Fix group projects fetch

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Fix group projects fetch
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Dmitriy Zaporozhets
1 parent 8f259c5e
Showing 2 changed files with 15 additions and 3 deletions Show diff stats
app/controllers/groups_controller.rb
spec/features/security/group/group_access_spec.rb
@@ -5,7 +5,7 @@ class GroupsController &lt; ApplicationController
  
   # Authorize
   before_filter :authorize_read_group!, except: [:new, :create]
-  before_filter :authorize_admin_group!, only: [:edit, :update, :destroy]
+  before_filter :authorize_admin_group!, only: [:edit, :update, :destroy, :projects]
   before_filter :authorize_create_group!, only: [:new, :create]
  
   # Load group projects
@@ -108,12 +108,12 @@ class GroupsController &lt; ApplicationController
   end
  
   def project_ids
-    projects.pluck(:id)
+    @projects.pluck(:id)
   end
  
   # Dont allow unauthorized access to group
   def authorize_read_group!
-    unless @group and (projects.present? or can?(current_user, :read_group, @group))
+    unless @group and (@projects.present? or can?(current_user, :read_group, @group))
       if current_user.nil?
         return authenticate_user!
       else
@@ -82,5 +82,17 @@ describe &quot;Group access&quot;, feature: true  do
       it { should be_denied_for :user }
       it { should be_denied_for :visitor }
     end
+
+    describe "GET /groups/:path/projects" do
+      subject { projects_group_path(group) }
+
+      it { should be_allowed_for owner }
+      it { should be_denied_for master }
+      it { should be_denied_for reporter }
+      it { should be_allowed_for :admin }
+      it { should be_denied_for guest }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
+    end
   end
 end
...	...	@@ -5,7 +5,7 @@ class GroupsController < ApplicationController
5	5
6	6	# Authorize
7	7	before_filter :authorize_read_group!, except: [:new, :create]
8		- before_filter :authorize_admin_group!, only: [:edit, :update, :destroy]
	8	+ before_filter :authorize_admin_group!, only: [:edit, :update, :destroy, :projects]
9	9	before_filter :authorize_create_group!, only: [:new, :create]
10	10
11	11	# Load group projects
...	...	@@ -108,12 +108,12 @@ class GroupsController < ApplicationController
108	108	end
109	109
110	110	def project_ids
111		- projects.pluck(:id)
	111	+ @projects.pluck(:id)
112	112	end
113	113
114	114	# Dont allow unauthorized access to group
115	115	def authorize_read_group!
116		- unless @group and (projects.present? or can?(current_user, :read_group, @group))
	116	+ unless @group and (@projects.present? or can?(current_user, :read_group, @group))
117	117	if current_user.nil?
118	118	return authenticate_user!
119	119	else
...	...
...	...	@@ -82,5 +82,17 @@ describe "Group access", feature: true do
82	82	it { should be_denied_for :user }
83	83	it { should be_denied_for :visitor }
84	84	end
	85	+
	86	+ describe "GET /groups/:path/projects" do
	87	+ subject { projects_group_path(group) }
	88	+
	89	+ it { should be_allowed_for owner }
	90	+ it { should be_denied_for master }
	91	+ it { should be_denied_for reporter }
	92	+ it { should be_allowed_for :admin }
	93	+ it { should be_denied_for guest }
	94	+ it { should be_denied_for :user }
	95	+ it { should be_denied_for :visitor }
	96	+ end
85	97	end
86	98	end
...	...