Merge branch 'epic/public_projects' of /home/git/repositories/gitlab/gitlabhq

author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-09-25 13:25:47 +0000
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-09-25 13:25:47 +0000
commit: f1fd47875c19bf4bd9b5bbd2975f99209f1c282e (patch)
tree: 11211f17bd978e5b73a329cd238a1ef3fd90067e
parent: a3c806732570bd38feb3204b1eadd1f70b21e266 (diff)
parent: e8292e733bd35eefad4c222f324c3d5070ac83eb (diff)
download: gitlab-ce-f1fd47875c19bf4bd9b5bbd2975f99209f1c282e.tar.gz
38 files changed, 871 insertions, 674 deletions
diff --git a/CHANGELOG b/CHANGELOG
index e955925138c..3db03f76ed7 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,6 @@
+v 6.2.0
+  - Public projects are visible from the outside
+
 v 6.1.0
   - Project specific IDs for issues, mr, milestones
     Above items will get a new id and for example all bookmarked issue urls will change.
diff --git a/VERSION b/VERSION
index dfda3e0b4f0..79e046f49a5 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-6.1.0
+6.2.0.pre
diff --git a/app/assets/images/login-logo.png b/app/assets/images/login-logo.png
deleted file mode 100644
index a61c41303c4..00000000000
--- a/app/assets/images/login-logo.png
+++ /dev/null
diff --git a/app/assets/stylesheets/common.scss b/app/assets/stylesheets/common.scss
index 6d80b22b3aa..1572227ec3a 100644
--- a/app/assets/stylesheets/common.scss
+++ b/app/assets/stylesheets/common.scss
@@ -382,3 +382,8 @@ table {
   width: 50px;
   min-height: 100px;
 }
+
+.navbar-gitlab .navbar-inner .nav > li .btn-sign-in {
+  @extend .btn-new;
+  padding: 5px 15px;
+}
diff --git a/app/assets/stylesheets/sections/login.scss b/app/assets/stylesheets/sections/login.scss
index 8d9fd037bce..33bef59c089 100644
--- a/app/assets/stylesheets/sections/login.scss
+++ b/app/assets/stylesheets/sections/login.scss
@@ -1,7 +1,8 @@
 /* Login Page */
 body.login-page{
-  background: #474D57;
-  .container .content { padding-top: 4%; }
+  .container > .content {
+    padding-top: 20px;
+  }
 }
 
 .login-box{
diff --git a/app/assets/stylesheets/sections/projects.scss b/app/assets/stylesheets/sections/projects.scss
index f2707f62378..0491b68db57 100644
--- a/app/assets/stylesheets/sections/projects.scss
+++ b/app/assets/stylesheets/sections/projects.scss
@@ -79,21 +79,6 @@ ul.nav.nav-projects-tabs {
   margin: 0px;
 }
 
-.public-projects {
-  li {
-    .project-title {
-      font-size: 14px;
-      line-height: 2;
-      font-weight: normal;
-    }
-
-    .description {
-      margin-left: 15px;
-      color: #aaa;
-    }
-  }
-}
-
 .my-projects {
   li {
     .project-title {
@@ -110,7 +95,6 @@ ul.nav.nav-projects-tabs {
   }
 }
 
-
 .public-clone {
   background: #333;
   color: #f5f5f5;
@@ -123,3 +107,11 @@ ul.nav.nav-projects-tabs {
   position: relative;
   top: -5px;
 }
+
+.public-projects .repo-info {
+  color: #777;
+
+  a {
+    color: #777;
+  }
+}
diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb
index 780f47d9960..75f12f8a6af 100644
--- a/app/controllers/profiles_controller.rb
+++ b/app/controllers/profiles_controller.rb
@@ -33,8 +33,8 @@ class ProfilesController < ApplicationController
   end
 
   def update_password
-    params[:user].select! do |key, value|
-      %w(current_password password password_confirmation).include?(key.to_s)
+    password_attributes = params[:user].select do |key, value|
+      %w(password password_confirmation).include?(key.to_s)
     end
 
     unless @user.valid_password?(params[:user][:current_password])
@@ -42,7 +42,7 @@ class ProfilesController < ApplicationController
       return
     end
 
-    if @user.update_attributes(params[:user])
+    if @user.update_attributes(password_attributes)
       flash[:notice] = "Password was successfully updated. Please login with it"
       redirect_to new_user_session_path
     else
diff --git a/app/controllers/projects/application_controller.rb b/app/controllers/projects/application_controller.rb
index 1f2a75175cf..8fd4565f367 100644
--- a/app/controllers/projects/application_controller.rb
+++ b/app/controllers/projects/application_controller.rb
@@ -1,5 +1,26 @@
 class Projects::ApplicationController < ApplicationController
   before_filter :project
   before_filter :repository
-  layout 'projects'
+  layout :determine_layout
+
+  def authenticate_user!
+    # Restrict access to Projects area only
+    # for non-signed users
+    if !current_user
+      id = params[:project_id] || params[:id]
+      @project = Project.find_with_namespace(id)
+
+      return if @project && @project.public
+    end
+
+    super
+  end
+
+  def determine_layout
+    if current_user
+      'projects'
+    else
+      'public_projects'
+    end
+  end
 end
diff --git a/app/controllers/projects/hooks_controller.rb b/app/controllers/projects/hooks_controller.rb
index 3367ddb5d14..1a94dbab5ea 100644
--- a/app/controllers/projects/hooks_controller.rb
+++ b/app/controllers/projects/hooks_controller.rb
@@ -1,7 +1,6 @@
 class Projects::HooksController < Projects::ApplicationController
   # Authorize
-  before_filter :authorize_read_project!
-  before_filter :authorize_admin_project!, only: [:new, :create, :destroy]
+  before_filter :authorize_admin_project!
 
