From 627909c2a4a938c6387afa459ef4dc815fe9fb5a Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Tue, 2 Feb 2016 17:59:37 +0100
Subject: [PATCH] Add CI setting: allow_guest_to_access_builds
Add the `read_build` ability if user is anonymous or guest and allow_guest_to_access_builds is enabled.
---
app/controllers/projects_controller.rb | 1 +
app/models/ability.rb | 14 ++++----
app/views/projects/edit.html.haml | 8 +++--
...dd_allow_guest_to_access_builds_project.rb | 5 +++
db/schema.rb | 35 ++++++++++---------
doc/permissions/permissions.md | 9 +++++
6 files changed, 47 insertions(+), 25 deletions(-)
create mode 100644 db/migrate/20160202164642_add_allow_guest_to_access_builds_project.rb
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 4df5095bd94..153e7caaae3 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -227,6 +227,7 @@ class ProjectsController < ApplicationController
:issues_enabled, :merge_requests_enabled, :snippets_enabled, :issues_tracker_id, :default_branch,
:wiki_enabled, :visibility_level, :import_url, :last_activity_at, :namespace_id, :avatar,
:builds_enabled, :build_allow_git_fetch, :build_timeout_in_minutes, :build_coverage_regex,
+ :allow_guest_to_access_builds,
)
end
diff --git a/app/models/ability.rb b/app/models/ability.rb
index e58e7a40273..313c6f049b7 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -53,12 +53,11 @@ class Ability
:read_merge_request,
:read_note,
:read_commit_status,
- :read_build,
:download_code
]
- if project.restrict_builds?
- rules -= :read_build
+ if project.allow_guest_to_access_builds?
+ rules += :read_build
end
rules - project_disabled_features_rules(project)
@@ -114,13 +113,17 @@ class Ability
elsif team.guest?(user)
rules.push(*project_guest_rules)
+
+ if project.allow_guest_to_access_builds?
+ rules += :read_build
+ end
end
if project.public? || project.internal?
rules.push(*public_project_rules)
- if team.guest?(user) && project.restrict_builds?
- rules -= named_abilities('build')
+ if project.allow_guest_to_access_builds?
+ rules += :read_build
end
end
@@ -145,7 +148,6 @@ class Ability
:download_code,
:fork_project,
:read_commit_status,
- :read_build,
]
end
diff --git a/app/views/projects/edit.html.haml b/app/views/projects/edit.html.haml
index 8a99aceef7f..e3165caad05 100644
--- a/app/views/projects/edit.html.haml
+++ b/app/views/projects/edit.html.haml
@@ -157,8 +157,12 @@
%li
phpunit --coverage-text --colors=never (PHP) -
%code ^\s*Lines:\s*\d+.\d+\%
-
-
+ .form-group
+ .col-sm-offset-2.col-sm-10
+ .checkbox
+ = f.label :allow_guest_to_access_builds do
+ = f.check_box :allow_guest_to_access_builds
+ Allow guest to access builds (including build logs and artifacts)
%fieldset.features
%legend
Advanced settings
diff --git a/db/migrate/20160202164642_add_allow_guest_to_access_builds_project.rb b/db/migrate/20160202164642_add_allow_guest_to_access_builds_project.rb
new file mode 100644
index 00000000000..69ce8d08bba
--- /dev/null
+++ b/db/migrate/20160202164642_add_allow_guest_to_access_builds_project.rb
@@ -0,0 +1,5 @@
+class AddAllowGuestToAccessBuildsProject < ActiveRecord::Migration
+ def change
+ add_column :projects, :allow_guest_to_access_builds, :boolean, default: true, null: false
+ end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 2ad2c23fba5..a04e812ae22 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
#
# It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 20160128233227) do
+ActiveRecord::Schema.define(version: 20160202164642) do
# These are extensions that must be enabled in order to support this database
enable_extension "plpgsql"
@@ -650,34 +650,35 @@ ActiveRecord::Schema.define(version: 20160128233227) do
t.datetime "created_at"
t.datetime "updated_at"
t.integer "creator_id"
- t.boolean "issues_enabled", default: true, null: false
- t.boolean "wall_enabled", default: true, null: false
