Commit 07b38c3b authored by Felipe's avatar Felipe

Code fixes

parent 147879ae
class Projects::ProjectMembersController < Projects::ApplicationController
# Authorize
before_action :authorize_admin_project_member!, except: :leave
before_action :authorize_read_project_members, only: :index
def index
@project_members = @project.project_members
......@@ -113,10 +112,4 @@ class Projects::ProjectMembersController < Projects::ApplicationController
def member_params
params.require(:project_member).permit(:user_id, :access_level)
end
private
def authorize_read_project_members
can?(current_user, :read_project_members, @project)
end
end
class UsersController < ApplicationController
skip_before_action :authenticate_user!
before_action :set_user, except: [:show]
before_action :user
before_action :authorize_read_user!, only: [:show]
def show
......@@ -77,26 +77,25 @@ class UsersController < ApplicationController
private
def authorize_read_user!
set_user
render_404 unless can?(current_user, :read_user, @user)
render_404 unless can?(current_user, :read_user, user)
end
def set_user
@user = User.find_by_username!(params[:username])
def user
@user ||= User.find_by_username!(params[:username])
end
def contributed_projects
ContributedProjectsFinder.new(@user).execute(current_user)
ContributedProjectsFinder.new(user).execute(current_user)
end
def contributions_calendar
@contributions_calendar ||= Gitlab::ContributionsCalendar.
new(contributed_projects, @user)
new(contributed_projects, user)
end
def load_events
# Get user activity feed for projects common for both users
@events = @user.recent_events.
@events = user.recent_events.
merge(projects_for_current_user).
references(:project).
with_associations.
......@@ -105,16 +104,16 @@ class UsersController < ApplicationController
def load_projects
@projects =
PersonalProjectsFinder.new(@user).execute(current_user)
PersonalProjectsFinder.new(user).execute(current_user)
.page(params[:page])
end
def load_contributed_projects
@contributed_projects = contributed_projects.joined(@user)
@contributed_projects = contributed_projects.joined(user)
end
def load_groups
@groups = JoinedGroupsFinder.new(@user).execute(current_user)
@groups = JoinedGroupsFinder.new(user).execute(current_user)
end
def projects_for_current_user
......
class Ability
class << self
def allowed(user, subject)
return anonymous_abilities(user, subject) if user.nil?
......@@ -58,7 +57,6 @@ class Ability
:read_label,
:read_milestone,
:read_project_snippet,
:read_project_member,
:read_merge_request,
:read_note,
:read_commit_status,
......@@ -71,8 +69,6 @@ class Ability
# Allow to read issues by anonymous user if issue is not confidential
rules << :read_issue unless subject.is_a?(Issue) && subject.confidential?
rules << :read_project_member unless restricted_public_level?
rules - project_disabled_features_rules(project)
else
[]
......@@ -96,9 +92,8 @@ class Ability
end
if group
rules << [:read_group] if group.public?
rules << [:read_group_members] unless restricted_public_level?
rules << :read_group if group.public?
rules << :read_group_members unless restricted_public_level?
end
rules
......@@ -156,7 +151,6 @@ class Ability
rules -= project_archived_rules
end
rules << :read_project_members
rules - project_disabled_features_rules(project)
end
end
......
......@@ -77,7 +77,7 @@
Merge Requests
%span.count.merge_counter= number_with_delimiter(@project.merge_requests.opened.count)
- if project_nav_tab?(:settings) && can?(current_user, :read_project_members, @project)
- if project_nav_tab?(:settings)
= nav_link(controller: [:project_members, :teams]) do
= link_to namespace_project_project_members_path(@project.namespace, @project), title: 'Members', class: 'team-tab tab' do
= icon('users fw')
......
......@@ -41,7 +41,7 @@ describe UsersController do
end
end
context 'When public visibility level is restricted' do
context 'when public visibility level is restricted' do
before do
stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment