diff --git a/app/controllers/projects/snippets_controller.rb b/app/controllers/projects/snippets_controller.rb index daddd9dd48555c07ba42beb4b09efb7172f5a8e7..d7ae6d2cbb4ef82e3b957fb31a4767dcb6a43578 100644 --- a/app/controllers/projects/snippets_controller.rb +++ b/app/controllers/projects/snippets_controller.rb @@ -15,17 +15,17 @@ class Projects::SnippetsController < Projects::ApplicationController before_action :check_snippets_available! before_action :snippet, only: [:show, :edit, :destroy, :update, :raw, :toggle_award_emoji, :mark_as_spam] - # Allow read any snippet - before_action :authorize_read_project_snippet!, except: [:new, :create, :index] + # Allow create snippet + before_action :authorize_create_snippet!, only: [:new, :create] - # Allow write(create) snippet - before_action :authorize_create_project_snippet!, only: [:new, :create] + # Allow read any snippet + before_action :authorize_read_snippet!, except: [:new, :create, :index] # Allow modify snippet - before_action :authorize_update_project_snippet!, only: [:edit, :update] + before_action :authorize_update_snippet!, only: [:edit, :update] # Allow destroy snippet - before_action :authorize_admin_project_snippet!, only: [:destroy] + before_action :authorize_admin_snippet!, only: [:destroy] respond_to :html @@ -115,16 +115,16 @@ def spammable_path project_snippet_path(@project, @snippet) end - def authorize_read_project_snippet! - return render_404 unless can?(current_user, :read_project_snippet, @snippet) + def authorize_read_snippet! + return render_404 unless can?(current_user, :read_snippet, @snippet) end - def authorize_update_project_snippet! - return render_404 unless can?(current_user, :update_project_snippet, @snippet) + def authorize_update_snippet! + return render_404 unless can?(current_user, :update_snippet, @snippet) end - def authorize_admin_project_snippet! - return render_404 unless can?(current_user, :admin_project_snippet, @snippet) + def authorize_admin_snippet! + return render_404 unless can?(current_user, :admin_snippet, @snippet) end def snippet_params diff --git a/app/controllers/snippets/notes_controller.rb b/app/controllers/snippets/notes_controller.rb index 551b37cb3d35e9170d6f26a5ca817a606236c1fc..a7e8ef0798bf24dd0b0bfe4b7e185e039bfc7479 100644 --- a/app/controllers/snippets/notes_controller.rb +++ b/app/controllers/snippets/notes_controller.rb @@ -33,7 +33,7 @@ def finder_params end def authorize_read_snippet! - return render_404 unless can?(current_user, :read_personal_snippet, snippet) + return render_404 unless can?(current_user, :read_snippet, snippet) end def authorize_create_note! diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb index fc073e4736805eb00542272be8bdce1ddbde2c24..b6ad5fd02b0907356bd72a0de597fccb8b85fedf 100644 --- a/app/controllers/snippets_controller.rb +++ b/app/controllers/snippets_controller.rb @@ -126,7 +126,7 @@ def spammable_path end def authorize_read_snippet! - return if can?(current_user, :read_personal_snippet, @snippet) + return if can?(current_user, :read_snippet, @snippet) if current_user render_404 @@ -136,15 +136,15 @@ def authorize_read_snippet! end def authorize_update_snippet! - return render_404 unless can?(current_user, :update_personal_snippet, @snippet) + return render_404 unless can?(current_user, :update_snippet, @snippet) end def authorize_admin_snippet! - return render_404 unless can?(current_user, :admin_personal_snippet, @snippet) + return render_404 unless can?(current_user, :admin_snippet, @snippet) end def authorize_create_snippet! - return render_404 unless can?(current_user, :create_personal_snippet) + return render_404 unless can?(current_user, :create_snippet) end def snippet_params diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb index 67d3364847077e23c5ee5bf5201f40e7e0b7cd79..0b092d2622bc266b29118c5b6b4259841c4ea777 100644 --- a/app/controllers/uploads_controller.rb +++ b/app/controllers/uploads_controller.rb @@ -41,6 +41,8 @@ def authorize_access! case model when Note can?(current_user, :read_project, model.project) + when Snippet, ProjectSnippet + can?(current_user, :read_snippet, model) when User # We validate the current user has enough (writing) # access to itself when a secret is given. diff --git a/app/graphql/mutations/snippets/create.rb b/app/graphql/mutations/snippets/create.rb index 4e0e65d09a9e448109c53b6d1aed2eb6c7c2ae56..266a123de82d45c0dfd21aaa179f0c1e162b0cac 100644 --- a/app/graphql/mutations/snippets/create.rb +++ b/app/graphql/mutations/snippets/create.rb @@ -67,11 +67,11 @@ def find_object(full_path:) end def authorized_resource?(project) - Ability.allowed?(context[:current_user], :create_project_snippet, project) + Ability.allowed?(context[:current_user], :create_snippet, project) end def can_create_personal_snippet? - Ability.allowed?(context[:current_user], :create_personal_snippet) + Ability.allowed?