   respond_to :html
 
diff --git a/app/controllers/projects/snippets_controller.rb b/app/controllers/projects/snippets_controller.rb
index 59063103ecb..dd0c1a57089 100644
--- a/app/controllers/projects/snippets_controller.rb
+++ b/app/controllers/projects/snippets_controller.rb
@@ -14,8 +14,6 @@ class Projects::SnippetsController < Projects::ApplicationController
   # Allow destroy snippet
   before_filter :authorize_admin_project_snippet!, only: [:destroy]
 
-  layout 'projects'
-
   respond_to :html
 
   def index
diff --git a/app/controllers/projects/team_members_controller.rb b/app/controllers/projects/team_members_controller.rb
index 6fee770cae2..b4b318fa59e 100644
--- a/app/controllers/projects/team_members_controller.rb
+++ b/app/controllers/projects/team_members_controller.rb
@@ -1,7 +1,6 @@
 class Projects::TeamMembersController < Projects::ApplicationController
   # Authorize
-  before_filter :authorize_read_project!
-  before_filter :authorize_admin_project!, except: [:index, :show]
+  before_filter :authorize_admin_project!
 
   layout "project_settings"
 
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 23b54ec44a8..7264128691e 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -1,6 +1,7 @@
-class ProjectsController < Projects::ApplicationController
-  skip_before_filter :project, only: [:new, :create]
-  skip_before_filter :repository, only: [:new, :create]
+class ProjectsController < ApplicationController
+  skip_before_filter :authenticate_user!, only: [:show]
+  before_filter :project, except: [:new, :create]
+  before_filter :repository, except: [:new, :create]
 
   # Authorize
   before_filter :authorize_read_project!, except: [:index, :new, :create]
@@ -54,8 +55,9 @@ class ProjectsController < Projects::ApplicationController
   end
 
   def show
-    limit = (params[:limit] || 20).to_i
+    return authenticate_user! unless @project.public || current_user
 
+    limit = (params[:limit] || 20).to_i
     @events = @project.events.recent
     @events = event_filter.apply_filter(@events)
     @events = @events.limit(limit).offset(params[:offset] || 0)
@@ -67,10 +69,12 @@ class ProjectsController < Projects::ApplicationController
     respond_to do |format|
       format.html do
         if @project.empty_repo?
-          render "projects/empty"
+          render "projects/empty", layout: user_layout
         else
-          @last_push = current_user.recent_push(@project.id)
-          render :show
+          if current_user
+            @last_push = current_user.recent_push(@project.id)
+          end
+          render :show, layout: user_layout
         end
       end
       format.js
@@ -121,4 +125,8 @@ class ProjectsController < Projects::ApplicationController
   def set_title
     @title = 'New Project'
   end
+
+  def user_layout
+    current_user ? "projects" : "public_projects"
+  end
 end
diff --git a/app/controllers/public/projects_controller.rb b/app/controllers/public/projects_controller.rb
index 3504bd3f1a5..87e903a1d2d 100644
--- a/app/controllers/public/projects_controller.rb
+++ b/app/controllers/public/projects_controller.rb
@@ -10,17 +10,4 @@ class Public::ProjectsController < ApplicationController
     @projects = @projects.search(params[:search]) if params[:search].present?
     @projects = @projects.includes(:namespace).order("namespaces.path, projects.name ASC").page(params[:page]).per(20)
   end
-
-  def show
-    @project = Project.public_only.find_with_namespace(params[:id])
-    render_404 and return unless @project
-
-    @repository = @project.repository
-    unless @project.empty_repo?
-      @recent_tags = @repository.tags.first(10)
-
-      @commit = @repository.commit(params[:ref])
-      @tree = Tree.new(@repository, @commit.id)
-    end
-  end
 end
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 4209b081bfa..7e5c10fee05 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -90,6 +90,8 @@ module ApplicationHelper
   end
 
   def search_autocomplete_source
+    return unless current_user
+
     projects = current_user.authorized_projects.map { |p| { label: "project: #{simple_sanitize(p.name_with_namespace)}", url: project_path(p) } }
     groups = current_user.authorized_groups.map { |group| { label: "group: #{simple_sanitize(group.name)}", url: group_path(group) } }
 
diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb
index 3a1cf59fd1a..9071c688df1 100644
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -103,4 +103,20 @@ module ProjectsHelper
 
     nav_tabs.flatten
   end
+
+  def git_user_name
+    if current_user
+      current_user.name
+    else
+      "Your name"
+    end
+  end
+
+  def git_user_email
+    if current_user
+      current_user.email
+    else
+      "your@email.com"
+    end
+  end
 end
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 8335829f919..ad070dad296 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -1,6 +1,7 @@
 class Ability
   class << self
     def allowed(user, subject)
+      return not_auth_abilities(user, subject) if user.nil?
       return [] unless user.kind_of?(User)
       return [] if user.blocked?
 
