Commit 71feb7578267fd306601fb7dacf2b875b64799c4
Exists in
spb-stable
and in
2 other branches
Merge branch 'fix-permissions' into 'master'
Fix permissions Fixes #1358
Showing
2 changed files
with
66 additions
and
25 deletions
Show diff stats
app/models/project_team.rb
| ... | ... | @@ -118,19 +118,30 @@ class ProjectTeam |
| 118 | 118 | end |
| 119 | 119 | |
| 120 | 120 | def guest?(user) |
| 121 | - find_tm(user.id).try(:access_field) == Gitlab::Access::GUEST | |
| 121 | + max_tm_access(user.id) == Gitlab::Access::GUEST | |
| 122 | 122 | end |
| 123 | 123 | |
| 124 | 124 | def reporter?(user) |
| 125 | - find_tm(user.id).try(:access_field) == Gitlab::Access::REPORTER | |
| 125 | + max_tm_access(user.id) == Gitlab::Access::REPORTER | |
| 126 | 126 | end |
| 127 | 127 | |
| 128 | 128 | def developer?(user) |
| 129 | - find_tm(user.id).try(:access_field) == Gitlab::Access::DEVELOPER | |
| 129 | + max_tm_access(user.id) == Gitlab::Access::DEVELOPER | |
| 130 | 130 | end |
| 131 | 131 | |
| 132 | 132 | def master?(user) |
| 133 | - find_tm(user.id).try(:access_field) == Gitlab::Access::MASTER | |
| 133 | + max_tm_access(user.id) == Gitlab::Access::MASTER | |
| 134 | + end | |
| 135 | + | |
| 136 | + def max_tm_access(user_id) | |
| 137 | + access = [] | |
| 138 | + access << project.users_projects.find_by(user_id: user_id).try(:access_field) | |
| 139 | + | |
| 140 | + if group | |
| 141 | + access << group.users_groups.find_by(user_id: user_id).try(:access_field) | |
| 142 | + end | |
| 143 | + | |
| 144 | + access.compact.max | |
| 134 | 145 | end |
| 135 | 146 | |
| 136 | 147 | private | ... | ... |
spec/models/project_team_spec.rb
| 1 | 1 | require "spec_helper" |
| 2 | 2 | |
| 3 | 3 | describe ProjectTeam do |
| 4 | - let(:group) { create(:group) } | |
| 5 | - let(:project) { create(:empty_project, group: group) } | |
| 6 | - | |
| 7 | 4 | let(:master) { create(:user) } |
| 8 | 5 | let(:reporter) { create(:user) } |
| 9 | 6 | let(:guest) { create(:user) } |
| 10 | 7 | let(:nonmember) { create(:user) } |
| 11 | 8 | |
| 12 | - before do | |
| 13 | - group.add_user(master, Gitlab::Access::MASTER) | |
| 14 | - group.add_user(reporter, Gitlab::Access::REPORTER) | |
| 15 | - group.add_user(guest, Gitlab::Access::GUEST) | |
| 9 | + context 'personal project' do | |
| 10 | + let(:project) { create(:empty_project) } | |
| 16 | 11 | |
| 17 | - # Add group guest as master to this project | |
| 18 | - # to test project access priority over group members | |
| 19 | - project.team << [guest, :master] | |
| 20 | - end | |
| 12 | + before do | |
| 13 | + project.team << [master, :master] | |
| 14 | + project.team << [reporter, :reporter] | |
| 15 | + project.team << [guest, :guest] | |
| 16 | + end | |
| 21 | 17 | |
| 22 | - describe 'members collection' do | |
| 23 | - it { project.team.masters.should include(master) } | |
| 24 | - it { project.team.masters.should include(guest) } | |
| 25 | - it { project.team.masters.should_not include(reporter) } | |
| 26 | - it { project.team.masters.should_not include(nonmember) } | |
| 18 | + describe 'members collection' do | |
| 19 | + it { project.team.masters.should include(master) } | |
| 20 | + it { project.team.masters.should_not include(guest) } | |
| 21 | + it { project.team.masters.should_not include(reporter) } | |
| 22 | + it { project.team.masters.should_not include(nonmember) } | |
| 23 | + end | |
| 24 | + | |
| 25 | + describe 'access methods' do | |
| 26 | + it { project.team.master?(master).should be_true } | |
| 27 | + it { project.team.master?(guest).should be_false } | |
| 28 | + it { project.team.master?(reporter).should be_false } | |
| 29 | + it { project.team.master?(nonmember).should be_false } | |
| 30 | + end | |
| 27 | 31 | end |
| 28 | 32 | |
| 29 | - describe 'access methods' do | |
| 30 | - it { project.team.master?(master).should be_true } | |
| 31 | - it { project.team.master?(guest).should be_true } | |
| 32 | - it { project.team.master?(reporter).should be_false } | |
| 33 | - it { project.team.master?(nonmember).should be_false } | |
| 33 | + context 'group project' do | |
| 34 | + let(:group) { create(:group) } | |
| 35 | + let(:project) { create(:empty_project, group: group) } | |
| 36 | + | |
| 37 | + before do | |
| 38 | + group.add_user(master, Gitlab::Access::MASTER) | |
| 39 | + group.add_user(reporter, Gitlab::Access::REPORTER) | |
| 40 | + group.add_user(guest, Gitlab::Access::GUEST) | |
| 41 | + | |
| 42 | + # If user is a group and a project member - GitLab uses highest permission | |
| 43 | + # So we add group guest as master and add group master as guest | |
| 44 | + # to this project to test highest access | |
| 45 | + project.team << [guest, :master] | |
| 46 | + project.team << [master, :guest] | |
| 47 | + end | |
| 48 | + | |
| 49 | + describe 'members collection' do | |
| 50 | + it { project.team.reporters.should include(reporter) } | |
| 51 | + it { project.team.masters.should include(master) } | |
| 52 | + it { project.team.masters.should include(guest) } | |
| 53 | + it { project.team.masters.should_not include(reporter) } | |
| 54 | + it { project.team.masters.should_not include(nonmember) } | |
| 55 | + end | |
| 56 | + | |
| 57 | + describe 'access methods' do | |
| 58 | + it { project.team.reporter?(reporter).should be_true } | |
| 59 | + it { project.team.master?(master).should be_true } | |
| 60 | + it { project.team.master?(guest).should be_true } | |
| 61 | + it { project.team.master?(reporter).should be_false } | |
| 62 | + it { project.team.master?(nonmember).should be_false } | |
| 63 | + end | |
| 34 | 64 | end |
| 35 | 65 | end |
| 36 | 66 | ... | ... |