(context[:current_user], :create_snippet) end end end diff --git a/app/graphql/types/permission_types/project.rb b/app/graphql/types/permission_types/project.rb index 2879dbd2b5c65f5268d35f5b65474eed678fb9b8..094c72fa812a564ec379e4f876cf842a81770a3d 100644 --- a/app/graphql/types/permission_types/project.rb +++ b/app/graphql/types/permission_types/project.rb @@ -21,7 +21,7 @@ class Project < BasePermissionType permission_field :create_snippet def create_snippet - Ability.allowed?(context[:current_user], :create_project_snippet, object) + Ability.allowed?(context[:current_user], :create_snippet, object) end end end diff --git a/app/graphql/types/permission_types/user.rb b/app/graphql/types/permission_types/user.rb index dba4de2daccc79b042788ff42818628263b59b76..93d9787d58e17acc69f52e4a629cd47e402cfdf3 100644 --- a/app/graphql/types/permission_types/user.rb +++ b/app/graphql/types/permission_types/user.rb @@ -8,7 +8,7 @@ class User < BasePermissionType permission_field :create_snippet def create_snippet - Ability.allowed?(context[:current_user], :create_personal_snippet) + Ability.allowed?(context[:current_user], :create_snippet) end end end diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb index 63f1f24b6114f2c9d955ad1fbc553bc8c902c1db..339d68871aee5fcf5a5144667d5c09b362bb294a 100644 --- a/app/helpers/projects_helper.rb +++ b/app/helpers/projects_helper.rb @@ -425,7 +425,7 @@ def tab_ability_map { environments: :read_environment, milestones: :read_milestone, - snippets: :read_project_snippet, + snippets: :read_snippet, settings: :admin_project, builds: :read_build, clusters: :read_cluster, @@ -443,7 +443,7 @@ def search_tab_ability_map blobs: :download_code, commits: :download_code, merge_requests: :read_merge_request, - notes: [:read_merge_request, :download_code, :read_issue, :read_project_snippet], + notes: [:read_merge_request, :download_code, :read_issue, :read_snippet], members: :read_project_member ) end diff --git a/app/mailers/emails/notes.rb b/app/mailers/emails/notes.rb index de70d0073b311987abf7d5eded2f6f4ffd0771fd..6dd4ccb510ac0000caa6fd4ef2fada6b882015f6 100644 --- a/app/mailers/emails/notes.rb +++ b/app/mailers/emails/notes.rb @@ -26,19 +26,17 @@ def note_merge_request_email(recipient_id, note_id, reason = nil) mail_answer_note_thread(@merge_request, @note, note_thread_options(recipient_id, reason)) end - def note_project_snippet_email(recipient_id, note_id, reason = nil) + def note_snippet_email(recipient_id, note_id, reason = nil) setup_note_mail(note_id, recipient_id) - @snippet = @note.noteable - @target_url = project_snippet_url(*note_target_url_options) - mail_answer_note_thread(@snippet, @note, note_thread_options(recipient_id, reason)) - end - def note_personal_snippet_email(recipient_id, note_id, reason = nil) - setup_note_mail(note_id, recipient_id) + case @snippet + when ProjectSnippet + @target_url = project_snippet_url(*note_target_url_options) + when Snippet + @target_url = gitlab_snippet_url(@note.noteable) + end - @snippet = @note.noteable - @target_url = gitlab_snippet_url(@note.noteable) mail_answer_note_thread(@snippet, @note, note_thread_options(recipient_id, reason)) end diff --git a/app/models/ability.rb b/app/models/ability.rb index 1466407d0d1082b34a1cb2a535c097704dc4155b..671a92632d5c5b330239f8c9e0fada3286940a67 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -24,7 +24,7 @@ def users_that_can_read_group(users, group) # read the given snippet. def users_that_can_read_personal_snippet(users, snippet) DeclarativePolicy.subject_scope do - users.select { |u| allowed?(u, :read_personal_snippet, snippet) } + users.select { |u| allowed?(u, :read_snippet, snippet) } end end diff --git a/app/models/event.rb b/app/models/event.rb index 9611019adb88a697af02625736002282cbd9f898..35fb062311f70da6738a521dafec5372586bbcdb 100644 --- a/app/models/event.rb +++ b/app/models/event.rb @@ -145,10 +145,8 @@ def visible_to_user?(user = nil) Ability.allowed?(user, :read_issue, note? ? note_target : target) elsif merge_request? || merge_request_note? Ability.allowed?(user, :read_merge_request, note? ? note_target : target) - elsif personal_snippet_note? - Ability.allowed?(user, :read_personal_snippet, note_target) - elsif project_snippet_note? - Ability.allowed?(user, :read_project_snippet, note_target) + elsif personal_snippet_note? || project_snippet_note? + Ability.allowed?(user, :read_snippet, note_target) elsif milestone? Ability.allowed?(user, :read_milestone, project) else diff --git a/app/models/note.rb b/app/models/note.rb index de9478ce68d8c1047b4fcc06fb228cccce32c704..0434f0963d391362e4689247a35f4680dbb378d3 100644 --- a/app/models/note.rb +++ b/app/models/note.rb @@ -367,7 +367,7 @@ def to_ability_name end def noteable_ability_name - for_snippet? ? noteable.class.name.underscore : noteable_type.demodulize.underscore + for_snippet? ? 'snippet' : noteable_type.demodulize.underscore end def can_be_discussion_note? diff --git a/app/models/project.rb b/app/models/project.rb index a73ca7d5bbbc96ea6f36d0dfaa619aa997c582e3..6ef4af169799e9576eb7a95beb61770bc3d0339c 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -2274,7 +2274,7 @@ def storage_upgradable? end def snippets_visible?(user = nil) - Ability.allowed?(user, :read_project_snippet, self) + Ability.allowed?(user, :read_snippet, self) end def max_attachment_size diff --git a/app/models/snippet.rb b/app/models/snippet.rb index b7f396681afefda4cbdcbdf029f7f8961c803762..19685cdb78e2287124d6251213bc92a7f561e680 100644 --- a/app/models/snippet.rb +++ b/app/models/snippet.rb @@ -215,9 +215,7 @@ def visibility_level_field end def embeddable? - ability = project_id? ? :read_project_snippet : :read_personal_snippet - - Ability.allowed?(nil, ability, self) + Ability.allowed?(nil, :read_snippet, self) end def notes_with_associations @@ -240,7 +238,7 @@ def spammable_entity_type end def to_ability_name - model_name.singular + 'snippet' end def valid_secret_token?(token) diff --git a/app/policies/global_policy.rb b/app/policies/global_policy.rb index f212bb06bc9267ee858731a1a247ea150cbca22c..764d61a9e222562ac9eff5b26bcc69e5dccb800d 100644 --- a/app/policies/global_policy.rb +++ b/app/policies/global_policy.rb @@ -75,7 +75,7 @@ class GlobalPolicy < BasePolicy rule { ~anonymous }.policy do enable :read_instance_metadata - enable :create_personal_snippet + enable :create_snippet end rule { admin }.policy do @@ -83,7 +83,7 @@ class GlobalPolicy < BasePolicy enable :update_custom_attribute end - rule { external_user }.prevent :create_personal_snippet + rule { external_user }.prevent :create_snippet end GlobalPolicy.prepend_if_ee('EE::GlobalPolicy') diff --git a/app/policies/personal_snippet_policy.rb b/app/policies/personal_snippet_policy.rb index c2fcf1a10109e25f430a8c364fc5409cdcec0e68..bc60913563c1b661282becb45e1383c9afe86f2f 100644 --- a/app/policies/personal_snippet_policy.rb +++ b/app/policies/personal_snippet_policy.rb @@ -6,19 +6,19 @@ class PersonalSnippetPolicy < BasePolicy condition(:internal_snippet, scope: :subject) { @subject.internal? } rule { public_snippet }.policy do - enable :read_personal_snippet + enable :read_snippet enable :create_note end rule { is_author | admin }.policy do - enable :read_personal_snippet - enable :update_personal_snippet - enable :admin_personal_snippet + enable :read_snippet + enable :update_snippet + enable :admin_snippet enable :create_note end rule { internal_snippet & ~external_user }.policy do - enable :read_personal_snippet + enable :read_snippet enable :create_note end @@ -26,8 +26,5 @@ class PersonalSnippetPolicy < BasePolicy rule { can?(:create_note) }.enable :award_emoji - rule { can?(:read_all_resources) }.enable :read_personal_snippet - - # Aliasing the ability to ease GraphQL permissions check - rule { can?(:read_personal_snippet) }.enable :read_snippet + rule { can?(:read_all_resources) }.enable :read_snippet end diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index 2789152e175c8c1aa21df5e9e8f033ec779b105d..bbcb3c637a97fdc604bf77e469a333fdf39396e8 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -9,7 +9,7 @@ class ProjectPolicy < BasePolicy merge_request label milestone - project_snippet + snippet wiki note pipeline @@ -185,7 +185,7 @@ class ProjectPolicy < BasePolicy enable :read_issue enable :read_label enable :read_milestone - enable :read_project_snippet + enable :read_snippet enable :read_project_member enable :read_note enable :create_project @@ -208,7 +208,7 @@ class ProjectPolicy < BasePolicy enable :download_code enable :read_statistics enable :download_wiki_code - enable :create_project_snippet + enable :create_snippet enable :update_issue enable :reopen_issue enable :admin_issue @@ -286,8 +286,8 @@ class ProjectPolicy < BasePolicy rule { can?(:maintainer_access) }.policy do enable :admin_board enable :push_to_delete_protected_branch - enable :update_project_snippet - enable :admin_project_snippet + enable :update_snippet + enable :admin_snippet enable :admin_project_member enable :admin_note enable :admin_wiki @@ -352,7 +352,7 @@ class ProjectPolicy < BasePolicy end rule { snippets_disabled }.policy do - prevent(*create_read_update_admin_destroy(:project_snippet)) + prevent(*create_read_update_admin_destroy(:snippet)) end rule { wiki_disabled }.policy do @@ -405,7 +405,7 @@ class ProjectPolicy < BasePolicy enable :read_wiki enable :read_label enable :read_milestone - enable :read_project_snippet + enable :read_snippet enable :read_project_member enable :read_merge_request enable :read_note diff --git a/app/policies/project_snippet_policy.rb b/app/policies/project_snippet_policy.rb index a9094fbd95855c7efbdd0948235efe7f41a02ffa..a38d9154102f9b3c665eb33c8c302c2702a8283e 100644 --- a/app/policies/project_snippet_policy.rb +++ b/app/policies/project_snippet_policy.rb @@ -14,44 +14,41 @@ class ProjectSnippetPolicy < BasePolicy # We have to check both project feature visibility and a snippet visibility and take the stricter one # This will be simplified - check https://gitlab.com/gitlab-org/gitlab-foss/issues/27573 rule { ~can?