Commit 66998f6d46ee778e6bde749e41f1d712b184a771
1 parent
e894e3ee
Exists in
master
and in
4 other branches
Allow non authenticated user access to public projects
Showing
9 changed files
with
79 additions
and
25 deletions
Show diff stats
app/assets/stylesheets/common.scss
app/controllers/projects/application_controller.rb
| 1 | class Projects::ApplicationController < ApplicationController | 1 | class Projects::ApplicationController < ApplicationController |
| 2 | before_filter :project | 2 | before_filter :project |
| 3 | before_filter :repository | 3 | before_filter :repository |
| 4 | - layout 'projects' | 4 | + layout :determine_layout |
| 5 | + | ||
| 6 | + def authenticate_user! | ||
| 7 | + # Restrict access to Projects area only | ||
| 8 | + # for non-signed users | ||
| 9 | + if !current_user | ||
| 10 | + id = params[:project_id] || params[:id] | ||
| 11 | + @project = Project.find_with_namespace(id) | ||
| 12 | + | ||
| 13 | + return if @project && @project.public | ||
| 14 | + end | ||
| 15 | + | ||
| 16 | + super | ||
| 17 | + end | ||
| 18 | + | ||
| 19 | + def determine_layout | ||
| 20 | + if current_user | ||
| 21 | + 'projects' | ||
| 22 | + else | ||
| 23 | + 'public' | ||
| 24 | + end | ||
| 25 | + end | ||
| 5 | end | 26 | end |
app/controllers/projects_controller.rb
| 1 | class ProjectsController < Projects::ApplicationController | 1 | class ProjectsController < Projects::ApplicationController |
| 2 | + skip_before_filter :authenticate_user!, only: [:show] | ||
| 2 | skip_before_filter :project, only: [:new, :create] | 3 | skip_before_filter :project, only: [:new, :create] |
| 3 | skip_before_filter :repository, only: [:new, :create] | 4 | skip_before_filter :repository, only: [:new, :create] |
| 4 | 5 | ||
| @@ -54,6 +55,8 @@ class ProjectsController < Projects::ApplicationController | @@ -54,6 +55,8 @@ class ProjectsController < Projects::ApplicationController | ||
| 54 | end | 55 | end |
| 55 | 56 | ||
| 56 | def show | 57 | def show |
| 58 | + return authenticate_user! unless @project.public | ||
| 59 | + | ||
| 57 | limit = (params[:limit] || 20).to_i | 60 | limit = (params[:limit] || 20).to_i |
| 58 | 61 | ||
| 59 | @events = @project.events.recent | 62 | @events = @project.events.recent |
| @@ -69,8 +72,10 @@ class ProjectsController < Projects::ApplicationController | @@ -69,8 +72,10 @@ class ProjectsController < Projects::ApplicationController | ||
| 69 | if @project.empty_repo? | 72 | if @project.empty_repo? |
| 70 | render "projects/empty" | 73 | render "projects/empty" |
| 71 | else | 74 | else |
| 72 | - @last_push = current_user.recent_push(@project.id) | ||
| 73 | - render :show | 75 | + if current_user |
| 76 | + @last_push = current_user.recent_push(@project.id) | ||
| 77 | + end | ||
| 78 | + render :show, layout: current_user ? "project" : "public" | ||
| 74 | end | 79 | end |
| 75 | end | 80 | end |
| 76 | format.js | 81 | format.js |
app/helpers/application_helper.rb
| @@ -90,6 +90,8 @@ module ApplicationHelper | @@ -90,6 +90,8 @@ module ApplicationHelper | ||
| 90 | end | 90 | end |
| 91 | 91 | ||
| 92 | def search_autocomplete_source | 92 | def search_autocomplete_source |
| 93 | + return unless current_user | ||
| 94 | + | ||
