diff options
| author | Felipe Artur <felipefac@gmail.com> | 2016-03-17 03:23:59 +0300 |
|---|---|---|
| committer | Felipe Artur <felipefac@gmail.com> | 2016-03-17 03:23:59 +0300 |
| commit | a18ac62756573a2da2c42ca50b6f30033be6fa63 (patch) | |
| tree | 6f95ea299b1accf8cbc559478a59eeaeeb15d95b | |
| parent | 44c127447b5a3cfc7aaea6f19e18baf9f42ad500 (diff) | |
Block internal groups/projects visibility to external users
| -rw-r--r-- | app/finders/contributed_projects_finder.rb | 2 | ||||
| -rw-r--r-- | app/finders/joined_groups_finder.rb | 2 | ||||
| -rw-r--r-- | app/finders/personal_projects_finder.rb | 2 | ||||
| -rw-r--r-- | app/models/ability.rb | 7 | ||||
| -rw-r--r-- | db/schema.rb | 6 |
5 files changed, 11 insertions, 8 deletions
diff --git a/app/finders/contributed_projects_finder.rb b/app/finders/contributed_projects_finder.rb index 0209649b017..4f7fe1c748b 100644 --- a/app/finders/contributed_projects_finder.rb +++ b/app/finders/contributed_projects_finder.rb @@ -11,7 +11,7 @@ class ContributedProjectsFinder # # Returns an ActiveRecord::Relation. def execute(current_user = nil) - if current_user + if current_user && !current_user.external? relation = projects_visible_to_user(current_user) else relation = public_projects diff --git a/app/finders/joined_groups_finder.rb b/app/finders/joined_groups_finder.rb index fbdf492c965..ff744689e3d 100644 --- a/app/finders/joined_groups_finder.rb +++ b/app/finders/joined_groups_finder.rb @@ -12,7 +12,7 @@ class JoinedGroupsFinder # # Returns an ActiveRecord::Relation. def execute(current_user = nil) - if current_user + if current_user && !current_user.external? relation = groups_visible_to_user(current_user) else relation = public_groups diff --git a/app/finders/personal_projects_finder.rb b/app/finders/personal_projects_finder.rb index a61ffa22990..0e2d915da54 100644 --- a/app/finders/personal_projects_finder.rb +++ b/app/finders/personal_projects_finder.rb @@ -11,7 +11,7 @@ class PersonalProjectsFinder # # Returns an ActiveRecord::Relation. def execute(current_user = nil) - if current_user + if current_user && !current_user.external? relation = projects_visible_to_user(current_user) else relation = public_projects diff --git a/app/models/ability.rb b/app/models/ability.rb index 455ea7bcc69..134ae440c9c 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -295,8 +295,11 @@ class Ability end def can_read_group?(user, group) - user.admin? || group.public? || group.internal? || group.users.include?(user) || - ProjectsFinder.new.execute(user, group: group).any? + if user.external? + group.public? || ProjectsFinder.new.execute(user, group: group).any? + else + user.admin? || group.public? || group.internal? || group.users.include?(user) || ProjectsFinder.new.execute(user, group: group).any? + end end def namespace_abilities(user, namespace) diff --git a/db/schema.rb b/db/schema.rb index f5e3e5bc861..f1bccd62745 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -777,9 +777,9 @@ ActiveRecord::Schema.define(version: 20160314143402) do t.string "type" t.string "title" t.integer "project_id" - t.datetime "created_at" - t.datetime "updated_at" - t.boolean "active", default: false, null: false + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + t.boolean "active", null: false t.text "properties" t.boolean "template", default: false t.boolean "push_events", default: true |