(:read_project) }.policy do - prevent :read_project_snippet - prevent :update_project_snippet - prevent :admin_project_snippet + prevent :read_snippet + prevent :update_snippet + prevent :admin_snippet end - # we have to use this complicated prevent because the delegated project policy - # is overly greedy in allowing :read_project_snippet, since it doesn't have any - # information about the snippet. However, :read_project_snippet on the *project* - # is used to hide/show various snippet-related controls, so we can't just move - # all of the handling here. + # we have to use this complicated prevent because the delegated project + # policy is overly greedy in allowing :read_snippet, since it doesn't have + # any information about the snippet. However, :read_snippet on the *project* + # is used to hide/show various snippet-related controls, so we can't just + # move all of the handling here. rule do all?(private_snippet | (internal_snippet & external_user), ~project.guest, ~is_author, ~can?(:read_all_resources)) - end.prevent :read_project_snippet + end.prevent :read_snippet rule { internal_snippet & ~is_author & ~admin }.policy do - prevent :update_project_snippet - prevent :admin_project_snippet + prevent :update_snippet + prevent :admin_snippet end - rule { public_snippet }.enable :read_project_snippet + rule { public_snippet }.enable :read_snippet rule { is_author & ~project.reporter & ~admin }.policy do - prevent :admin_project_snippet + prevent :admin_snippet end rule { is_author | admin }.policy do - enable :read_project_snippet - enable :update_project_snippet - enable :admin_project_snippet + enable :read_snippet + enable :update_snippet + enable :admin_snippet end - rule { ~can?(:read_project_snippet) }.prevent :create_note - - # Aliasing the ability to ease GraphQL permissions check - rule { can?(:read_project_snippet) }.enable :read_snippet + rule { ~can?(:read_snippet) }.prevent :create_note end ProjectSnippetPolicy.prepend_if_ee('EE::ProjectSnippetPolicy') diff --git a/app/services/snippets/destroy_service.rb b/app/services/snippets/destroy_service.rb index f253817d94fd53b1ef85bf1ccfb730a5ce064f9d..c1e87e74aa42f5ae0c3931a7719eb9dc5b678bbb 100644 --- a/app/services/snippets/destroy_service.rb +++ b/app/services/snippets/destroy_service.rb @@ -36,9 +36,7 @@ def execute attr_reader :snippet def user_can_delete_snippet? - return can?(current_user, :admin_project_snippet, snippet) if project - - can?(current_user, :admin_personal_snippet, snippet) + can?(current_user, :admin_snippet, snippet) end def service_response_error(message, http_status) diff --git a/app/views/dashboard/_snippets_head.html.haml b/app/views/dashboard/_snippets_head.html.haml index 4958cdc3745e2bd78a6ee6b894cd99e5a6174e3f..d2fb4a3cd43e5f041c03de22008d55f4a89346ce 100644 --- a/app/views/dashboard/_snippets_head.html.haml +++ b/app/views/dashboard/_snippets_head.html.haml @@ -3,7 +3,7 @@ - if current_user && current_user.snippets.any? || @snippets.any? .page-title-controls - - if can?(current_user, :create_personal_snippet) + - if can?(current_user, :create_snippet) = link_to _("New snippet"), new_snippet_path, class: "btn btn-success", title: _("New snippet") .top-area diff --git a/app/views/dashboard/snippets/index.html.haml b/app/views/dashboard/snippets/index.html.haml index 44a9270971abea8954d5c5ccebf5754f60f9fc27..69155b6c04dfd9cc873b963de2eaf47ef749577f 100644 --- a/app/views/dashboard/snippets/index.html.haml +++ b/app/views/dashboard/snippets/index.html.haml @@ -1,7 +1,7 @@ - @hide_top_links = true - page_title "Snippets" - header_title "Snippets", dashboard_snippets_path -- button_path = new_snippet_path if can?(current_user, :create_personal_snippet) +- button_path = new_snippet_path if can?(current_user, :create_snippet) = render 'dashboard/snippets_head' - if current_user.snippets.exists? diff --git a/app/views/layouts/header/_new_dropdown.haml b/app/views/layouts/header/_new_dropdown.haml index 301096215155ea125e8191a3e02d7f15b8b2e3c0..3cbfb24a86816af1ac1fefbb113e2c8ca299b680 100644 --- a/app/views/layouts/header/_new_dropdown.haml +++ b/app/views/layouts/header/_new_dropdown.haml @@ -21,7 +21,7 @@ - if @project&.persisted? - create_project_issue = show_new_issue_link?(@project) - merge_project = merge_request_source_project_for_project(@project) - - create_project_snippet = can?(current_user, :create_project_snippet, @project) + - create_project_snippet = can?(current_user, :create_snippet, @project) - if create_project_issue || merge_project || create_project_snippet %li.dropdown-bold-header @@ -38,5 +38,5 @@ %li= link_to _('New project'), new_project_path, class: 'qa-global-new-project-link' - if current_user.can_create_group? %li= link_to _('New group'), new_group_path - - if current_user.can?(:create_personal_snippet) + - if current_user.can?(:create_snippet) %li= link_to _('New snippet'), new_snippet_path, class: 'qa-global-new-snippet-link' diff --git a/app/views/notify/note_project_snippet_email.html.haml b/app/views/notify/note_project_snippet_email.html.haml deleted file mode 100644 index 5e69f01a486f19531e57d3eda13a2b5ecf78fea7..0000000000000000000000000000000000000000 --- a/app/views/notify/note_project_snippet_email.html.haml +++ /dev/null @@ -1 +0,0 @@ -= render 'note_email' diff --git a/app/views/notify/note_project_snippet_email.text.erb b/app/views/notify/note_project_snippet_email.text.erb deleted file mode 100644 index 413d9e6e9ac7e200a92f56cdb185fefb0becaef7..0000000000000000000000000000000000000000 --- a/app/views/notify/note_project_snippet_email.text.erb +++ /dev/null @@ -1 +0,0 @@ -<%= render 'note_email' %> diff --git a/app/views/notify/note_personal_snippet_email.html.haml b/app/views/notify/note_snippet_email.html.haml similarity index 100% rename from app/views/notify/note_personal_snippet_email.html.haml rename to app/views/notify/note_snippet_email.html.haml diff --git a/app/views/notify/note_personal_snippet_email.text.erb b/app/views/notify/note_snippet_email.text.erb similarity index 100% rename from app/views/notify/note_personal_snippet_email.text.erb rename to app/views/notify/note_snippet_email.text.erb diff --git a/app/views/projects/buttons/_dropdown.html.haml b/app/views/projects/buttons/_dropdown.html.haml index f1a7528065a21d5748fc75b785cff5758080b894..33465953086d905648450437efc1b0ad5f2009de 100644 --- a/app/views/projects/buttons/_dropdown.html.haml +++ b/app/views/projects/buttons/_dropdown.html.haml @@ -1,5 +1,5 @@ - can_create_issue = show_new_issue_link?(@project) -- can_create_project_snippet = can?(current_user, :create_project_snippet, @project) +- can_create_project_snippet = can?(current_user, :create_snippet, @project) - can_push_code = can?(current_user, :push_code, @project) - create_mr_from_new_fork = can?(current_user, :fork_project, @project) && can?(current_user, :create_merge_request_in, @project) - merge_project = merge_request_source_project_for_project(@project) diff --git a/app/views/projects/snippets/_actions.html.haml b/app/views/projects/snippets/_actions.html.haml index 29bad50579c779793421a379a0145c1abe4ce831..41c9bac01024a39b179b32457456e4e48f6efe32 100644 --- a/app/views/projects/snippets/_actions.html.haml +++ b/app/views/projects/snippets/_actions.html.haml @@ -1,33 +1,33 @@ - return unless current_user .d-none.d-sm-block - - if can?(current_user, :update_project_snippet, @snippet) + - if can?(current_user, :update_snippet, @snippet) = link_to edit_project_snippet_path(@project, @snippet), class: "btn btn-grouped" do = _('Edit') - - if can?(current_user, :admin_project_snippet, @snippet) + - if can?(current_user, :admin_snippet, @snippet) = link_to project_snippet_path(@project, @snippet), method: :delete, data: { confirm: _("Are you sure?") }, class: "btn btn-grouped btn-inverted btn-remove", title: _('Delete Snippet') do = _('Delete') - - if can?(current_user, :create_project_snippet, @project) + - if can?(current_user, :create_snippet, @project) = link_to new_project_snippet_path(@project), class: 'btn btn-grouped btn-inverted btn-success', title: _("New snippet") do = _('New snippet') - if @snippet.submittable_as_spam_by?(current_user) = link_to _('Submit as spam'), mark_as_spam_project_snippet_path(@project, @snippet), method: :post, class: 'btn btn-grouped btn-spam', title: _('Submit as spam') -- if can?(current_user, :create_project_snippet, @project) || can?(current_user, :update_project_snippet, @snippet) +- if can?(current_user, :create_snippet, @project) || can?(current_user, :update_snippet, @snippet) .d-block.d-sm-none.dropdown %button.btn.btn-default.btn-block.append-bottom-0.prepend-top-5{ data: { toggle: "dropdown" } } = _('Options') = icon('caret-down') .dropdown-menu.dropdown-menu-full-width %ul - - if can?(current_user, :create_project_snippet, @project) + - if can?(current_user, :create_snippet, @project) %li = link_to new_project_snippet_path(@project), title: _("New snippet") do = _('New snippet') - - if can?(current_user, :admin_project_snippet, @snippet) + - if can?(current_user, :admin_snippet, @snippet) %li = link_to project_snippet_path(@project, @snippet), method: :delete, data: { confirm: _("Are you sure?") }, title: _('Delete Snippet') do = _('Delete') - - if can?(current_user, :update_project_snippet, @snippet) + - if can?(current_user, :update_snippet, @snippet) %li = link_to edit_project_snippet_path(@project, @snippet) do = _('Edit') diff --git a/app/views/projects/snippets/index.html.haml b/app/views/projects/snippets/index.html.haml index 0ce18d83d57a84cc33d7166ad757dd7a046794f7..65462647419ee38108ed550726149f046fa034a9 100644 --- a/app/views/projects/snippets/index.html.haml +++ b/app/views/projects/snippets/index.html.haml @@ -6,7 +6,7 @@ - include_private = @project.team.member?(current_user) || current_user.admin? = render partial: 'snippets/snippets_scope_menu', locals: { subject: @project, include_private: include_private } - - if can?(current_user, :create_project_snippet, @project) + - if can?