@@ -17,6 +18,34 @@ class Ability
       end.concat(global_abilities(user))
     end
 
+    # List of possible abilities
+    # for non-authenticated user
+    def not_auth_abilities(user, subject)
+      project = if subject.kind_of?(Project)
+                  subject
+                elsif subject.respond_to?(:project)
+                  subject.project
+                else
+                  nil
+                end
+
+      if project && project.public
+        [
+          :read_project,
+          :read_wiki,
+          :read_issue,
+          :read_milestone,
+          :read_project_snippet,
+          :read_team_member,
+          :read_merge_request,
+          :read_note,
+          :download_code
+        ]
+      else
+        []
+      end
+    end
+
     def global_abilities(user)
       rules = []
       rules << :create_group if user.can_create_group
@@ -58,19 +87,9 @@ class Ability
     end
 
     def public_project_rules
-      [
+      project_guest_rules + [
         :download_code,
         :fork_project,
-        :read_project,
-        :read_wiki,
-        :read_issue,
-        :read_milestone,
-        :read_project_snippet,
-        :read_team_member,
-        :read_merge_request,
-        :read_note,
-        :write_issue,
-        :write_note
       ]
     end
 
@@ -135,7 +154,7 @@ class Ability
     def group_abilities user, group
       rules = []
 
-      if group.users.include?(user)
+      if group.users.include?(user) || user.admin?
         rules << :read_group
       end
 
diff --git a/app/models/group.rb b/app/models/group.rb
index fce8d71217b..0b36c934375 100644
--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -32,6 +32,10 @@ class Group < Namespace
     end
   end
 
+  def add_user(user, group_access)
+    self.users_groups.create(user_id: user.id, group_access: group_access)
+  end
+
   def change_owner(user)
     self.owner = user
     membership = users_groups.where(user_id: user.id).first
diff --git a/app/views/layouts/_public_head_panel.html.haml b/app/views/layouts/_public_head_panel.html.haml
new file mode 100644
index 00000000000..3c4bd857c22
--- /dev/null
+++ b/app/views/layouts/_public_head_panel.html.haml
@@ -0,0 +1,22 @@
+%header.navbar.navbar-static-top.navbar-gitlab
+  .navbar-inner
+    .container
+      %div.app_logo
+        %span.separator
+        = link_to public_root_path, class: "home" do
+          %h1 GITLAB
+        %span.separator
+      %h1.project_name
+        - if @project
+          = project_title(@project)
+        - else
+          Public Projects
+
+      %ul.nav
+        %li
+          %a
+            %div.hide.turbolink-spinner
+              %i.icon-refresh.icon-spin
+              Loading...
+        %li
+          = link_to "Sign in", new_session_path(:user), class: 'btn btn-sign-in'
diff --git a/app/views/layouts/devise.html.haml b/app/views/layouts/devise.html.haml
index 0fa36211739..c4729836faa 100644
--- a/app/views/layouts/devise.html.haml
+++ b/app/views/layouts/devise.html.haml
@@ -6,5 +6,10 @@
     .container
       .content
         %center
-          = image_tag image_path "login-logo.png"
+          %h1 GitLab
+          %p.light
+            GitLab is open source software to collaborate on code.
+            %br
+            #{link_to "Sign in", new_user_session_path} or browse for #{link_to "public projects", public_projects_path}.
+        %hr
         = yield
diff --git a/app/views/layouts/public.html.haml b/app/views/layouts/public.html.haml
index 7dce0cbeae2..f922dcc4203 100644
--- a/app/views/layouts/public.html.haml
+++ b/app/views/layouts/public.html.haml
@@ -1,28 +1,11 @@
 !!! 5
 %html{ lang: "en"}
   = render "layouts/head", title: "Public Projects"
-  %body{class: "#{app_theme} application", :'data-page' => body_data_page}
+  %body{class: "ui_mars application", :'data-page' => body_data_page}
     - if current_user
       = render "layouts/head_panel", title: "Public Projects"
     - else
-      %header.navbar.navbar-static-top.navbar-gitlab
-        .navbar-inner
-          .container
-            %div.app_logo
-              %span.separator
-              = link_to public_root_path, class: "home" do
-                %h1 GITLAB
-              %span.separator
-            %h1.project_name Public Projects
-            %ul.nav
-              %li
-                %a
-                  %div.hide.turbolink-spinner
-                    %i.icon-refresh.icon-spin
-                    Loading...
-              %li
-                = link_to "Sign in", new_session_path(:user)
+      = render "layouts/public_head_panel"
 
     .container.navless-container
-      .content
-        = yield
+      .content= yield
diff --git a/app/views/layouts/public_projects.html.haml b/app/views/layouts/public_projects.html.haml
new file mode 100644
index 00000000000..cfe6a63055a
--- /dev/null
+++ b/app/views/layouts/public_projects.html.haml
@@ -0,0 +1,9 @@
+!!! 5
+%html{ lang: "en"}
+  = render "layouts/head", title: @project.name_with_namespace
+  %body{class: "ui_mars application", :'data-page' => body_data_page}
+    = render "layouts/public_head_panel"
+    %nav.main-nav
+      .container= render 'layouts/nav/project'
+    .container
+      .content= yield
diff --git a/app/views/projects/_clone_panel.html.haml b/app/views/projects/_clone_panel.html.haml
index 7228c760d27..c2f85e8ebe8 100644
--- a/app/views/projects/_clone_panel.html.haml
+++ b/app/views/projects/_clone_panel.html.haml
@@ -5,7 +5,7 @@
     .span3.pull-right
       .pull-right
         - unless @project.empty_repo?
-          - if can?(current_user, :fork_project, @project) && @project.namespace != current_user.namespace
+          - if current_user && can?(current_user, :fork_project, @project) && @project.namespace != current_user.namespace
             - if current_user.already_forked?(@project)
               = link_to project_path(current_user.fork_of(@project)), class: 'btn grouped disabled' do
                 %i.icon-code-fork
@@ -19,37 +19,38 @@
               %i.icon-download-alt
               %span.only-wide Download
 
-        .dropdown.pull-right
-          %a.dropdown-toggle.btn{href: '#', "data-toggle" => "dropdown"}
-            %i.icon-plus-sign-alt
-            %span.only-wide New
-            %b.caret
-          %ul.dropdown-menu
-            - if @project.issues_enabled && can?(current_user, :write_issue, @project)
-              %li
-                = link_to url_for_new_issue, title: "New Issue" do
-                  Issue
-            - if @project.merge_requests_enabled && can?(current_user, :write_merge_request, @project)
-              %li
-                = link_to new_project_merge_request_path(@project), title: "New Merge Request" do
-                  Merge Request
-            - if @project.snippets_enabled && can?(current_user, :write_snippet, @project)
-              %li
-                = link_to new_project_snippet_path(@project), title: "New Snippet" do
-                  Snippet
-            - if can? current_user, :push_code, @project
-              %li.divider
-              %li
-                = link_to new_project_branch_path(@project) do
-                  %i.icon-code-fork
-                  Git branch
-              %li
-                = link_to new_project_tag_path(@project) do
-                  %i.icon-tag
-                  Git tag
+        - if current_user
+          .dropdown.pull-right
+            %a.dropdown-toggle.btn{href: '#', "data-toggle" => "dropdown"}
+              %i.icon-plus-sign-alt
+              %span.only-wide New
+              %b.caret
+            %ul.dropdown-menu
+              - if @project.issues_enabled && can?(current_user, :write_issue, @project)
+                %li
+                  = link_to url_for_new_issue, title: "New Issue" do
+                    Issue
+              - if @project.merge_requests_enabled && can?(current_user, :write_merge_request, @project)
+                %li
+                  = link_to new_project_merge_request_path(@project), title: "New Merge Request" do
+                    Merge Request
+              - if @project.snippets_enabled && can?(current_user, :write_snippet, @project)
+                %li
+                  = link_to new_project_snippet_path(@project), title: "New Snippet" do
+                    Snippet
+              - if can? current_user, :push_code, @project
+                %li.divider
+                %li
+                  = link_to new_project_branch_path(@project) do
+                    %i.icon-code-fork
+                    Git branch
+                %li
+                  = link_to new_project_tag_path(@project) do
+                    %i.icon-tag
+                    Git tag
 
-            - if can?(current_user, :admin_team_member, @project)
-              %li.divider
-              %li
-                = link_to new_project_team_member_path(@project), title: "New project member" do
-                  Project member
+              - if can?(current_user, :admin_team_member, @project)
+                %li.divider
+                %li
+                  = link_to new_project_team_member_path(@project), title: "New project member" do
+                    Project member
diff --git a/app/views/projects/commits/_head.html.haml b/app/views/projects/commits/_head.html.haml
index 624604142b1..c2da9f273b3 100644
--- a/app/views/projects/commits/_head.html.haml
+++ b/app/views/projects/commits/_head.html.haml
@@ -21,7 +21,7 @@
       Stats
 
 
-  - if current_controller?(:commits) && current_user.private_token
+  - if current_user && current_controller?(:commits) && current_user.private_token
     %li.pull-right
       = link_to project_commits_path(@project, @ref, {format: :atom, private_token: current_user.private_token}), title: "Feed" do
         %i.icon-rss
diff --git a/app/views/projects/empty.html.haml b/app/views/projects/empty.html.haml
index 001857cefda..9f3502e90de 100644
--- a/app/views/projects/empty.html.haml
+++ b/app/views/projects/empty.html.haml
@@ -16,8 +16,8 @@
       %legend Git global setup:
       %pre.dark
         :preserve
-          git config --global user.name "#{current_user.name}"
-          git config --global user.email "#{current_user.email}"
+          git config --global user.name "#{git_user_name}"
+          git config --global user.email "#{git_user_email}"
 
     %fieldset
       %legend Create Repository
diff --git a/app/views/projects/issues/_head.html.haml b/app/views/projects/issues/_head.html.haml
index 44d14d5cdf9..438cc02b477 100644
--- a/app/views/projects/issues/_head.html.haml
+++ b/app/views/projects/issues/_head.html.haml
@@ -5,6 +5,7 @@
     = link_to 'Milestones', project_milestones_path(@project), class: "tab"
   = nav_link(controller: :labels) do
     = link_to 'Labels', project_labels_path(@project), class: "tab"
-  %li.pull-right
-    = link_to project_issues_path(@project, :atom, { private_token: current_user.private_token }) do
-      %i.icon-rss
+  - if current_user
+    %li.pull-right
+      = link_to project_issues_path(@project, :atom, { private_token: current_user.private_token }) do
+        %i.icon-rss
diff --git a/app/views/projects/notes/_note.html.haml b/app/views/projects/notes/_note.html.haml
index fbc924c4e1d..324b698f3b5 100644
--- a/app/views/projects/notes/_note.html.haml
+++ b/app/views/projects/notes/_note.html.haml
@@ -5,7 +5,7 @@
         %i.icon-link
         Link here
       &nbsp;
-      - if(note.author_id == current_user.id) || can?(current_user, :admin_note, @project)
+      - if(note.author_id == current_user.try(:id)) || can?(current_user, :admin_note, @project)
         = link_to "#", title: "Edit comment", class: "js-note-edit" do
           %i.icon-edit
           Edit
diff --git a/app/views/public/projects/_tree.html.haml b/app/views/public/projects/_tree.html.haml
deleted file mode 100644
index bd09c236a0b..00000000000
--- a/app/views/public/projects/_tree.html.haml
+++ /dev/null
@@ -1,5 +0,0 @@
-- if tree.readme
-  = render "projects/tree/readme", readme: tree.readme
-- else
-  .alert
-    %h3.nothing_here_message This project does not have README file
diff --git a/app/views/public/projects/index.html.haml b/app/views/public/projects/index.html.haml
index 7dbe560e7fc..21aee644579 100644
--- a/app/views/public/projects/index.html.haml
+++ b/app/views/public/projects/index.html.haml
@@ -2,29 +2,40 @@
   .span6
     %h3.page-title
       Projects (#{@projects.total_count})
-      %small with read-only access
+    .light
+      You can browse public projects in read-only mode until signed in.
+
   .span6
     .pull-right
       = form_tag public_projects_path, method: :get, class: 'form-inline' do |f|
         .search-holder
-          .controls
-            = search_field_tag :search, params[:search], placeholder: "Filter by name", class: "span3 search-text-input", id: "projects_search"
-            = submit_tag 'Search', class: "btn btn-primary wide"
-
+          = search_field_tag :search, params[:search], placeholder: "Filter by name", class: "span3 search-text-input", id: "projects_search"
+          = submit_tag 'Search', class: "btn btn-primary wide"
+%hr
 .public-projects
-  %ul.bordered-list
+  %ul.bordered-list.top-list
     - @projects.each do |project|
       %li
-        .project-title
-          %i.icon-share.cgray
-          = link_to public_project_path(project) do
-            %strong= project.name_with_namespace
+        %h4
+          = link_to project_path(project) do
+            = project.name_with_namespace
           .pull-right
             %pre.public-clone git clone #{project.http_url_to_repo}
 
         - if project.description.present?
-          %div.description
+          %p
             = project.description
+
+        .repo-info
+          - unless project.empty_repo?
+            = link_to pluralize(project.repository.round_commit_count, 'commit'), project_commits_path(project, project.default_branch)
+            &middot;
+            = link_to pluralize(project.repository.branch_names.count, 'branch'), project_branches_path(project)
+            &middot;
+            = link_to pluralize(project.repository.tag_names.count, 'tag'), project_tags_path(project)
+          - else
+            %i.icon-warning-sign
+            Empty repository
     - unless @projects.present?
       %h3.nothing_here_message No public projects
 
diff --git a/app/views/public/projects/show.html.haml b/app/views/public/projects/show.html.haml
deleted file mode 100644
index 195b9bc07d2..00000000000
--- a/app/views/public/projects/show.html.haml
+++ /dev/null
@@ -1,49 +0,0 @@
-%h3.page-title
-  = @project.name_with_namespace
-  .pull-right
-    %pre.public-clone git clone #{@project.http_url_to_repo}
-  .pull-right
-    - if current_user
-      = link_to 'Browse project', @project, class: 'btn btn-create append-right-10'
-
-
-%div
-  = link_to public_root_path do
-    &larr; To projects list
-  .pull-right
-    %span.light= @project.description
-
-%br
-.row
-  - unless @project.empty_repo?
-    .span9
-      = render 'tree', tree: @tree
-    .span3
-      %h5 Repository:
-      %div
-        %p
-          %span.light Bare size is
-          #{@project.repository.size} MB
-
-        %p
-          = pluralize(@repository.round_commit_count, 'commit')
-        %p
-          = pluralize(@repository.branch_names.count, 'branch')
-        %p
-          = pluralize(@repository.tag_names.count, 'tag')
-
-      - if @recent_tags.present?
-        %hr
-        %h5 Most Recent Tags:
-        %ul.unstyled
-          - @recent_tags.each do |tag|
-            %li
-              %p
-                %i.icon-tag
-                %strong= tag.name
-                %small.light.pull-right
-                  %i.icon-calendar
-                    = time_ago_in_words(tag.commit.committed_date)
-                  ago
-  - else
-    = 'Empty Repository'
diff --git a/config/routes.rb b/config/routes.rb
index 2b444c2a296..9d47faa19d5 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -55,8 +55,6 @@ Gitlab::Application.routes.draw do
   #
   namespace :public do
     resources :projects, only: [:index]
-    resources :projects, constraints: { id: /[a-zA-Z.\/0-9_\-]+/ }, only: [:show]
-
     root to: "projects#index"
   end
 
diff --git a/features/public/public_projects.feature b/features/public/public_projects.feature
index 1866d3f47fe..178a769194c 100644
--- a/features/public/public_projects.feature
+++ b/features/public/public_projects.feature
@@ -9,11 +9,10 @@ Feature: Public Projects Feature
     And I should not see project "Enterprise"
 
   Scenario: I visit public project page
-    When I visit public page for "Community" project
-    Then I should see public project details
-    And I should see project readme
+    When I visit project "Community" page
+    Then I should see project "Community" home page
 
   Scenario: I visit an empty public project page
     Given public empty project "Empty Public Project"
-    When I visit empty public project page
-    Then I should see empty public project details
-\ No newline at end of file
+    When I visit empty project page
+    Then I should see empty public project details
diff --git a/features/steps/public/projects_feature.rb b/features/steps/public/projects_feature.rb
index 2268e9b9c5e..e9a4d56e36b 100644
--- a/features/steps/public/projects_feature.rb
+++ b/features/steps/public/projects_feature.rb
@@ -11,7 +11,6 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps
 
   step 'I should see project "Empty Public Project"' do
     page.should have_content "Empty Public Project"
-    puts page.save_page('foo.html')
   end
 
   step 'I should see public project details' do
@@ -24,26 +23,35 @@ class Spinach::Features::PublicProjectsFeature < Spinach::FeatureSteps
   end
 
   step 'public project "Community"' do
-    create :project_with_code, name: 'Community', public: true
+    create :project_with_code, name: 'Community', public: true, default_branch: 'master'
   end
 
   step 'public empty project "Empty Public Project"' do
     create :project, name: 'Empty Public Project', public: true
   end
 
