end
Then 'I should see "John" in team list in every project as "Reporter"' do
Then 'I should see "John Doe" in team list in every project as "Reporter"' do
within ".group-users-list" do
page.should have_content "John"
page.should have_content "John Doe"
page.should have_content "Reporter"
end
end
......
class Groups < Spinach::FeatureSteps
include SharedAuthentication
include SharedPaths
include SharedUser
include Select2Helper
Then 'I should see projects list' do
......@@ -34,12 +35,8 @@ class Groups < Spinach::FeatureSteps
end
end
Given 'I have new user "John"' do
create(:user, name: "John")
end
And 'I select user "John" from list with role "Reporter"' do
user = User.find_by(name: "John")
And 'I select user "John Doe" from list with role "Reporter"' do
user = User.find_by(name: "John Doe")
within ".users-group-form" do
select2(user.id, from: "#user_ids", multiple: true)
select "Reporter", from: "group_access"
......@@ -47,9 +44,9 @@ class Groups < Spinach::FeatureSteps
click_button "Add users into group"
end
Then 'I should see user "John" in team list' do
Then 'I should see user "John Doe" in team list' do
projects_with_access = find(".ui-box .well-list")
projects_with_access.should have_content("John")
projects_with_access.should have_content("John Doe")
end
Given 'project from group has issues assigned to me' do
......
......@@ -3,12 +3,8 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps
include SharedPaths
include SharedProject
step 'I should see project "Community"' do
page.should have_content "Community"
end
step 'I should not see project "Enterprise"' do
page.should_not have_content "Enterprise"
step 'public empty project "Empty Public Project"' do
create :empty_project, name: 'Empty Public Project', visibility_level: Gitlab::VisibilityLevel::PUBLIC
end
step 'I should see project "Empty Public Project"' do
......@@ -24,14 +20,6 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps
page.should have_content 'README.md'
end
step 'public project "Community"' do
create :project, name: 'Community', visibility_level: Gitlab::VisibilityLevel::PUBLIC
end
step 'public empty project "Empty Public Project"' do
create :empty_project, name: 'Empty Public Project', visibility_level: Gitlab::VisibilityLevel::PUBLIC
end
step 'I visit empty project page' do
project = Project.find_by(name: 'Empty Public Project')
visit project_path(project)
......@@ -60,10 +48,6 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps
end
end
step 'private project "Enterprise"' do
create :project, name: 'Enterprise'
end
step 'I visit project "Enterprise" page' do
project = Project.find_by(name: 'Enterprise')
visit project_path(project)
......@@ -75,18 +59,6 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps
end
end
step 'internal project "Internal"' do
create :project, name: 'Internal', visibility_level: Gitlab::VisibilityLevel::INTERNAL
end
step 'I should see project "Internal"' do
page.should have_content "Internal"
end
step 'I should not see project "Internal"' do
page.should_not have_content "Internal"
end
step 'I visit project "Internal" page' do
project = Project.find_by(name: 'Internal')
visit project_path(project)
......
......@@ -5,6 +5,14 @@ module SharedPaths
visit new_project_path
end
# ----------------------------------------
# User
# ----------------------------------------
step 'I visit user "John Doe" page' do
visit user_path("john_doe")
end
# ----------------------------------------
# Group
# ----------------------------------------
......
