diff options
author | Douwe Maan <douwe@gitlab.com> | 2016-06-18 01:47:19 +0300 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2016-06-18 05:15:54 +0300 |
commit | 5c8a1b348752a33e08a213d4fb35d8dd8b838fda (patch) | |
tree | 9b550873da707d1d81eace77a43c5aa844b6d19d /app/views | |
parent | a41481b85debb324082d1f38fc7a091420cbcb99 (diff) |
Merge branch 'fix-18717' into 'master'
Ensure that group owner cannot request access to a project of their group
## What does this MR do?
It fixes two things:
- 91ad995d69e1a0f8991fd896f1d9febc109273fe Ensure that group owner cannot request access to a project of their group
- ec3ff061148d556757e7cd486cdc6083d77acf34 Ensure group/project owners can see their members' access_level (see the commit message for details)
## Are there points in the code the reviewer needs to double check?
Not really, these are pretty simple fixes.
## Why was this MR needed?
Because there was an issue created!
## What are the relevant issue numbers?
Fixes #18717.
## Does this MR meet the acceptance criteria?
- [x] CHANGELOG is not needed since the bug is only present in a 8.9 RC
- [x] Tests
- [x] Added for this feature/bug
- [x] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
See merge request !4729
Diffstat (limited to 'app/views')
-rw-r--r-- | app/views/shared/members/_access_request_buttons.html.haml | 20 | ||||
-rw-r--r-- | app/views/shared/members/_member.html.haml | 3 |
2 files changed, 12 insertions, 11 deletions
diff --git a/app/views/shared/members/_access_request_buttons.html.haml b/app/views/shared/members/_access_request_buttons.html.haml index ed0a6ebcf84..480e8ba6c85 100644 --- a/app/views/shared/members/_access_request_buttons.html.haml +++ b/app/views/shared/members/_access_request_buttons.html.haml @@ -1,12 +1,14 @@ - member = source.members.find_by(user_id: current_user.id) +- group_member = source.group.members.find_by(user_id: current_user.id) if source.respond_to?(:group) && source.group -- if member - - if member.request? - = link_to 'Withdraw Access Request', polymorphic_path([:leave, source, :members]), - method: :delete, - data: { confirm: remove_member_message(member) }, +- unless group_member + - if member + - if member.request? + = link_to 'Withdraw Access Request', polymorphic_path([:leave, source, :members]), + method: :delete, + data: { confirm: remove_member_message(member) }, + class: 'btn access-request-button hidden-xs' + - else + = link_to 'Request Access', polymorphic_path([:request_access, source, :members]), + method: :post, class: 'btn access-request-button hidden-xs' -- else - = link_to 'Request Access', polymorphic_path([:request_access, source, :members]), - method: :post, - class: 'btn access-request-button hidden-xs' diff --git a/app/views/shared/members/_member.html.haml b/app/views/shared/members/_member.html.haml index 0191814849a..a884e78e6e7 100644 --- a/app/views/shared/members/_member.html.haml +++ b/app/views/shared/members/_member.html.haml @@ -1,5 +1,4 @@ -- default_show_roles = can?(current_user, action_member_permission(:update, member), member) || can?(current_user, action_member_permission(:destroy, member), member) -- show_roles = local_assigns.fetch(:show_roles, default_show_roles) +- show_roles = local_assigns.fetch(:show_roles, default_show_roles(member)) - show_controls = local_assigns.fetch(:show_controls, true) - user = member.user |