-  step 'I visit empty public project page' do
+  step 'I visit empty project page' do
     project = Project.find_by_name('Empty Public Project')
-    visit public_project_path(project)
+    visit project_path(project)
+  end
+
+  step 'I visit project "Community" page' do
+    project = Project.find_by_name('Community')
+    visit project_path(project)
   end
 
   step 'I should see empty public project details' do
-    page.should have_content 'Empty Repository'
+    page.should have_content 'Git global setup'
   end
 
   step 'private project "Enterprise"' do
     create :project, name: 'Enterprise'
   end
 
+  step 'I should see project "Community" home page' do
+    page.should have_content 'Repo size is'
+  end
+
   private
 
   def project
diff --git a/spec/features/security/dashboard_access_spec.rb b/spec/features/security/dashboard_access_spec.rb
new file mode 100644
index 00000000000..adec5926c6f
--- /dev/null
+++ b/spec/features/security/dashboard_access_spec.rb
@@ -0,0 +1,55 @@
+require 'spec_helper'
+
+describe "Dashboard access" do
+  describe "GET /dashboard" do
+    subject { dashboard_path }
+
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /dashboard/issues" do
+    subject { issues_dashboard_path }
+
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /dashboard/merge_requests" do
+    subject { merge_requests_dashboard_path }
+
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /dashboard/projects" do
+    subject { projects_dashboard_path }
+
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /help" do
+    subject { help_path }
+
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /projects/new" do
+    it { new_project_path.should be_allowed_for :admin }
+    it { new_project_path.should be_allowed_for :user }
+    it { new_project_path.should be_denied_for :visitor }
+  end
+
+  describe "GET /groups/new" do
+    it { new_group_path.should be_allowed_for :admin }
+    it { new_group_path.should be_allowed_for :user }
+    it { new_group_path.should be_denied_for :visitor }
+  end
+end
diff --git a/spec/features/security/group_access_spec.rb b/spec/features/security/group_access_spec.rb
new file mode 100644
index 00000000000..b6167174f20
--- /dev/null
+++ b/spec/features/security/group_access_spec.rb
@@ -0,0 +1,83 @@
+require 'spec_helper'
+
+describe "Group access" do
+  describe "GET /projects/new" do
+    it { new_group_path.should be_allowed_for :admin }
+    it { new_group_path.should be_allowed_for :user }
+    it { new_group_path.should be_denied_for :visitor }
+  end
+
+  describe "Group" do
+    let(:group) { create(:group) }
+
+    let(:master)   { create(:user) }
+    let(:reporter) { create(:user) }
+    let(:guest)    { create(:user) }
+
+    before do
+      group.add_user(master, Gitlab::Access::MASTER)
+      group.add_user(reporter, Gitlab::Access::REPORTER)
+      group.add_user(guest, Gitlab::Access::GUEST)
+    end
+
+    describe "GET /groups/:path" do
+      subject { group_path(group) }
+
+      it { should be_allowed_for group.owner }
+      it { should be_allowed_for master }
+      it { should be_allowed_for reporter }
+      it { should be_allowed_for :admin }
+      it { should be_allowed_for guest }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
+    end
+
+    describe "GET /groups/:path/issues" do
+      subject { issues_group_path(group) }
+
+      it { should be_allowed_for group.owner }
+      it { should be_allowed_for master }
+      it { should be_allowed_for reporter }
+      it { should be_allowed_for :admin }
+      it { should be_allowed_for guest }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
+    end
+
+    describe "GET /groups/:path/merge_requests" do
+      subject { merge_requests_group_path(group) }
+
+      it { should be_allowed_for group.owner }
+      it { should be_allowed_for master }
+      it { should be_allowed_for reporter }
+      it { should be_allowed_for :admin }
+      it { should be_allowed_for guest }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
+    end
+
+    describe "GET /groups/:path/members" do
+      subject { members_group_path(group) }
+
+      it { should be_allowed_for group.owner }
+      it { should be_allowed_for master }
+      it { should be_allowed_for reporter }
+      it { should be_allowed_for :admin }
+      it { should be_allowed_for guest }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
+    end
+
+    describe "GET /groups/:path/edit" do
+      subject { edit_group_path(group) }
+
+      it { should be_allowed_for group.owner }
+      it { should be_denied_for master }
+      it { should be_denied_for reporter }
+      it { should be_allowed_for :admin }
+      it { should be_denied_for guest }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
+    end
+  end
+end
diff --git a/spec/features/security/profile_access_spec.rb b/spec/features/security/profile_access_spec.rb
index 52130b3f8c6..7754b28347a 100644
--- a/spec/features/security/profile_access_spec.rb
+++ b/spec/features/security/profile_access_spec.rb
@@ -45,5 +45,32 @@ describe "Users Security" do
       it { should be_allowed_for :user }
       it { should be_denied_for :visitor }
     end
+
+    describe "GET /profile/history" do
+      subject { history_profile_path }
+
+      it { should be_allowed_for @u1 }
+      it { should be_allowed_for :admin }
+      it { should be_allowed_for :user }
+      it { should be_denied_for :visitor }
+    end
+
+    describe "GET /profile/notifications" do
+      subject { profile_notifications_path }
+
+      it { should be_allowed_for @u1 }
+      it { should be_allowed_for :admin }
+      it { should be_allowed_for :user }
+      it { should be_denied_for :visitor }
+    end
+
+    describe "GET /profile/groups" do
+      subject { profile_groups_path }
+
+      it { should be_allowed_for @u1 }
+      it { should be_allowed_for :admin }
+      it { should be_allowed_for :user }
+      it { should be_denied_for :visitor }
+    end
   end
 end
diff --git a/spec/features/security/project/private_access_spec.rb b/spec/features/security/project/private_access_spec.rb
new file mode 100644
index 00000000000..7f3f8c50f02
--- /dev/null
+++ b/spec/features/security/project/private_access_spec.rb
@@ -0,0 +1,218 @@
+require 'spec_helper'
+
+describe "Private Project Access" do
+  let(:project) { create(:project_with_code) }
+
+  let(:master)   { create(:user) }
+  let(:guest)    { create(:user) }
+  let(:reporter) { create(:user) }
+
+  before do
+    # full access
+    project.team << [master, :master]
+
+    # readonly
+    project.team << [reporter, :reporter]
+  end
+
+  describe "GET /:project_path" do
+    subject { project_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/tree/master" do
+    subject { project_tree_path(project, project.repository.root_ref) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/commits/master" do
+    subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/commit/:sha" do
+    subject { project_commit_path(project, project.repository.commit) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/compare" do
+    subject { project_compare_index_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/team" do
+    subject { project_team_index_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/wall" do
+    subject { project_wall_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/blob" do
+    before do
+      commit = project.repository.commit
+      path = commit.tree.contents.select { |i| i.is_a?(Grit::Blob) }.first.name
+      @blob_path = project_blob_path(project, File.join(commit.id, path))
+    end
+
+    it { @blob_path.should be_allowed_for master }
+    it { @blob_path.should be_allowed_for reporter }
+    it { @blob_path.should be_allowed_for :admin }
+    it { @blob_path.should be_denied_for guest }
+    it { @blob_path.should be_denied_for :user }
+    it { @blob_path.should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/edit" do
+    subject { edit_project_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/deploy_keys" do
+    subject { project_deploy_keys_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/issues" do
+    subject { project_issues_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/snippets" do
+    subject { project_snippets_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/merge_requests" do
+    subject { project_merge_requests_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/branches/recent" do
+    subject { recent_project_branches_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/branches" do
+    subject { project_branches_path(project) }
+
+    before do
+      # Speed increase
+      Project.any_instance.stub(:branches).and_return([])
+    end
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/tags" do
+    subject { project_tags_path(project) }
+
+    before do
+      # Speed increase
+      Project.any_instance.stub(:tags).and_return([])
+    end
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/hooks" do
+    subject { project_hooks_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+end
diff --git a/spec/features/security/project/public_access_spec.rb b/spec/features/security/project/public_access_spec.rb
new file mode 100644
index 00000000000..267643fd8ef
--- /dev/null
+++ b/spec/features/security/project/public_access_spec.rb
@@ -0,0 +1,251 @@
+require 'spec_helper'
+
+describe "Public Project Access" do
+  let(:project) { create(:project_with_code) }
+
+  let(:master) { create(:user) }
+  let(:guest) { create(:user) }
+  let(:reporter) { create(:user) }
+
+  before do
+    # public project
+    project.public = true
+    project.save!
+
+    # full access
+    project.team << [master, :master]
+
+    # readonly
+    project.team << [reporter, :reporter]
+
+  end
+
+  describe "Project should be public" do
+    subject { project }
+
+    its(:public?) { should be_true }
+  end
+
+  describe "GET /:project_path" do
+    subject { project_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/tree/master" do
+    subject { project_tree_path(project, project.repository.root_ref) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/commits/master" do
+    subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/commit/:sha" do
+    subject { project_commit_path(project, project.repository.commit) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/compare" do
+    subject { project_compare_index_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/team" do
+    subject { project_team_index_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/wall" do
+    subject { project_wall_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/blob" do
+    before do
+      commit = project.repository.commit
+      path = commit.tree.contents.select { |i| i.is_a?(Grit::Blob) }.first.name
+      @blob_path = project_blob_path(project, File.join(commit.id, path))
+    end
+
+    it { @blob_path.should be_allowed_for master }
+    it { @blob_path.should be_allowed_for reporter }
+    it { @blob_path.should be_allowed_for :admin }
+    it { @blob_path.should be_allowed_for guest }
+    it { @blob_path.should be_allowed_for :user }
+    it { @blob_path.should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/edit" do
+    subject { edit_project_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/deploy_keys" do
+    subject { project_deploy_keys_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/issues" do
+    subject { project_issues_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/snippets" do
+    subject { project_snippets_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/snippets/new" do
+    subject { new_project_snippet_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/merge_requests" do
+    subject { project_merge_requests_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/merge_requests/new" do
+    subject { new_project_merge_request_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/branches/recent" do
+    subject { recent_project_branches_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/branches" do
+    subject { project_branches_path(project) }
+
+    before do
+      # Speed increase
+      Project.any_instance.stub(:branches).and_return([])
+    end
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/tags" do
+    subject { project_tags_path(project) }
+
+    before do
+      # Speed increase
+      Project.any_instance.stub(:tags).and_return([])
+    end
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/hooks" do
+    subject { project_hooks_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+end
diff --git a/spec/features/security/project_access_spec.rb b/spec/features/security/project_access_spec.rb
deleted file mode 100644
index d0964a947db..00000000000
--- a/spec/features/security/project_access_spec.rb
+++ /dev/null
@@ -1,474 +0,0 @@
-require 'spec_helper'
-
-describe "Application access" do
-  describe "GET /" do
-    it { root_path.should be_allowed_for :admin }
-    it { root_path.should be_allowed_for :user }
-    it { root_path.should be_denied_for :visitor }
-  end
-
-  describe "GET /projects/new" do
-    it { new_project_path.should be_allowed_for :admin }
-    it { new_project_path.should be_allowed_for :user }
-    it { new_project_path.should be_denied_for :visitor }
-  end
-
-  describe "Project" do
-    let(:project) { create(:project_with_code) }
-
-    let(:master) { create(:user) }