......@@ -65,4 +65,68 @@ module SharedProject
def current_project
@project ||= Project.first
end
# ----------------------------------------
# Visibility level
# ----------------------------------------
step 'private project "Enterprise"' do
create :project, name: 'Enterprise'
end
step 'I should see project "Enterprise"' do
page.should have_content "Enterprise"
end
step 'I should not see project "Enterprise"' do
page.should_not have_content "Enterprise"
end
step 'internal project "Internal"' do
create :project, name: 'Internal', visibility_level: Gitlab::VisibilityLevel::INTERNAL
end
step 'I should see project "Internal"' do
page.should have_content "Internal"
end
step 'I should not see project "Internal"' do
page.should_not have_content "Internal"
end
step 'public project "Community"' do
create :project, name: 'Community', visibility_level: Gitlab::VisibilityLevel::PUBLIC
end
step 'I should see project "Community"' do
page.should have_content "Community"
end
step 'I should not see project "Community"' do
page.should_not have_content "Community"
end
step '"John Doe" is authorized to private project "Enterprise"' do
user = User.find_by(name: "John Doe")
user ||= create(:user, name: "John Doe", username: "john_doe")
project = Project.find_by(name: "Enterprise")
project ||= create(:project, name: "Enterprise", namespace: user.namespace)
project.team << [user, :master]
end
step '"John Doe" is authorized to internal project "Internal"' do
user = User.find_by(name: "John Doe")
user ||= create(:user, name: "John Doe", username: "john_doe")
project = Project.find_by(name: "Internal")
project ||= create :project, name: 'Internal', visibility_level: Gitlab::VisibilityLevel::INTERNAL
project.team << [user, :master]
end
step '"John Doe" is authorized to public project "Community"' do
user = User.find_by(name: "John Doe")
user ||= create(:user, name: "John Doe", username: "john_doe")
project = Project.find_by(name: "Community")
project ||= create :project, name: 'Community', visibility_level: Gitlab::VisibilityLevel::PUBLIC
project.team << [user, :master]
end
end
module SharedUser
include Spinach::DSL
step 'Create user "John Doe"' do
create(:user, name: "John Doe", username: "john_doe")
end
step 'I sign in as "John Doe"' do
login_with(User.find_by(name: "John Doe"))
end
end
class Spinach::Features::User < Spinach::FeatureSteps
include SharedAuthentication
include SharedPaths
include SharedUser
include SharedProject
step 'I should see user "John Doe" page' do
expect(page.title).to match(/^\s*John Doe/)
end
end
Feature: User
Background:
Given Create user "John Doe"
And "John Doe" is authorized to private project "Enterprise"
# Signed out
Scenario: I visit user "John Doe" page while not signed in when he is authorized to a public project
Given "John Doe" is authorized to internal project "Internal"
And "John Doe" is authorized to public project "Community"
When I visit user "John Doe" page
Then I should see user "John Doe" page
And I should not see project "Enterprise"
And I should not see project "Internal"
And I should see project "Community"
Scenario: I visit user "John Doe" page while not signed in when he is not authorized to a public project
Given "John Doe" is authorized to internal project "Internal"
When I visit user "John Doe" page
Then I should be redirected to sign in page
# Signed in as someone else
Scenario: I visit user "John Doe" page while signed in as someone else when he is authorized to a public project
Given "John Doe" is authorized to public project "Community"
And "John Doe" is authorized to internal project "Internal"
And I sign in as a user
When I visit user "John Doe" page
Then I should see user "John Doe" page
And I should not see project "Enterprise"
And I should see project "Internal"
And I should see project "Community"
Scenario: I visit user "John Doe" page while signed in as someone else when he is not authorized to a public project
Given "John Doe" is authorized to internal project "Internal"
And I sign in as a user
When I visit user "John Doe" page
Then I should see user "John Doe" page
And I should not see project "Enterprise"
And I should see project "Internal"
And I should not see project "Community"
Scenario: I visit user "John Doe" page while signed in as someone else when he is not authorized to a project I can see
Given I sign in as a user
When I visit user "John Doe" page
Then I should see user "John Doe" page
And I should not see project "Enterprise"
And I should not see project "Internal"
And I should not see project "Community"
# Signed in as the user himself
Scenario: I visit user "John Doe" page while signed in as "John Doe" when he has a public project
Given "John Doe" is authorized to internal project "Internal"
And "John Doe" is authorized to public project "Community"
And I sign in as "John Doe"
When I visit user "John Doe" page
Then I should see user "John Doe" page
And I should see project "Enterprise"
And I should see project "Internal"
And I should see project "Community"
Scenario: I visit user "John Doe" page while signed in as "John Doe" when he has no public project
Given I sign in as "John Doe"
When I visit user "John Doe" page
Then I should see user "John Doe" page
And I should see project "Enterprise"
And I should not see project "Internal"
And I should not see project "Community"
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment