diff options
author | Phil Hughes <me@iamphill.com> | 2016-10-25 14:57:56 +0300 |
---|---|---|
committer | Phil Hughes <me@iamphill.com> | 2016-10-25 14:57:56 +0300 |
commit | cabc131cfbee72e3a1eaae94619dcf1e3cc59d5a (patch) | |
tree | 98b1b8cca621b87b4818018e4ec7bfadd63c8ca0 | |
parent | f289983db6dd0b3d237ad35f5359ecd6e09cb3ea (diff) |
Stop unauthized users dragging on issue boards
Closes #23763
-rw-r--r-- | CHANGELOG.md | 3 | ||||
-rw-r--r-- | app/helpers/boards_helper.rb | 2 | ||||
-rw-r--r-- | spec/features/boards/boards_spec.rb | 4 |
3 files changed, 7 insertions, 2 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 21f2bec867f..a8603170355 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,7 +23,8 @@ Please view this file on the master branch, on stable branches it's out of date. - Fixed hidden pipeline graph on commit and MR page !6895 - Expire and build repository cache after project import - Fix 404 for group pages when GitLab setup uses relative url - - Simpler arguments passed to named_route on toggle_award_url helper method + - Simpler arguments passed to named_route on toggle_award_url helper method + - Fix unauthorized users dragging on issue boards - Better handle when no users were selected for adding to group or project. (Linus Thiel) - Only show register tab if signup enabled. diff --git a/app/helpers/boards_helper.rb b/app/helpers/boards_helper.rb index b7247ffa8b2..38c586ccd31 100644 --- a/app/helpers/boards_helper.rb +++ b/app/helpers/boards_helper.rb @@ -5,7 +5,7 @@ module BoardsHelper { endpoint: namespace_project_boards_path(@project.namespace, @project), board_id: board.id, - disabled: !can?(current_user, :admin_list, @project), + disabled: "#{!can?(current_user, :admin_list, @project)}", issue_link_base: namespace_project_issues_path(@project.namespace, @project) } end diff --git a/spec/features/boards/boards_spec.rb b/spec/features/boards/boards_spec.rb index 0fb1608a0a3..c533ce1d87f 100644 --- a/spec/features/boards/boards_spec.rb +++ b/spec/features/boards/boards_spec.rb @@ -624,6 +624,10 @@ describe 'Issue Boards', feature: true, js: true do it 'does not show create new list' do expect(page).not_to have_selector('.js-new-board-list') end + + it 'does not allow dragging' do + expect(page).not_to have_selector('.user-can-drag') + end end context 'as guest user' do |