summaryrefslogtreecommitdiff
path: root/spec/policies
Commit message (Collapse)AuthorAgeFilesLines
* Support uploaders for personal snippets comments12910-uploader-pers-snippetJarka Kadlecova2017-05-021-0/+141
|
* Enable RSpec/FilePath copenable-spec-file-name-copSean McGivern2017-04-262-279/+160
| | | | | | - Ignore JS fixtures - Ignore qa directory - Rewrite concern specs to put concern name first
* Merge branch 'siemens/gitlab-ce-fix/subgroup-hide-button' into 'master' Rémy Coutable2017-04-121-1/+2
|\ | | | | | | | | | | | | Hide new subgroup button if user has no permission to create one Closes #30139 See merge request !10627
| * Move permission to create subgroup into GroupPolicyDmitriy Zaporozhets2017-04-111-1/+2
| | | | | | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* | Use `:empty_project` where possible in policy specsRobert Speicher2017-03-272-2/+2
|/
* spec the new behavior of .class_forhttp://jneen.net/2017-03-091-4/+6
| | | | and more robustly spec the ancestor behavior
* Improve pipeline triggers UIKamil Trzciński2017-03-071-0/+103
|
* Don't allow deleting a ghost user.Timothy Andrew2017-02-241-0/+37
| | | | | | | | | | | | | | | - Add a `destroy_user` ability. This didn't exist before, and was implicit in other abilities (only admins could access the admin area, so only they could destroy all users; a user can only access their own account page, and so can destroy only themselves). - Grant this ability to admins, and when the current user is trying to destroy themselves. Disallow destroying ghost users in all cases. - Modify the `Users::DestroyService` to check this ability. Also check it in views to decide whether or not to show the "Delete User" button. - Add a short summary of the Ghost User to the bio.
* More backportDouwe Maan2017-02-062-32/+131
|
* Fix build access policies when pipelines are publicGrzegorz Bizon2017-01-231-0/+93
|
* More improvements to presenters23563-document-presentersRémy Coutable2017-01-181-2/+2
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Handle presenters in BasePolicyRémy Coutable2017-01-181-0/+17
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Include group parents into read access for project and groupDmitriy Zaporozhets2016-12-261-0/+66
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Add missing group policy specdz-add-group-policy-specDmitriy Zaporozhets2016-12-151-0/+108
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Update effected testszj-guest-reads-public-buildsZ.J. van de Weg2016-12-041-16/+16
|
* Guests can read builds if those are publicZ.J. van de Weg2016-12-041-7/+29
| | | | Fixes #18448
* Improve ProjectPolicy spec to check permissions when wiki is disabledDouglas Barbosa Alexandre2016-11-301-2/+12
|
* Added tests for IssuePolicyYorick Peterse2016-11-071-0/+119
|
* Allow owners to fetch source code in CI buildsallow-owner-to-run-ci-buildsKamil Trzcinski2016-11-011-0/+14
| | | | Due to different way of handling owners of a project, they were not allowed to fetch CI sources for project.
* Add specs for a user from a group link23872-members-of-group-that-has-project-access-getting-404-on-accessing-a-project-issueSean McGivern2016-10-281-0/+30
|
* Fix project member access for group linksSean McGivern2016-10-281-0/+163
| | | | | | | | | | | | | | | | `ProjectTeam#find_member` doesn't take group links into account. It was used in two places: 1. An admin view - it can stay here. 2. `ProjectTeam#member?`, which is often used to decide if a user has access to view something. This second part broke confidential issues viewing. `IssuesFinder` ends up delegating to `Project#authorized_for_user?`, which does consider group links, so users with access to the project via a group link could see confidential issues on the index page. However, `IssuesPolicy` used `ProjectTeam#member?`, so the same user couldn't view the issue when going to it directly.
* Make guests unable to view MRsguests_cant_see_mrsValery Sizov2016-10-111-2/+3
|
* Improve project policy specAlejandro Rodríguez2016-10-061-16/+131
|
* Test if issue authors can access private projectsFelipe Artur2016-09-201-0/+13
|
* add project_policy_spec to replace .project_abilities spechttp://jneen.net/2016-08-301-0/+36
View Lorry Controller Status