Commit 66998f6d46ee778e6bde749e41f1d712b184a771
1 parent
e894e3ee
Exists in
master
and in
4 other branches
Allow non authenticated user access to public projects
Showing
9 changed files
with
79 additions
and
25 deletions
Show diff stats
app/assets/stylesheets/common.scss
app/controllers/projects/application_controller.rb
| 1 | 1 | class Projects::ApplicationController < ApplicationController |
| 2 | 2 | before_filter :project |
| 3 | 3 | before_filter :repository |
| 4 | - layout 'projects' | |
| 4 | + layout :determine_layout | |
| 5 | + | |
| 6 | + def authenticate_user! | |
| 7 | + # Restrict access to Projects area only | |
| 8 | + # for non-signed users | |
| 9 | + if !current_user | |
| 10 | + id = params[:project_id] || params[:id] | |
| 11 | + @project = Project.find_with_namespace(id) | |
| 12 | + | |
| 13 | + return if @project && @project.public | |
| 14 | + end | |
| 15 | + | |
| 16 | + super | |
| 17 | + end | |
| 18 | + | |
| 19 | + def determine_layout | |
| 20 | + if current_user | |
| 21 | + 'projects' | |
| 22 | + else | |
| 23 | + 'public' | |
| 24 | + end | |
| 25 | + end | |
| 5 | 26 | end | ... | ... |
app/controllers/projects_controller.rb
| 1 | 1 | class ProjectsController < Projects::ApplicationController |
| 2 | + skip_before_filter :authenticate_user!, only: [:show] | |
| 2 | 3 | skip_before_filter :project, only: [:new, :create] |
| 3 | 4 | skip_before_filter :repository, only: [:new, :create] |
| 4 | 5 | |
| ... | ... | @@ -54,6 +55,8 @@ class ProjectsController < Projects::ApplicationController |
| 54 | 55 | end |
| 55 | 56 | |
| 56 | 57 | def show |
| 58 | + return authenticate_user! unless @project.public | |
| 59 | + | |
| 57 | 60 | limit = (params[:limit] || 20).to_i |
| 58 | 61 | |
| 59 | 62 | @events = @project.events.recent |
| ... | ... | @@ -69,8 +72,10 @@ class ProjectsController < Projects::ApplicationController |
| 69 | 72 | if @project.empty_repo? |
| 70 | 73 | render "projects/empty" |
| 71 | 74 | else |
| 72 | - @last_push = current_user.recent_push(@project.id) | |
| 73 | - render :show | |
| 75 | + if current_user | |
| 76 | + @last_push = current_user.recent_push(@project.id) | |
| 77 | + end | |
| 78 | + render :show, layout: current_user ? "project" : "public" | |
| 74 | 79 | end |
| 75 | 80 | end |
| 76 | 81 | format.js | ... | ... |
app/helpers/application_helper.rb
| ... | ... | @@ -90,6 +90,8 @@ module ApplicationHelper |
| 90 | 90 | end |
| 91 | 91 | |
| 92 | 92 | def search_autocomplete_source |
| 93 | + return unless current_user | |
| 94 | + | |
| 93 | 95 | projects = current_user.authorized_projects.map { |p| { label: "project: #{simple_sanitize(p.name_with_namespace)}", url: project_path(p) } } |
| 94 | 96 | groups = current_user.authorized_groups.map { |group| { label: "group: #{simple_sanitize(group.name)}", url: group_path(group) } } |
| 95 | 97 | ... | ... |
app/models/ability.rb
| 1 | 1 | class Ability |
| 2 | 2 | class << self |
| 3 | 3 | def allowed(user, subject) |
| 4 | + return not_auth_abilities(user, subject) if user.nil? | |
| 4 | 5 | return [] unless user.kind_of?(User) |
| 5 | 6 | return [] if user.blocked? |
| 6 | 7 | |
| ... | ... | @@ -17,6 +18,24 @@ class Ability |
| 17 | 18 | end.concat(global_abilities(user)) |
| 18 | 19 | end |
| 19 | 20 | |
| 21 | + # List of possible abilities | |
| 22 | + # for non-authenticated user | |
| 23 | + def not_auth_abilities(user, subject) | |
| 24 | + project = if subject.kind_of?(Project) | |
| 25 | + subject | |
| 26 | + elsif subject.respond_to?(:project) | |
| 27 | + subject.project | |
| 28 | + else | |
| 29 | + nil | |
| 30 | + end | |
| 31 | + | |
| 32 | + if project && project.public | |
| 33 | + public_project_rules | |
| 34 | + else | |
| 35 | + [] | |
| 36 | + end | |
| 37 | + end | |
| 38 | + | |
| 20 | 39 | def global_abilities(user) |
| 21 | 40 | rules = [] |
| 22 | 41 | rules << :create_group if user.can_create_group |
| ... | ... | @@ -58,19 +77,9 @@ class Ability |
| 58 | 77 | end |
| 59 | 78 | |
| 60 | 79 | def public_project_rules |
| 61 | - [ | |
| 80 | + project_guest_rules + [ | |
| 62 | 81 | :download_code, |
| 63 | 82 | :fork_project, |
| 64 | - :read_project, | |
| 65 | - :read_wiki, | |
| 66 | - :read_issue, | |
| 67 | - :read_milestone, | |
| 68 | - :read_project_snippet, | |
| 69 | - :read_team_member, | |
| 70 | - :read_merge_request, | |
| 71 | - :read_note, | |
| 72 | - :write_issue, | |
| 73 | - :write_note | |
| 74 | 83 | ] |
| 75 | 84 | end |
| 76 | 85 | ... | ... |
app/views/layouts/public.html.haml
| 1 | 1 | !!! 5 |
| 2 | 2 | %html{ lang: "en"} |
| 3 | 3 | = render "layouts/head", title: "Public Projects" |
| 4 | - %body{class: "#{app_theme} application", :'data-page' => body_data_page} | |
| 4 | + %body{class: "ui_mars application", :'data-page' => body_data_page} | |
| 5 | 5 | - if current_user |
| 6 | 6 | = render "layouts/head_panel", title: "Public Projects" |
| 7 | 7 | - else |
| ... | ... | @@ -13,7 +13,12 @@ |
| 13 | 13 | = link_to public_root_path, class: "home" do |
| 14 | 14 | %h1 GITLAB |
| 15 | 15 | %span.separator |
| 16 | - %h1.project_name Public Projects | |
| 16 | + %h1.project_name | |
| 17 | + - if @project | |
| 18 | + = project_title(@project) | |
| 19 | + - else | |
| 20 | + Public Projects | |
| 21 | + | |
| 17 | 22 | %ul.nav |
| 18 | 23 | %li |
| 19 | 24 | %a |
| ... | ... | @@ -21,8 +26,14 @@ |
| 21 | 26 | %i.icon-refresh.icon-spin |
| 22 | 27 | Loading... |
| 23 | 28 | %li |
| 24 | - = link_to "Sign in", new_session_path(:user) | |
| 29 | + = link_to "Sign in", new_session_path(:user), class: 'btn btn-sign-in' | |
| 30 | + | |
| 31 | + - if @project | |
| 32 | + %nav.main-nav | |
| 33 | + .container= render 'layouts/nav/project' | |
| 25 | 34 | |
| 26 | - .container.navless-container | |
| 27 | - .content | |
| 28 | - = yield | |
| 35 | + .container | |
| 36 | + .content= yield | |
| 37 | + - else | |
| 38 | + .container.navless-container | |
| 39 | + .content= yield | ... | ... |
app/views/projects/_clone_panel.html.haml
| ... | ... | @@ -5,7 +5,7 @@ |
| 5 | 5 | .span3.pull-right |
| 6 | 6 | .pull-right |
| 7 | 7 | - unless @project.empty_repo? |
| 8 | - - if can?(current_user, :fork_project, @project) && @project.namespace != current_user.namespace | |
| 8 | + - if current_user && can?(current_user, :fork_project, @project) && @project.namespace != current_user.namespace | |
| 9 | 9 | - if current_user.already_forked?(@project) |
| 10 | 10 | = link_to project_path(current_user.fork_of(@project)), class: 'btn grouped disabled' do |
| 11 | 11 | %i.icon-code-fork | ... | ... |
app/views/projects/commits/_head.html.haml
| ... | ... | @@ -21,7 +21,7 @@ |
| 21 | 21 | Stats |
| 22 | 22 | |
| 23 | 23 | |
| 24 | - - if current_controller?(:commits) && current_user.private_token | |
| 24 | + - if current_user && current_controller?(:commits) && current_user.private_token | |
| 25 | 25 | %li.pull-right |
| 26 | 26 | = link_to project_commits_path(@project, @ref, {format: :atom, private_token: current_user.private_token}), title: "Feed" do |
| 27 | 27 | %i.icon-rss | ... | ... |
app/views/projects/issues/_head.html.haml
| ... | ... | @@ -5,6 +5,7 @@ |
| 5 | 5 | = link_to 'Milestones', project_milestones_path(@project), class: "tab" |
| 6 | 6 | = nav_link(controller: :labels) do |
| 7 | 7 | = link_to 'Labels', project_labels_path(@project), class: "tab" |
| 8 | - %li.pull-right | |
| 9 | - = link_to project_issues_path(@project, :atom, { private_token: current_user.private_token }) do | |
| 10 | - %i.icon-rss | |
| 8 | + - if current_user | |
| 9 | + %li.pull-right | |
| 10 | + = link_to project_issues_path(@project, :atom, { private_token: current_user.private_token }) do | |
| 11 | + %i.icon-rss | ... | ... |