Skip to content
Snippets Groups Projects
Commit 49ad9b7e authored by Rémy Coutable's avatar Rémy Coutable Committed by GitLab Release Tools Bot
Browse files

Merge branch 'modify_group_policy' into 'master' 

Update group policy to reflect all the requirements

See merge request gitlab-org/gitlab-ce!25854

(cherry picked from commit d8bbd3e7)

0a706446 Modify group policy
8a37dd7a Add changelog to reflect changes
71e522a5 Remove not relevant changes
9559470b Remove not relevant changes
parent d40b9c49
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
app/policies/group_policy.rb
+ 2
1
View file @ 49ad9b7e
@@ -26,7 +26,7 @@ class GroupPolicy < BasePolicy
condition(:can_change_parent_share_with_group_lock) { can?(:change_share_with_group_lock, @subject.parent) }
 
condition(:has_projects) do
GroupProjectsFinder.new(group: @subject, current_user: @user, options: { include_subgroups: true }).execute.any?
GroupProjectsFinder.new(group: @subject, current_user: @user, options: { include_subgroups: true, only_owned: true }).execute.any?
end
 
condition(:has_clusters, scope: :subject) { clusterable_has_clusters? }
@@ -55,6 +55,7 @@ class GroupPolicy < BasePolicy
rule { has_projects }.policy do
enable :read_list
enable :read_label
enable :read_group
end
 
rule { has_access }.enable :read_namespace
changelogs/unreleased/modify_group_policy.yml 0 → 100644
+ 5
0
View file @ 49ad9b7e
---
title: Allow project members to see private group if the project is in the group namespace
merge_request:
author:
type: fixed
spec/features/security/group/private_access_spec.rb
+ 5
4
View file @ 49ad9b7e
@@ -27,7 +27,7 @@ describe 'Private Group access' do
it { is_expected.to be_allowed_for(:developer).of(group) }
it { is_expected.to be_allowed_for(:reporter).of(group) }
it { is_expected.to be_allowed_for(:guest).of(group) }
it { is_expected.to be_denied_for(project_guest) }
it { is_expected.to be_allowed_for(project_guest) }
it { is_expected.to be_denied_for(:user) }
it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for(:visitor) }
@@ -42,7 +42,7 @@ describe 'Private Group access' do
it { is_expected.to be_allowed_for(:developer).of(group) }
it { is_expected.to be_allowed_for(:reporter).of(group) }
it { is_expected.to be_allowed_for(:guest).of(group) }
it { is_expected.to be_denied_for(project_guest) }
it { is_expected.to be_allowed_for(project_guest) }
it { is_expected.to be_denied_for(:user) }
it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for(:visitor) }
@@ -58,7 +58,7 @@ describe 'Private Group access' do
it { is_expected.to be_allowed_for(:developer).of(group) }
it { is_expected.to be_allowed_for(:reporter).of(group) }
it { is_expected.to be_allowed_for(:guest).of(group) }
it { is_expected.to be_denied_for(project_guest) }
it { is_expected.to be_allowed_for(project_guest) }
it { is_expected.to be_denied_for(:user) }
it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for(:visitor) }
@@ -73,7 +73,7 @@ describe 'Private Group access' do
it { is_expected.to be_allowed_for(:developer).of(group) }
it { is_expected.to be_allowed_for(:reporter).of(group) }
it { is_expected.to be_allowed_for(:guest).of(group) }
it { is_expected.to be_denied_for(project_guest) }
it { is_expected.to be_allowed_for(project_guest) }
it { is_expected.to be_denied_for(:user) }
it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for(:visitor) }
@@ -96,6 +96,7 @@ describe 'Private Group access' do
 
describe 'GET /groups/:path for shared projects' do
let(:project) { create(:project, :public) }
before do
Projects::GroupLinks::CreateService.new(
project,
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment