Merge branch 'settings-dropdown-permissions' into 'master'

Fix displaying of project settings links the user cannot access. ## What does this MR do? It fixes the Project Settings dropdown displaying project settings links that the user cannot actually access. ## Are there points in the code the reviewer needs to double check? I've tested combinations I can think of, feel free to mess around with and see if it breaks? ## Why was this MR needed? Users were seeing links in the Project Settings dropdown that they shouldn't have seen, if they clicked them they would be shown permission errors. ## What are the relevant issue numbers? #18294 ## Screenshots (if relevant) Users without any permissions: ![Screen_Shot_2016-06-10_at_10.41.27_AM](/uploads/b70ca18a36b5f774b85694d8f1728882/Screen_Shot_2016-06-10_at_10.41.27_AM.png) Guest members of the project: ![Screen_Shot_2016-06-10_at_10.48.36_AM](/uploads/a37986b4daa789063661c2fa8cf59d43/Screen_Shot_2016-06-10_at_10.48.36_AM.png) Full permissions: ![Screen_Shot_2016-06-10_at_10.41.57_AM](/uploads/4c5cc97962e69a1a72ee8e237591ec22/Screen_Shot_2016-06-10_at_10.41.57_AM.png) cc: @dzaporozhets @annabeldunstone @jschatz1 See merge request !4599

Merge branch 'settings-dropdown-permissions' into 'master'
Fix displaying of project settings links the user cannot access. ## What does this MR do? It fixes the Project Settings dropdown displaying project settings links that the user cannot actually access. ## Are there points in the code the reviewer needs to double check? I've tested combinations I can think of, feel free to mess around with and see if it breaks? ## Why was this MR needed? Users were seeing links in the Project Settings dropdown that they shouldn't have seen, if they clicked them they would be shown permission errors. ## What are the relevant issue numbers? #18294 ## Screenshots (if relevant) Users without any permissions: ![Screen_Shot_2016-06-10_at_10.41.27_AM](/uploads/b70ca18a36b5f774b85694d8f1728882/Screen_Shot_2016-06-10_at_10.41.27_AM.png) Guest members of the project: ![Screen_Shot_2016-06-10_at_10.48.36_AM](/uploads/a37986b4daa789063661c2fa8cf59d43/Screen_Shot_2016-06-10_at_10.48.36_AM.png) Full permissions: ![Screen_Shot_2016-06-10_at_10.41.57_AM](/uploads/4c5cc97962e69a1a72ee8e237591ec22/Screen_Shot_2016-06-10_at_10.41.57_AM.png) cc: @dzaporozhets @annabeldunstone @jschatz1 See merge request !4599
d4cd6dca · Dmitriy Zaporozhets · 95a7fbe9 · 63900c1d · d4cd6dca · d4cd6dca
Commit d4cd6dca authored Jun 14, 2016 by Dmitriy Zaporozhets
Showing with 50 additions and 49 deletions

app/views/layouts/nav/_project.html.haml app/views/layouts/nav/_project.html.haml +14 -13

app/views/layouts/nav/_project_settings.html.haml app/views/layouts/nav/_project_settings.html.haml +36 -36

No files found.
--- a/app/views/layouts/nav/_project.html.haml
+++ b/app/views/layouts/nav/_project.html.haml
 - if current_user
+  - access = user_max_access_in_project(current_user.id, @project)
+  - can_edit = can?(current_user, :admin_project, @project)
  .controls
-    - access = user_max_access_in_project(current_user.id, @project)
-    - can_edit = can?(current_user, :admin_project, @project)
    .dropdown.project-settings-dropdown
      %a.dropdown-new.btn.btn-default#project-settings-button{href: '#', 'data-toggle' => 'dropdown'}
        = icon('cog')
        = icon('caret-down')
      %ul.dropdown-menu.dropdown-menu-align-right
-        = render 'layouts/nav/project_settings'
-        %li.divider
-        - if can_edit
-          %li
-            = link_to edit_project_path(@project) do
-              Edit Project
-        - if access
-          %li
-            = link_to leave_namespace_project_project_members_path(@project.namespace, @project),
-              data: { confirm: leave_project_message(@project) }, method: :delete, title: 'Leave project' do
-              Leave Project
+        = render 'layouts/nav/project_settings', access: access, can_edit: can_edit
+        - if can_edit || access
+          %li.divider
+          - if can_edit
+            %li
+              = link_to edit_project_path(@project) do
+                Edit Project
+          - if access
+            %li
+              = link_to leave_namespace_project_project_members_path(@project.namespace, @project),
+                data: { confirm: leave_project_message(@project) }, method: :delete, title: 'Leave project' do
+                Leave Project