- t.boolean "merge_requests_enabled", default: true, null: false
- t.boolean "wiki_enabled", default: true, null: false
+ t.boolean "issues_enabled", default: true, null: false
+ t.boolean "wall_enabled", default: true, null: false
+ t.boolean "merge_requests_enabled", default: true, null: false
+ t.boolean "wiki_enabled", default: true, null: false
t.integer "namespace_id"
- t.string "issues_tracker", default: "gitlab", null: false
+ t.string "issues_tracker", default: "gitlab", null: false
t.string "issues_tracker_id"
- t.boolean "snippets_enabled", default: true, null: false
+ t.boolean "snippets_enabled", default: true, null: false
t.datetime "last_activity_at"
t.string "import_url"
- t.integer "visibility_level", default: 0, null: false
- t.boolean "archived", default: false, null: false
+ t.integer "visibility_level", default: 0, null: false
+ t.boolean "archived", default: false, null: false
t.string "avatar"
t.string "import_status"
- t.float "repository_size", default: 0.0
- t.integer "star_count", default: 0, null: false
+ t.float "repository_size", default: 0.0
+ t.integer "star_count", default: 0, null: false
t.string "import_type"
t.string "import_source"
- t.integer "commit_count", default: 0
+ t.integer "commit_count", default: 0
t.text "import_error"
t.integer "ci_id"
- t.boolean "builds_enabled", default: true, null: false
- t.boolean "shared_runners_enabled", default: true, null: false
+ t.boolean "builds_enabled", default: true, null: false
+ t.boolean "shared_runners_enabled", default: true, null: false
t.string "runners_token"
t.string "build_coverage_regex"
- t.boolean "build_allow_git_fetch", default: true, null: false
- t.integer "build_timeout", default: 3600, null: false
- t.boolean "pending_delete", default: false
+ t.boolean "build_allow_git_fetch", default: true, null: false
+ t.integer "build_timeout", default: 3600, null: false
+ t.boolean "pending_delete", default: false
+ t.boolean "allow_guest_to_access_builds", default: true, null: false
end
add_index "projects", ["builds_enabled", "shared_runners_enabled"], name: "index_projects_on_builds_enabled_and_shared_runners_enabled", using: :btree
diff --git a/doc/permissions/permissions.md b/doc/permissions/permissions.md
index 1be78ac1823..168e7d143ee 100644
--- a/doc/permissions/permissions.md
+++ b/doc/permissions/permissions.md
@@ -18,6 +18,9 @@ documentation](../workflow/add-user/add-user.md).
|---------------------------------------|---------|------------|-------------|----------|--------|
| Create new issue | ✓ | ✓ | ✓ | ✓ | ✓ |
| Leave comments | ✓ | ✓ | ✓ | ✓ | ✓ |
+| See a list of builds | ✓ [^1] | ✓ | ✓ | ✓ | ✓ |
+| See a build log | ✓ [^1] | ✓ | ✓ | ✓ | ✓ |
+| Download and browse build artifacts | ✓ [^1] | ✓ | ✓ | ✓ | ✓ |
| Pull project code | | ✓ | ✓ | ✓ | ✓ |
| Download project | | ✓ | ✓ | ✓ | ✓ |
| Create code snippets | | ✓ | ✓ | ✓ | ✓ |
@@ -31,6 +34,7 @@ documentation](../workflow/add-user/add-user.md).
| Remove non-protected branches | | | ✓ | ✓ | ✓ |
| Add tags | | | ✓ | ✓ | ✓ |
| Write a wiki | | | ✓ | ✓ | ✓ |
+| Cancel and retry builds | | | ✓ | ✓ | ✓ |
| Create new milestones | | | | ✓ | ✓ |
| Add new team members | | | | ✓ | ✓ |
| Push to protected branches | | | | ✓ | ✓ |
@@ -40,12 +44,17 @@ documentation](../workflow/add-user/add-user.md).
| Edit project | | | | ✓ | ✓ |
| Add deploy keys to project | | | | ✓ | ✓ |
| Configure project hooks | | | | ✓ | ✓ |
+| Manage runners | | | | ✓ | ✓ |
+| Manage build triggers | | | | ✓ | ✓ |
+| Manage variables | | | | ✓ | ✓ |
| Switch visibility level | | | | | ✓ |
| Transfer project to another namespace | | | | | ✓ |
| Remove project | | | | | ✓ |
| Force push to protected branches | | | | | |
| Remove protected branches | | | | | |
+[^1]: If **Allow guest to access builds** is enabled in CI settings
+
## Group
In order for a group to appear as public and be browsable, it must contain at
--
GitLab