(current_user, :create_snippet, @project) .nav-controls = link_to _("New snippet"), new_project_snippet_path(@project), class: "btn btn-success", title: _("New snippet") diff --git a/app/views/snippets/_actions.html.haml b/app/views/snippets/_actions.html.haml index 5ee12a2f22af7bf88cbc634f259803addb0aa482..979821a3846c1e2db79c8f8b1d5dad9e26f0a2dd 100644 --- a/app/views/snippets/_actions.html.haml +++ b/app/views/snippets/_actions.html.haml @@ -1,13 +1,13 @@ - return unless current_user .d-none.d-sm-block - - if can?(current_user, :update_personal_snippet, @snippet) + - if can?(current_user, :update_snippet, @snippet) = link_to edit_snippet_path(@snippet), class: "btn btn-grouped" do = _("Edit") - - if can?(current_user, :admin_personal_snippet, @snippet) + - if can?(current_user, :admin_snippet, @snippet) = link_to gitlab_snippet_path(@snippet), method: :delete, data: { confirm: _("Are you sure?") }, class: "btn btn-grouped btn-inverted btn-remove", title: _('Delete Snippet') do = _("Delete") - - if can?(current_user, :create_personal_snippet) + - if can?(current_user, :create_snippet) = link_to new_snippet_path, class: "btn btn-grouped btn-success btn-inverted", title: _("New snippet") do = _("New snippet") - if @snippet.submittable_as_spam_by?(current_user) @@ -18,15 +18,15 @@ = icon('caret-down') .dropdown-menu.dropdown-menu-full-width %ul - - if can?(current_user, :create_personal_snippet) + - if can?(current_user, :create_snippet) %li = link_to new_snippet_path, title: _("New snippet") do = _("New snippet") - - if can?(current_user, :admin_personal_snippet, @snippet) + - if can?(current_user, :admin_snippet, @snippet) %li = link_to gitlab_snippet_path(@snippet), method: :delete, data: { confirm: _("Are you sure?") }, title: _('Delete Snippet') do = _("Delete") - - if can?(current_user, :update_personal_snippet, @snippet) + - if can?(current_user, :update_snippet, @snippet) %li = link_to edit_snippet_path(@snippet) do = _("Edit") diff --git a/app/views/snippets/_snippets.html.haml b/app/views/snippets/_snippets.html.haml index 69b19c0def9a9c9245e9f67a478279988ac4d518..1d22575803bdfe66031a00a57f1b1d500ffc4a1f 100644 --- a/app/views/snippets/_snippets.html.haml +++ b/app/views/snippets/_snippets.html.haml @@ -3,7 +3,7 @@ - current_user_empty_message_header = s_('UserProfile|You haven\'t created any snippets.') - current_user_empty_message_description = s_('UserProfile|Snippets in GitLab can either be private, internal, or public.') - primary_button_label = _('New snippet') -- primary_button_link = new_snippet_path if can?(current_user, :create_personal_snippet) +- primary_button_link = new_snippet_path if can?(current_user, :create_snippet) - visitor_empty_message = s_('UserProfile|No snippets found.') .snippets-list-holder diff --git a/ee/app/policies/ee/project_snippet_policy.rb b/ee/app/policies/ee/project_snippet_policy.rb index de39e6c886aeff98dc7a445545299b32e21d3c11..282affd3ef09f2fb767dea8a94bf8f24709dd560 100644 --- a/ee/app/policies/ee/project_snippet_policy.rb +++ b/ee/app/policies/ee/project_snippet_policy.rb @@ -6,7 +6,7 @@ module ProjectSnippetPolicy extend ::Gitlab::Utils::Override prepended do - rule { auditor }.enable :read_project_snippet + rule { auditor }.enable :read_snippet end end end diff --git a/ee/spec/policies/project_policy_spec.rb b/ee/spec/policies/project_policy_spec.rb index c46b6d43e013562caeea3df9e63963d11f5cfb03..94d3117ae50dc7c18ded736e990b895e6e8a23d9 100644 --- a/ee/spec/policies/project_policy_spec.rb +++ b/ee/spec/policies/project_policy_spec.rb @@ -45,7 +45,7 @@ download_code download_wiki_code read_project read_board read_list read_project_for_iids read_issue_iid read_merge_request_iid read_wiki read_issue read_label read_issue_link read_milestone - read_project_snippet read_project_member read_note read_cycle_analytics + read_snippet read_project_member read_note read_cycle_analytics read_pipeline read_build read_commit_status read_container_image read_environment read_deployment read_merge_request read_pages create_merge_request_in award_emoji diff --git a/ee/spec/policies/project_snippet_policy_spec.rb b/ee/spec/policies/project_snippet_policy_spec.rb index f20e391ec44b0f92a41e4c57b09f0190bb5ffe67..e95ecc7b43d680b405889f3fd0f6756834a64638 100644 --- a/ee/spec/policies/project_snippet_policy_spec.rb +++ b/ee/spec/policies/project_snippet_policy_spec.rb @@ -8,8 +8,8 @@ let(:snippet) { create(:project_snippet, snippet_visibility, project: project) } let(:author_permissions) do [ - :update_project_snippet, - :admin_project_snippet + :update_snippet, + :admin_snippet ] end @@ -22,7 +22,7 @@ let(:current_user) { create(:user, :auditor) } it do - is_expected.to be_allowed(:read_project_snippet) + is_expected.to be_allowed(:read_snippet) is_expected.to be_disallowed(*author_permissions) end end diff --git a/lib/api/award_emoji.rb b/lib/api/award_emoji.rb index 7a815fa3dde6de587a917dcbf919e68c111b6360..8e3b3ff8ce5efea70613cd782756cc0c16fc43f9 100644 --- a/lib/api/award_emoji.rb +++ b/lib/api/award_emoji.rb @@ -127,6 +127,8 @@ def read_ability(awardable) case awardable when Note read_ability(awardable.noteable) + when Snippet, ProjectSnippet + :read_snippet else :"read_#{awardable.class.to_s.underscore}" end diff --git a/lib/api/helpers/notes_helpers.rb b/lib/api/helpers/notes_helpers.rb index 8adfac346f6d7fd597a1371b41808529587cbb69..2dd95aba6bc3aa61bb7ef947cc52dc15af900e1b 100644 --- a/lib/api/helpers/notes_helpers.rb +++ b/lib/api/helpers/notes_helpers.rb @@ -72,7 +72,15 @@ def get_note(noteable, note_id) end def noteable_read_ability_name(noteable) - "read_#{noteable.class.to_s.underscore}".to_sym + "read_#{ability_name(noteable)}".to_sym + end + + def ability_name(noteable) + if noteable.respond_to?