WIP: Secret Snippets
What does this MR do?
This MR adds support for a new visibility level for Snippets called Secret. A Secret Snippet can be viewed by anyone with the correct URL. Secret Snippets are not search-able.
The core mechanism for making a Snippet Secret vs. Public is via the introduction of the
?secret=<unique secret> query param which is stored in the
snippets table in the
Snippet#secret_word is populated via the
before_save AR hook and currently uses
?secret=<unique secret> needs to be provided in order to view a Secret Snippet, it should also be fairly easy to re-generate
<unique secret> (perhaps via a button within Snippet edit mode). This ability allows existing URL's containing
?secret=<original unique secret> to be rendered invalid and offers some ability to the author to reset / reduce exposure should they need it.
- Add missing unit tests
- Create QA tests
Public Snippet (58)
Secret Snippet (57 - as an authenticated user who is the author)
Secret Snippet (57 - as an authenticated user who is not the author)
Searching through Snippets - as an unauthenticated user
Searching through Snippets - as an authenticated user (but not the author of Secret Snippet 57)
Searching through Snippets - as an authenticated user who is the author of Secret Snippet 57
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
- Changelog entry added, if necessary
- Documentation created/updated
- Tests added for this feature/bug
- Tested in all supported browsers
- Conforms to the code review guidelines
- Conforms to the merge request performance guidelines
- Conforms to the style guides
- Conforms to the database guides
- Link to e2e tests MR added if this MR has Requires e2e tests label. See the Test Planning Process.
- Security reports checked/validated by reviewer