Skip to content
Snippets Groups Projects
Commit 881099bc authored by David Kim's avatar David Kim :dart: Committed by GitLab Release Tools Bot
Browse files

Resolve "Fork relationship is not respected for certain projects" 

See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86102

Changelog: fixed
parent f1debf96
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
app/policies/project_policy.rb
+ 1
1
View file @ 881099bc
@@ -664,7 +664,7 @@ class ProjectPolicy < BasePolicy
enable :read_security_configuration
end
 
rule { can?(:guest_access) & can?(:read_commit_status) }.policy do
rule { can?(:guest_access) & can?(:download_code) }.policy do
enable :create_merge_request_in
end
 
spec/policies/project_policy_spec.rb
+ 69
19
View file @ 881099bc
@@ -103,39 +103,89 @@ RSpec.describe ProjectPolicy do
end
 
context 'creating_merge_request_in' do
context 'when project is public' do
let(:project) { public_project }
context 'when the current_user can download_code' do
before do
expect(subject).to receive(:allowed?).with(:download_code).and_return(true)
allow(subject).to receive(:allowed?).with(any_args).and_call_original
end
 
context 'when the current_user is guest' do
let(:current_user) { guest }
context 'when project is public' do
let(:project) { public_project }
context 'when the current_user is guest' do
let(:current_user) { guest }
 
it { is_expected.to be_allowed(:create_merge_request_in) }
it { is_expected.to be_allowed(:create_merge_request_in) }
end
end
end
 
context 'when project is internal' do
let(:project) { internal_project }
context 'when project is internal' do
let(:project) { internal_project }
 
context 'when the current_user is guest' do
let(:current_user) { guest }
context 'when the current_user is guest' do
let(:current_user) { guest }
 
it { is_expected.to be_allowed(:create_merge_request_in) }
it { is_expected.to be_allowed(:create_merge_request_in) }
end
end
context 'when project is private' do
let(:project) { private_project }
context 'when the current_user is guest' do
let(:current_user) { guest }
it { is_expected.not_to be_allowed(:create_merge_request_in) }
end
context 'when the current_user is reporter or above' do
let(:current_user) { reporter }
it { is_expected.to be_allowed(:create_merge_request_in) }
end
end
end
 
context 'when project is private' do
let(:project) { private_project }
context 'when the current_user can not download code' do
before do
expect(subject).to receive(:allowed?).with(:download_code).and_return(false)
allow(subject).to receive(:allowed?).with(any_args).and_call_original
end
 
context 'when the current_user is guest' do
let(:current_user) { guest }
context 'when project is public' do
let(:project) { public_project }
context 'when the current_user is guest' do
let(:current_user) { guest }
 
it { is_expected.not_to be_allowed(:create_merge_request_in) }
it { is_expected.not_to be_allowed(:create_merge_request_in) }
end
end
 
context 'when the current_user is reporter or above' do
let(:current_user) { reporter }
context 'when project is internal' do
let(:project) { internal_project }
 
it { is_expected.to be_allowed(:create_merge_request_in) }
context 'when the current_user is guest' do
let(:current_user) { guest }
it { is_expected.not_to be_allowed(:create_merge_request_in) }
end
end
context 'when project is private' do
let(:project) { private_project }
context 'when the current_user is guest' do
let(:current_user) { guest }
it { is_expected.not_to be_allowed(:create_merge_request_in) }
end
context 'when the current_user is reporter or above' do
let(:current_user) { reporter }
it { is_expected.not_to be_allowed(:create_merge_request_in) }
end
end
end
end
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment