diff options
author | Douglas Barbosa Alexandre <dbalexandre@gmail.com> | 2016-06-22 19:29:40 -0300 |
---|---|---|
committer | Douglas Barbosa Alexandre <dbalexandre@gmail.com> | 2016-06-22 20:09:19 -0300 |
commit | 256cd8e498edfcbb8199abfb2b54d2d2905f030e (patch) | |
tree | 0b1b782c5c84488c148a6e4e7f6ada0918de2bce | |
parent | 8f9b64c720d55ee40066d5a6b1017ab95dbd9781 (diff) | |
download | gitlab-ce-256cd8e498edfcbb8199abfb2b54d2d2905f030e.tar.gz |
Fix visibility of private project snippets for members when searching
-rw-r--r-- | app/models/snippet.rb | 14 | ||||
-rw-r--r-- | spec/models/snippet_spec.rb | 36 | ||||
-rw-r--r-- | spec/services/search/snippet_service_spec.rb | 38 |
3 files changed, 68 insertions, 20 deletions
diff --git a/app/models/snippet.rb b/app/models/snippet.rb index 3a191cd91d0..51f6ae7b25c 100644 --- a/app/models/snippet.rb +++ b/app/models/snippet.rb @@ -135,10 +135,16 @@ class Snippet < ActiveRecord::Base end def accessible_to(user) - visibility_levels = [Snippet::PUBLIC] - visibility_levels << Snippet::INTERNAL if user - - where('visibility_level IN (?) OR author_id = ?', visibility_levels, user) + return are_public unless user.present? + return all if user.admin? + + where( + 'visibility_level IN (:visibility_levels) + OR author_id = :author_id + OR project_id IN (:project_ids)', + visibility_levels: [Snippet::PUBLIC, Snippet::INTERNAL], + author_id: user.id, + project_ids: user.authorized_projects.select(:id)) end end end diff --git a/spec/models/snippet_spec.rb b/spec/models/snippet_spec.rb index 57365571a7b..0621c6a06ce 100644 --- a/spec/models/snippet_spec.rb +++ b/spec/models/snippet_spec.rb @@ -89,22 +89,42 @@ describe Snippet, models: true do end describe '.accessible_to' do - let(:author) { create(:author) } - let(:user) { create(:user) } + let(:author) { create(:author) } + let(:project) { create(:empty_project) } + let!(:public_snippet) { create(:snippet, :public) } let!(:internal_snippet) { create(:snippet, :internal) } let!(:private_snippet) { create(:snippet, :private, author: author) } - it 'returns only public snippets when user is nil' do - expect(described_class.accessible_to(nil)).to eq [public_snippet] + let!(:project_public_snippet) { create(:snippet, :public, project: project) } + let!(:project_internal_snippet) { create(:snippet, :internal, project: project) } + let!(:project_private_snippet) { create(:snippet, :private, project: project) } + + it 'returns only public snippets when user is blank' do + expect(described_class.accessible_to(nil)).to match_array [public_snippet, project_public_snippet] + end + + it 'returns only public, and internal snippets for regular users' do + user = create(:user) + + expect(described_class.accessible_to(user)).to match_array [public_snippet, internal_snippet, project_public_snippet, project_internal_snippet] end - it 'returns only public, and internal snippets when user is not nil' do - expect(described_class.accessible_to(user)).to match_array [public_snippet, internal_snippet] + it 'returns public, internal snippets and project private snippets for project members' do + member = create(:user) + project.team << [member, :developer] + + expect(described_class.accessible_to(member)).to match_array [public_snippet, internal_snippet, project_public_snippet, project_internal_snippet, project_private_snippet] end - it 'returns snippets where the user is the author' do - expect(described_class.accessible_to(author)).to match_array [public_snippet, internal_snippet, private_snippet] + it 'returns private snippets where the user is the author' do + expect(described_class.accessible_to(author)).to match_array [public_snippet, internal_snippet, private_snippet, project_public_snippet, project_internal_snippet] + end + + it 'returns all snippets when for admins' do + admin = create(:admin) + + expect(described_class.accessible_to(admin)).to match_array [public_snippet, internal_snippet, private_snippet, project_public_snippet, project_internal_snippet, project_private_snippet] end end diff --git a/spec/services/search/snippet_service_spec.rb b/spec/services/search/snippet_service_spec.rb index 85721b61cff..14f3301d9f4 100644 --- a/spec/services/search/snippet_service_spec.rb +++ b/spec/services/search/snippet_service_spec.rb @@ -2,35 +2,57 @@ require 'spec_helper' describe Search::SnippetService, services: true do let(:author) { create(:author) } - let(:internal_user) { create(:user) } + let(:project) { create(:empty_project) } let!(:public_snippet) { create(:snippet, :public, content: 'password: XXX') } let!(:internal_snippet) { create(:snippet, :internal, content: 'password: XXX') } let!(:private_snippet) { create(:snippet, :private, content: 'password: XXX', author: author) } + let!(:project_public_snippet) { create(:snippet, :public, project: project, content: 'password: XXX') } + let!(:project_internal_snippet) { create(:snippet, :internal, project: project, content: 'password: XXX') } + let!(:project_private_snippet) { create(:snippet, :private, project: project, content: 'password: XXX') } + describe '#execute' do context 'unauthenticated' do - it 'should return public snippets only' do + it 'returns public snippets only' do search = described_class.new(nil, search: 'password') results = search.execute - expect(results.objects('snippet_blobs')).to match_array [public_snippet] + expect(results.objects('snippet_blobs')).to match_array [public_snippet, project_public_snippet] end end context 'authenticated' do - it 'should return only public & internal snippets' do - search = described_class.new(internal_user, search: 'password') + it 'returns only public & internal snippets for regular users' do + user = create(:user) + search = described_class.new(user, search: 'password') + results = search.execute + + expect(results.objects('snippet_blobs')).to match_array [public_snippet, internal_snippet, project_public_snippet, project_internal_snippet] + end + + it 'returns public, internal snippets and project private snippets for project members' do + member = create(:user) + project.team << [member, :developer] + search = described_class.new(member, search: 'password') results = search.execute - expect(results.objects('snippet_blobs')).to match_array [public_snippet, internal_snippet] + expect(results.objects('snippet_blobs')).to match_array [public_snippet, internal_snippet, project_public_snippet, project_internal_snippet, project_private_snippet] end - it 'should return public, internal and private snippets for author' do + it 'returns public, internal and private snippets where user is the author' do search = described_class.new(author, search: 'password') results = search.execute - expect(results.objects('snippet_blobs')).to match_array [public_snippet, internal_snippet, private_snippet] + expect(results.objects('snippet_blobs')).to match_array [public_snippet, internal_snippet, private_snippet, project_public_snippet, project_internal_snippet] + end + + it 'returns all snippets when user is admin' do + admin = create(:admin) + search = described_class.new(admin, search: 'password') + results = search.execute + + expect(results.objects('snippet_blobs')).to match_array [public_snippet, internal_snippet, private_snippet, project_public_snippet, project_internal_snippet, project_private_snippet] end end end |