Skip to content

G
gitlab-ce
Commit baeeb272 authored by Etienne Baqué's avatar Etienne Baqué
Browse files
Options

Added restriction for guest on Release page 

Added restriction for evidence in Release API.
Added restriction in Release controller.
Added relevant tests.
parent 3cb5e9e0
Hide whitespace changes
Inline Side-by-side
Showing with 29 additions and 10 deletions
app/controllers/projects/releases_controller.rb
View file @ baeeb272
...@@ -10,6 +10,7 @@ class Projects::ReleasesController < Projects::ApplicationController ...@@ -10,6 +10,7 @@ class Projects::ReleasesController < Projects::ApplicationController
push_frontend_feature_flag(:release_evidence_collection, project) push_frontend_feature_flag(:release_evidence_collection, project)
end end
before_action :authorize_update_release!, only: %i[edit update] before_action :authorize_update_release!, only: %i[edit update]
before_action :authorize_download_code!, only: [:evidence]
def index def index
respond_to do |format| respond_to do |format|
......
lib/api/entities.rb
View file @ baeeb272
...@@ -1319,7 +1319,7 @@ module API ...@@ -1319,7 +1319,7 @@ module API
expose :milestones, using: Entities::Milestone, if: -> (release, _) { release.milestones.present? } expose :milestones, using: Entities::Milestone, if: -> (release, _) { release.milestones.present? }
expose :commit_path, expose_nil: false expose :commit_path, expose_nil: false
expose :tag_path, expose_nil: false expose :tag_path, expose_nil: false
expose :evidence_sha, expose_nil: false expose :evidence_sha, expose_nil: false, if: ->(_, _) { can_download_code? }
expose :assets do expose :assets do
expose :assets_count, as: :count do |release, _| expose :assets_count, as: :count do |release, _|
assets_to_exclude = can_download_code? ? [] : [:sources] assets_to_exclude = can_download_code? ? [] : [:sources]
...@@ -1329,7 +1329,7 @@ module API ...@@ -1329,7 +1329,7 @@ module API
expose :links, using: Entities::Releases::Link do |release, options| expose :links, using: Entities::Releases::Link do |release, options|
release.links.sorted release.links.sorted
end end
expose :evidence_file_path, expose_nil: false expose :evidence_file_path, expose_nil: false, if: ->(_, _) { can_download_code? }
end end
expose :_links do expose :_links do
expose :merge_requests_url, expose_nil: false expose :merge_requests_url, expose_nil: false
......
spec/controllers/projects/releases_controller_spec.rb
View file @ baeeb272
...@@ -184,19 +184,37 @@ describe Projects::ReleasesController do ...@@ -184,19 +184,37 @@ describe Projects::ReleasesController do
sign_in(user) sign_in(user)
end end
it 'returns the correct evidence summary as a json' do context 'when the user is a developer' do
subject it 'returns the correct evidence summary as a json' do
subject
expect(json_response).to eq(release.evidence.summary)
end
expect(json_response).to eq(release.evidence.summary) context 'when the release was created before evidence existed' do
it 'returns an empty json' do
release.evidence.destroy
subject
expect(json_response).to eq({})
end
end
end end
context 'when the release was created before evidence existed' do context 'when the user is a guest for the project' do
it 'returns an empty json' do before do
release.evidence.destroy project.add_guest(user)
end
subject context 'if the project is private' do
let(:project) { private_project }
it_behaves_like 'not found'
end
expect(json_response).to eq({}) context 'if the project is public' do
it_behaves_like 'successful request'
end end
end end
end end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7