-    let(:guest) { create(:user) }
-    let(:reporter) { create(:user) }
-
-    before do
-      # full access
-      project.team << [master, :master]
-
-      # readonly
-      project.team << [reporter, :reporter]
-    end
-
-    describe "GET /project_code" do
-      subject { project_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/tree/master" do
-      subject { project_tree_path(project, project.repository.root_ref) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/commits/master" do
-      subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/commit/:sha" do
-      subject { project_commit_path(project, project.repository.commit) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/compare" do
-      subject { project_compare_index_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/team" do
-      subject { project_team_index_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/wall" do
-      subject { project_wall_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/blob" do
-      before do
-        commit = project.repository.commit
-        path = commit.tree.contents.select { |i| i.is_a?(Grit::Blob) }.first.name
-        @blob_path = project_blob_path(project, File.join(commit.id, path))
-      end
-
-      it { @blob_path.should be_allowed_for master }
-      it { @blob_path.should be_allowed_for reporter }
-      it { @blob_path.should be_allowed_for :admin }
-      it { @blob_path.should be_denied_for guest }
-      it { @blob_path.should be_denied_for :user }
-      it { @blob_path.should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/edit" do
-      subject { edit_project_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_denied_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/deploy_keys" do
-      subject { project_deploy_keys_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_denied_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/issues" do
-      subject { project_issues_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/snippets" do
-      subject { project_snippets_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/merge_requests" do
-      subject { project_merge_requests_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/branches/recent" do
-      subject { recent_project_branches_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/branches" do
-      subject { project_branches_path(project) }
-
-      before do
-        # Speed increase
-        Project.any_instance.stub(:branches).and_return([])
-      end
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/tags" do
-      subject { project_tags_path(project) }
-
-      before do
-        # Speed increase
-        Project.any_instance.stub(:tags).and_return([])
-      end
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/hooks" do
-      subject { project_hooks_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-  end
-
-
-  describe "PublicProject" do
-    let(:project) { create(:project_with_code) }
-
-    let(:master) { create(:user) }
-    let(:guest) { create(:user) }
-    let(:reporter) { create(:user) }
-
-    let(:admin) { create(:user) }
-
-    before do
-      # public project
-      project.public = true
-      project.save!
-
-      # full access
-      project.team << [master, :master]
-
-      # readonly
-      project.team << [reporter, :reporter]
-
-    end
-
-    describe "Project should be public" do
-      subject { project }
-
-      its(:public?) { should be_true }
-    end
-
-    describe "GET /project_code" do
-      subject { project_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/tree/master" do
-      subject { project_tree_path(project, project.repository.root_ref) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/commits/master" do
-      subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/commit/:sha" do
-      subject { project_commit_path(project, project.repository.commit) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/compare" do
-      subject { project_compare_index_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/team" do
-      subject { project_team_index_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/wall" do
-      subject { project_wall_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/blob" do
-      before do
-        commit = project.repository.commit
-        path = commit.tree.contents.select { |i| i.is_a?(Grit::Blob) }.first.name
-        @blob_path = project_blob_path(project, File.join(commit.id, path))
-      end
-
-      it { @blob_path.should be_allowed_for master }
-      it { @blob_path.should be_allowed_for reporter }
-      it { @blob_path.should be_allowed_for :admin }
-      it { @blob_path.should be_allowed_for guest }
-      it { @blob_path.should be_allowed_for :user }
-      it { @blob_path.should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/edit" do
-      subject { edit_project_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_denied_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/deploy_keys" do
-      subject { project_deploy_keys_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_denied_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/issues" do
-      subject { project_issues_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/snippets" do
-      subject { project_snippets_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/snippets/new" do
-      subject { new_project_snippet_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/merge_requests" do
-      subject { project_merge_requests_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/branches/recent" do
-      subject { recent_project_branches_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/branches" do
-      subject { project_branches_path(project) }
-
-      before do
-        # Speed increase
-        Project.any_instance.stub(:branches).and_return([])
-      end
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/tags" do
-      subject { project_tags_path(project) }
-
-      before do
-        # Speed increase
-        Project.any_instance.stub(:tags).and_return([])
-      end
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/hooks" do
-      subject { project_hooks_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-  end
-end
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2013-09-25 13:25:47 +0000
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2013-09-25 13:25:47 +0000
commit	f1fd47875c19bf4bd9b5bbd2975f99209f1c282e (patch)
tree	11211f17bd978e5b73a329cd238a1ef3fd90067e
parent	a3c806732570bd38feb3204b1eadd1f70b21e266 (diff)
parent	e8292e733bd35eefad4c222f324c3d5070ac83eb (diff)
download	gitlab-ce-f1fd47875c19bf4bd9b5bbd2975f99209f1c282e.tar.gz