Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
GitLab
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Analytics
Analytics
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Commits
Open sidebar
projects.thm.de
GitLab
Commits
951e3459
Unverified
Commit
951e3459
authored
Apr 22, 2016
by
Rémy Coutable
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Use the `can?` helper instead of `current_user.can?`
Fixes #15513. Signed-off-by:
Rémy Coutable
<
remy@rymai.me
>
parent
d5398e96
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
25 additions
and
2 deletions
+25
-2
CHANGELOG
CHANGELOG
+4
-1
app/views/projects/project_members/_shared_group_members.html.haml
.../projects/project_members/_shared_group_members.html.haml
+1
-1
spec/features/projects/members/anonymous_user_sees_members_spec.rb
...ures/projects/members/anonymous_user_sees_members_spec.rb
+20
-0
No files found.
CHANGELOG
View file @
951e3459
...
...
@@ -2,7 +2,10 @@ Please view this file on the master branch, on stable branches it's out of date.
v 8.8.0 (unreleased)
v 8.7.0 (unreleased)
v 8.7.1 (unreleased)
- Use the `can?` helper instead of `current_user.can?`
v 8.7.0
- Gitlab::GitAccess and Gitlab::GitAccessWiki are now instrumented
- Fix vulnerability that made it possible to gain access to private labels and milestones
- The number of InfluxDB points stored per UDP packet can now be configured
...
...
app/views/projects/project_members/_shared_group_members.html.haml
View file @
951e3459
...
...
@@ -8,7 +8,7 @@
group, members with
%strong
#{
group_links
.
human_access
}
role (
#{
shared_group_users_count
}
)
-
if
c
urrent_user
.
can?
(
:admin_group
,
shared_group
)
-
if
c
an?
(
current_user
,
:admin_group
,
shared_group
)
.panel-head-actions
=
link_to
group_group_members_path
(
shared_group
),
class:
'btn btn-sm'
do
%i
.fa.fa-pencil-square-o
...
...
spec/features/projects/members/anonymous_user_sees_members_spec.rb
0 → 100644
View file @
951e3459
require
'spec_helper'
feature
'Projects > Members > Anonymous user sees members'
,
feature:
true
do
let
(
:user
)
{
create
(
:user
)
}
let
(
:group
)
{
create
(
:group
,
:public
)
}
let
(
:project
)
{
create
(
:empty_project
,
:public
)
}
background
do
project
.
team
<<
[
user
,
:master
]
create
(
:project_group_link
,
project:
project
,
group:
group
)
end
scenario
"anonymous user visits the project's members page and sees the list of members"
do
visit
namespace_project_project_members_path
(
project
.
namespace
,
project
)
expect
(
current_path
).
to
eq
(
namespace_project_project_members_path
(
project
.
namespace
,
project
))
expect
(
page
).
to
have_content
(
user
.
name
)
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
Rémy Coutable <remy@rymai.me>Rémy Coutable <remy@rymai.me>