| 93 | projects = current_user.authorized_projects.map { |p| { label: "project: #{simple_sanitize(p.name_with_namespace)}", url: project_path(p) } } | 95 | projects = current_user.authorized_projects.map { |p| { label: "project: #{simple_sanitize(p.name_with_namespace)}", url: project_path(p) } } |
| 94 | groups = current_user.authorized_groups.map { |group| { label: "group: #{simple_sanitize(group.name)}", url: group_path(group) } } | 96 | groups = current_user.authorized_groups.map { |group| { label: "group: #{simple_sanitize(group.name)}", url: group_path(group) } } |
| 95 | 97 |
app/models/ability.rb
| 1 | class Ability | 1 | class Ability |
| 2 | class << self | 2 | class << self |
| 3 | def allowed(user, subject) | 3 | def allowed(user, subject) |
| 4 | + return not_auth_abilities(user, subject) if user.nil? | ||
| 4 | return [] unless user.kind_of?(User) | 5 | return [] unless user.kind_of?(User) |
| 5 | return [] if user.blocked? | 6 | return [] if user.blocked? |
| 6 | 7 | ||
| @@ -17,6 +18,24 @@ class Ability | @@ -17,6 +18,24 @@ class Ability | ||
| 17 | end.concat(global_abilities(user)) | 18 | end.concat(global_abilities(user)) |
| 18 | end | 19 | end |
| 19 | 20 | ||
| 21 | + # List of possible abilities | ||
| 22 | + # for non-authenticated user | ||
| 23 | + def not_auth_abilities(user, subject) | ||
| 24 | + project = if subject.kind_of?(Project) | ||
| 25 | + subject | ||
| 26 | + elsif subject.respond_to?(:project) | ||
| 27 | + subject.project | ||
| 28 | + else | ||
| 29 | + nil | ||
| 30 | + end | ||
| 31 | + | ||
| 32 | + if project && project.public | ||
| 33 | + public_project_rules | ||
| 34 | + else | ||
| 35 | + [] | ||
| 36 | + end | ||
| 37 | + end | ||
| 38 | + | ||
| 20 | def global_abilities(user) | 39 | def global_abilities(user) |
| 21 | rules = [] | 40 | rules = [] |
| 22 | rules << :create_group if user.can_create_group | 41 | rules << :create_group if user.can_create_group |
| @@ -58,19 +77,9 @@ class Ability | @@ -58,19 +77,9 @@ class Ability | ||
| 58 | end | 77 | end |
| 59 | 78 | ||
| 60 | def public_project_rules | 79 | def public_project_rules |
| 61 | - [ | 80 | + project_guest_rules + [ |
| 62 | :download_code, | 81 | :download_code, |
| 63 | :fork_project, | 82 | :fork_project, |
| 64 | - :read_project, | ||
| 65 | - :read_wiki, | ||
| 66 | - :read_issue, | ||
| 67 | - :read_milestone, | ||
| 68 | - :read_project_snippet, | ||
| 69 | - :read_team_member, | ||
| 70 | - :read_merge_request, | ||
| 71 | - :read_note, | ||
| 72 | - :write_issue, | ||
| 73 | - :write_note | ||
| 74 | ] | 83 | ] |
| 75 | end | 84 | end |
| 76 | 85 |
app/views/layouts/public.html.haml
| 1 | !!! 5 | 1 | !!! 5 |
| 2 | %html{ lang: "en"} | 2 | %html{ lang: "en"} |
| 3 | = render "layouts/head", title: "Public Projects" | 3 | = render "layouts/head", title: "Public Projects" |
| 4 | - %body{class: "#{app_theme} application", :'data-page' => body_data_page} | 4 | + %body{class: "ui_mars application", :'data-page' => body_data_page} |
| 5 | - if current_user | 5 | - if current_user |
| 6 | = render "layouts/head_panel", title: "Public Projects" | 6 | = render "layouts/head_panel", title: "Public Projects" |
| 7 | - else | 7 | - else |
| @@ -13,7 +13,12 @@ | @@ -13,7 +13,12 @@ | ||
| 13 | = link_to public_root_path, class: "home" do | 13 | = link_to public_root_path, class: "home" do |
| 14 | %h1 GITLAB | 14 | %h1 GITLAB |
| 15 | %span.separator | 15 | %span.separator |
| 16 | - %h1.project_name Public Projects | 16 | + %h1.project_name |
| 17 | + - if @project | ||
| 18 | + = project_title(@project) | ||
| 19 | + - else | ||
| 20 | + Public Projects | ||
| 21 | + | ||
| 17 | %ul.nav | 22 | %ul.nav |
| 18 | %li | 23 | %li |
| 19 | %a | 24 | %a |
| @@ -21,8 +26,14 @@ | @@ -21,8 +26,14 @@ | ||
| 21 | %i.icon-refresh.icon-spin | 26 | %i.icon-refresh.icon-spin |
| 22 | Loading... | 27 | Loading... |
| 23 | %li | 28 | %li |
| 24 | - = link_to "Sign in", new_session_path(:user) | 29 | + = link_to "Sign in", new_session_path(:user), class: 'btn btn-sign-in' |
| 30 | + | ||
| 31 | + - if @project | ||
| 32 | + %nav.main-nav | ||
| 33 | + .container= render 'layouts/nav/project' | ||
| 25 | 34 | ||
| 26 | - .container.navless-container | ||
| 27 | - .content | ||
| 28 | - = yield | 35 | + .container |
| 36 | + .content= yield | ||
| 37 | + - else | ||
| 38 | + .container.navless-container | ||
| 39 | + .content= yield |
app/views/projects/_clone_panel.html.haml
| @@ -5,7 +5,7 @@ | @@ -5,7 +5,7 @@ | ||
| 5 | .span3.pull-right | 5 | .span3.pull-right |
| 6 | .pull-right | 6 | .pull-right |
| 7 | - unless @project.empty_repo? | 7 | - unless @project.empty_repo? |
| 8 | - - if can?(current_user, :fork_project, @project) && @project.namespace != current_user.namespace | 8 | + - if current_user && can?(current_user, :fork_project, @project) && @project.namespace != current_user.namespace |
| 9 | - if current_user.already_forked?(@project) | 9 | - if current_user.already_forked?(@project) |
| 10 | = link_to project_path(current_user.fork_of(@project)), class: 'btn grouped disabled' do | 10 | = link_to project_path(current_user.fork_of(@project)), class: 'btn grouped disabled' do |
| 11 | %i.icon-code-fork | 11 | %i.icon-code-fork |
app/views/projects/commits/_head.html.haml
| @@ -21,7 +21,7 @@ | @@ -21,7 +21,7 @@ | ||
| 21 | Stats | 21 | Stats |
| 22 | 22 | ||
| 23 | 23 | ||
| 24 | - - if current_controller?(:commits) && current_user.private_token | 24 | + - if current_user && current_controller?(:commits) && current_user.private_token |
| 25 | %li.pull-right | 25 | %li.pull-right |
| 26 | = link_to project_commits_path(@project, @ref, {format: :atom, private_token: current_user.private_token}), title: "Feed" do | 26 | = link_to project_commits_path(@project, @ref, {format: :atom, private_token: current_user.private_token}), title: "Feed" do |
| 27 | %i.icon-rss | 27 | %i.icon-rss |
app/views/projects/issues/_head.html.haml
| @@ -5,6 +5,7 @@ | @@ -5,6 +5,7 @@ | ||
| 5 | = link_to 'Milestones', project_milestones_path(@project), class: "tab" | 5 | = link_to 'Milestones', project_milestones_path(@project), class: "tab" |
| 6 | = nav_link(controller: :labels) do | 6 | = nav_link(controller: :labels) do |
| 7 | = link_to 'Labels', project_labels_path(@project), class: "tab" | 7 | = link_to 'Labels', project_labels_path(@project), class: "tab" |
| 8 | - %li.pull-right | ||
| 9 | - = link_to project_issues_path(@project, :atom, { private_token: current_user.private_token }) do | ||
| 10 | - %i.icon-rss | 8 | + - if current_user |
| 9 | + %li.pull-right | ||
| 10 | + = link_to project_issues_path(@project, :atom, { private_token: current_user.private_token }) do | ||
| 11 | + %i.icon-rss |