 %div{ class: nav_control_class }
  %ul.nav-links.scrolling-tabs

--- a/app/views/layouts/nav/_project_settings.html.haml
+++ b/app/views/layouts/nav/_project_settings.html.haml
@@ -3,43 +3,43 @@
    = link_to namespace_project_project_members_path(@project.namespace, @project), title: 'Members', class: 'team-tab tab' do
      %span
        Members
-
- if @project.allowed_to_share_with_group?
-  = nav_link(controller: :group_links) do
-    = link_to namespace_project_group_links_path(@project.namespace, @project), title: "Groups" do
-      %span
-        Groups
-= nav_link(controller: :deploy_keys) do
-  = link_to namespace_project_deploy_keys_path(@project.namespace, @project), title: 'Deploy Keys' do
-    %span
-      Deploy Keys
-= nav_link(controller: :hooks) do
-  = link_to namespace_project_hooks_path(@project.namespace, @project), title: 'Webhooks' do
-    %span
-      Webhooks
-= nav_link(controller: :services) do
-  = link_to namespace_project_services_path(@project.namespace, @project), title: 'Services' do
-    %span
-      Services
-= nav_link(controller: :protected_branches) do
-  = link_to namespace_project_protected_branches_path(@project.namespace, @project), title: 'Protected Branches' do
-    %span
-      Protected Branches
-
- if @project.builds_enabled?
-  = nav_link(controller: :runners) do
-    = link_to namespace_project_runners_path(@project.namespace, @project), title: 'Runners' do
+- if access && can_edit
+  - if @project.allowed_to_share_with_group?
+    = nav_link(controller: :group_links) do
+      = link_to namespace_project_group_links_path(@project.namespace, @project), title: "Groups" do
+        %span
+          Groups
+  = nav_link(controller: :deploy_keys) do
+    = link_to namespace_project_deploy_keys_path(@project.namespace, @project), title: 'Deploy Keys' do
      %span
-        Runners
-  = nav_link(controller: :variables) do
-    = link_to namespace_project_variables_path(@project.namespace, @project), title: 'Variables' do
+        Deploy Keys
+  = nav_link(controller: :hooks) do
+    = link_to namespace_project_hooks_path(@project.namespace, @project), title: 'Webhooks' do
      %span
-        Variables
-  = nav_link(controller: :triggers) do
-    = link_to namespace_project_triggers_path(@project.namespace, @project), title: 'Triggers' do
+        Webhooks
+  = nav_link(controller: :services) do
+    = link_to namespace_project_services_path(@project.namespace, @project), title: 'Services' do
      %span
-        Triggers
-  = nav_link(controller: :badges) do
-    = link_to namespace_project_badges_path(@project.namespace, @project), title: 'Badges' do
+        Services
+  = nav_link(controller: :protected_branches) do
+    = link_to namespace_project_protected_branches_path(@project.namespace, @project), title: 'Protected Branches' do
      %span
-        Badges
+        Protected Branches
+
+  - if @project.builds_enabled?
+    = nav_link(controller: :runners) do
+      = link_to namespace_project_runners_path(@project.namespace, @project), title: 'Runners' do
+        %span
+          Runners
+    = nav_link(controller: :variables) do
+      = link_to namespace_project_variables_path(@project.namespace, @project), title: 'Variables' do
+        %span
+          Variables
+    = nav_link(controller: :triggers) do
+      = link_to namespace_project_triggers_path(@project.namespace, @project), title: 'Triggers' do
+        %span
+          Triggers
+    = nav_link(controller: :badges) do
+      = link_to namespace_project_badges_path(@project.namespace, @project), title: 'Badges' do
+        %span
+          Badges