diff options
| author | Sean McGivern <sean@mcgivern.me.uk> | 2018-04-24 07:10:54 +0000 |
|---|---|---|
| committer | Sean McGivern <sean@mcgivern.me.uk> | 2018-04-24 07:10:54 +0000 |
| commit | 8a726a0842f4a8e5b86d2a44c7c16219632f4249 (patch) | |
| tree | 8b8b3b941787e8e5b09e6df07f5161c05a04b274 | |
| parent | d3db21b4cff2f8a52446b67fee8921f1e3a8d0b3 (diff) | |
| parent | 2b5ac11591848daaea582034ebd07663d9e40dd0 (diff) | |
| download | gitlab-ce-8a726a0842f4a8e5b86d2a44c7c16219632f4249.tar.gz | |
Merge branch 'issue_45463' into 'master'
Fix users not seeing labels from private groups when being a member of a child project
Closes #45463
See merge request gitlab-org/gitlab-ce!18544
| -rw-r--r-- | app/policies/group_policy.rb | 8 | ||||
| -rw-r--r-- | changelogs/unreleased/issue_45463.yml | 5 | ||||
| -rw-r--r-- | spec/features/labels_hierarchy_spec.rb | 14 | ||||
| -rw-r--r-- | spec/policies/group_policy_spec.rb | 27 |
4 files changed, 50 insertions, 4 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index c9cb730c4e9..520710b757d 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -22,7 +22,7 @@ class GroupPolicy < BasePolicy condition(:can_change_parent_share_with_group_lock) { can?(:change_share_with_group_lock, @subject.parent) } condition(:has_projects) do - GroupProjectsFinder.new(group: @subject, current_user: @user).execute.any? + GroupProjectsFinder.new(group: @subject, current_user: @user, options: { include_subgroups: true }).execute.any? end with_options scope: :subject, score: 0 @@ -43,7 +43,11 @@ class GroupPolicy < BasePolicy end rule { admin } .enable :read_group - rule { has_projects } .enable :read_group + + rule { has_projects }.policy do + enable :read_group + enable :read_label + end rule { has_access }.enable :read_namespace diff --git a/changelogs/unreleased/issue_45463.yml b/changelogs/unreleased/issue_45463.yml new file mode 100644 index 00000000000..a350568d04b --- /dev/null +++ b/changelogs/unreleased/issue_45463.yml @@ -0,0 +1,5 @@ +--- +title: Fix users not seeing labels from private groups when being a member of a child project +merge_request: +author: +type: fixed diff --git a/spec/features/labels_hierarchy_spec.rb b/spec/features/labels_hierarchy_spec.rb index 3e05e7b7f38..ae41f611ddc 100644 --- a/spec/features/labels_hierarchy_spec.rb +++ b/spec/features/labels_hierarchy_spec.rb @@ -170,6 +170,8 @@ feature 'Labels Hierarchy', :js, :nested_groups do context 'on issue sidebar' do before do + project_1.add_developer(user) + visit project_issue_path(project_1, issue) end @@ -180,6 +182,8 @@ feature 'Labels Hierarchy', :js, :nested_groups do let(:board) { create(:board, project: project_1) } before do + project_1.add_developer(user) + visit project_board_path(project_1, board) wait_for_requests @@ -194,6 +198,8 @@ feature 'Labels Hierarchy', :js, :nested_groups do let(:board) { create(:board, group: parent) } before do + parent.add_developer(user) + visit group_board_path(parent, board) wait_for_requests @@ -211,6 +217,8 @@ feature 'Labels Hierarchy', :js, :nested_groups do context 'on project issuable list' do before do + project_1.add_developer(user) + visit project_issues_path(project_1) end @@ -237,6 +245,8 @@ feature 'Labels Hierarchy', :js, :nested_groups do let(:board) { create(:board, project: project_1) } before do + project_1.add_developer(user) + visit project_board_path(project_1, board) end @@ -247,6 +257,8 @@ feature 'Labels Hierarchy', :js, :nested_groups do let(:board) { create(:board, group: parent) } before do + parent.add_developer(user) + visit group_board_path(parent, board) end @@ -259,6 +271,7 @@ feature 'Labels Hierarchy', :js, :nested_groups do let(:board) { create(:board, project: project_1) } before do + project_1.add_developer(user) visit project_board_path(project_1, board) find('.js-new-board-list').click wait_for_requests @@ -281,6 +294,7 @@ feature 'Labels Hierarchy', :js, :nested_groups do let(:board) { create(:board, group: parent) } before do + parent.add_developer(user) visit group_board_path(parent, board) find('.js-new-board-list').click wait_for_requests diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index b4d25e06d9a..9b5c290b9f9 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -7,9 +7,9 @@ describe GroupPolicy do let(:master) { create(:user) } let(:owner) { create(:user) } let(:admin) { create(:admin) } - let(:group) { create(:group) } + let(:group) { create(:group, :private) } - let(:guest_permissions) { [:read_group, :upload_file, :read_namespace] } + let(:guest_permissions) { [:read_label, :read_group, :upload_file, :read_namespace] } let(:reporter_permissions) { [:admin_label] } @@ -50,6 +50,7 @@ describe GroupPolicy do end context 'with no user' do + let(:group) { create(:group, :public) } let(:current_user) { nil } it do @@ -63,6 +64,28 @@ describe GroupPolicy do end end + context 'has projects' do + let(:current_user) { create(:user) } + let(:project) { create(:project, namespace: group) } + + before do + project.add_developer(current_user) + end + + it do + expect_allowed(:read_group, :read_label) + end + + context 'in subgroups', :nested_groups do + let(:subgroup) { create(:group, :private, parent: group) } + let(:project) { create(:project, namespace: subgroup) } + + it do + expect_allowed(:read_group, :read_label) + end + end + end + context 'guests' do let(:current_user) { guest } |