(:to_ability_name) + noteable.to_ability_name + else + noteable.class.to_s.underscore + end end def find_noteable(parent_type, parent_id, noteable_type, noteable_id) diff --git a/lib/api/project_snippets.rb b/lib/api/project_snippets.rb index ecada843972310c18cd94d545821f154cc0f56a4..3040c3c27c6d82343a8f66a1d0731e3bace3b5ae 100644 --- a/lib/api/project_snippets.rb +++ b/lib/api/project_snippets.rb @@ -60,7 +60,7 @@ def snippets_for_current_user mutually_exclusive :code, :content end post ":id/snippets" do - authorize! :create_project_snippet, user_project + authorize! :create_snippet, user_project snippet_params = declared_params(include_missing: false).merge(request: request, api: true) snippet_params[:content] = snippet_params.delete(:code) if snippet_params[:code].present? @@ -97,7 +97,7 @@ def snippets_for_current_user snippet = snippets_for_current_user.find_by(id: params.delete(:snippet_id)) not_found!('Snippet') unless snippet - authorize! :update_project_snippet, snippet + authorize! :update_snippet, snippet snippet_params = declared_params(include_missing: false) .merge(request: request, api: true) @@ -126,7 +126,7 @@ def snippets_for_current_user snippet = snippets_for_current_user.find_by(id: params[:snippet_id]) not_found!('Snippet') unless snippet - authorize! :admin_project_snippet, snippet + authorize! :admin_snippet, snippet destroy_conditionally!(snippet) do |snippet| service = ::Snippets::DestroyService.new(current_user, snippet) diff --git a/lib/api/snippets.rb b/lib/api/snippets.rb index a7dab373b7f0cb3e5250a2d8051714bf306d08ca..b5df036c5ca6f204e77890c14233ac441f110d0e 100644 --- a/lib/api/snippets.rb +++ b/lib/api/snippets.rb @@ -106,7 +106,7 @@ def snippets snippet = snippets_for_current_user.find_by_id(params.delete(:id)) break not_found!('Snippet') unless snippet - authorize! :update_personal_snippet, snippet + authorize! :update_snippet, snippet attrs = declared_params(include_missing: false).merge(request: request, api: true) service_response = ::Snippets::UpdateService.new(nil, current_user, attrs).execute(snippet) @@ -132,7 +132,7 @@ def snippets snippet = snippets_for_current_user.find_by_id(params.delete(:id)) break not_found!('Snippet') unless snippet - authorize! :admin_personal_snippet, snippet + authorize! :admin_snippet, snippet destroy_conditionally!(snippet) do |snippet| service = ::Snippets::DestroyService.new(current_user, snippet) diff --git a/lib/banzai/reference_parser/snippet_parser.rb b/lib/banzai/reference_parser/snippet_parser.rb index 6f6ac08de04c0427d687b71f43ebf406bf975e73..b86c259efbdd13347f9dab7465868dea1f242a31 100644 --- a/lib/banzai/reference_parser/snippet_parser.rb +++ b/lib/banzai/reference_parser/snippet_parser.rb @@ -12,7 +12,7 @@ def references_relation private def can_read_reference?(user, ref_project, node) - can?(user, :read_project_snippet, referenced_by([node]).first) + can?(user, :read_snippet, referenced_by([node]).first) end end end diff --git a/spec/mailers/notify_spec.rb b/spec/mailers/notify_spec.rb index e4a7d62eb02b7eeb2ddc9ed343c63016bb8eb1d6..19b15a6c6e2ed9967e58a8667a5c51930850bebb 100644 --- a/spec/mailers/notify_spec.rb +++ b/spec/mailers/notify_spec.rb @@ -686,7 +686,7 @@ def id let(:project_snippet) { create(:project_snippet, project: project) } let(:project_snippet_note) { create(:note_on_project_snippet, project: project, noteable: project_snippet) } - subject { described_class.note_project_snippet_email(project_snippet_note.author_id, project_snippet_note.id) } + subject { described_class.note_snippet_email(project_snippet_note.author_id, project_snippet_note.id) } it_behaves_like 'appearance header and footer enabled' it_behaves_like 'appearance header and footer not enabled' @@ -696,10 +696,20 @@ def id end it_behaves_like 'a user cannot unsubscribe through footer link' - it 'has the correct subject and body' do + it 'has the correct subject' do is_expected.to have_referable_subject(project_snippet, reply: true) + end + + it 'has the correct body' do is_expected.to have_body_text project_snippet_note.note end + + it 'links to the project snippet' do + target_url = project_snippet_url(project, + project_snippet_note.noteable, + { anchor: "note_#{project_snippet_note.id}" }) + is_expected.to have_body_text target_url + end end describe 'project was moved' do @@ -1650,15 +1660,23 @@ def invite_to_group(group, inviter:) let(:personal_snippet) { create(:personal_snippet) } let(:personal_snippet_note) { create(:note_on_personal_snippet, noteable: personal_snippet) } - subject { described_class.note_personal_snippet_email(personal_snippet_note.author_id, personal_snippet_note.id) } + subject { described_class.note_snippet_email(personal_snippet_note.author_id, personal_snippet_note.id) } it_behaves_like 'a user cannot unsubscribe through footer link' it_behaves_like 'appearance header and footer enabled' it_behaves_like 'appearance header and footer not enabled' - it 'has the correct subject and body' do + it 'has the correct subject' do is_expected.to have_referable_subject(personal_snippet, reply: true) + end + + it 'has the correct body' do is_expected.to have_body_text personal_snippet_note.note end + + it 'links to the personal snippet' do + target_url = gitlab_snippet_url(personal_snippet_note.noteable) + is_expected.to have_body_text target_url + end end end diff --git a/spec/models/note_spec.rb b/spec/models/note_spec.rb index a6d9ecaa7c59ed8e976486c438efa9e2cf55cc13..12a74632bb8b92d79ec3d16d49e4f24b4f0ea594 100644 --- a/spec/models/note_spec.rb +++ b/spec/models/note_spec.rb @@ -718,12 +718,12 @@ def retrieve_participants end describe '#noteable_ability_name' do - it 'returns project_snippet for a project snippet note' do - expect(build(:note_on_project_snippet).noteable_ability_name).to eq('project_snippet') + it 'returns snippet for a project snippet note' do + expect(build(:note_on_project_snippet).noteable_ability_name).to eq('snippet') end - it 'returns personal_snippet for a personal snippet note' do - expect(build(:note_on_personal_snippet).noteable_ability_name).to eq('personal_snippet') + it 'returns snippet for a personal snippet note' do + expect(build(:note_on_personal_snippet).noteable_ability_name).to eq('snippet') end it 'returns merge_request for an MR note' do diff --git a/spec/policies/global_policy_spec.rb b/spec/policies/global_policy_spec.rb index f715ecae347c46d95305202f51e51c0f35580cf0..77727c6d13b868c58a350bae1614deb2fba3e27d 100644 --- a/spec/policies/global_policy_spec.rb +++ b/spec/policies/global_policy_spec.rb @@ -307,21 +307,21 @@ end end - describe 'create_personal_snippet' do + describe 'create_snippet' do context 'when anonymous' do let(:current_user) { nil } - it { is_expected.not_to be_allowed(:create_personal_snippet) } + it { is_expected.not_to be_allowed(:create_snippet) } end context 'regular user' do - it { is_expected.to be_allowed(:create_personal_snippet) } + it { is_expected.to be_allowed(:create_snippet) } end context 'when external' do let(:current_user) { build(:user, :external) } - it { is_expected.not_to be_allowed(:create_personal_snippet) } + it { is_expected.not_to be_allowed(:create_snippet) } end end end diff --git a/spec/policies/note_policy_spec.rb b/spec/policies/note_policy_spec.rb index 5aee66275d47bd7c179dfd7fbd840b501e1a13b3..2619bb2fe3caef6105b792529e00fd5860341b12 100644 --- a/spec/policies/note_policy_spec.rb +++ b/spec/policies/note_policy_spec.rb @@ -54,6 +54,27 @@ end end + context 'when the noteable is a personal snippet' do + let(:noteable) { create(:personal_snippet, :public) } + let(:note) { create(:note, noteable: noteable, author: user) } + + it 'can edit note' do + expect(policy).to be_allowed(:admin_note) + expect(policy).to be_allowed(:resolve_note) + expect(policy).to be_allowed(:read_note) + end + + context 'when it is private' do + let(:noteable) { create(:personal_snippet, :private) } + + it 'can not edit nor read the note' do + expect(policy).to be_disallowed(:admin_note) + expect(policy).to be_disallowed(:resolve_note) + expect(policy).to be_disallowed(:read_note) + end + end + end + context 'when the project is public' do context 'when the note author is not a project member' do it 'can edit a note' do @@ -79,26 +100,6 @@ end end - context 'when the noteable is a personal snippet' do - let(:noteable) { create(:personal_snippet, :public) } - - it 'can edit note' do - expect(policy).to be_allowed(:admin_note) - expect(policy).to be_allowed(:resolve_note) - expect(policy).to be_allowed(:read_note) - end - - context 'when it is private' do - let(:noteable) { create(:personal_snippet, :private) } - - it 'can not edit nor read the note' do - expect(policy).to be_disallowed(:admin_note) - expect(policy).to be_disallowed(:resolve_note) - expect(policy).to be_disallowed(:read_note) - end - end - end - context 'when a discussion is confidential' do before do issue.update_attribute(:confidential, true) diff --git a/spec/policies/personal_snippet_policy_spec.rb b/spec/policies/personal_snippet_policy_spec.rb index 0abdf7382be18597406a604c61c1f8eeb13f1e61..a6b76620c290b662005bf4634c91c3881f22da6f 100644 --- a/spec/policies/personal_snippet_policy_spec.rb +++ b/spec/policies/personal_snippet_policy_spec.rb @@ -10,8 +10,8 @@ let(:author_permissions) do [ - :update_personal_snippet, - :admin_personal_snippet + :update_snippet, + :admin_snippet ] end @@ -24,7 +24,7 @@ def permissions(user) subject { permissions(admin_user) } it do - is_expected.to be_allowed(:read_personal_snippet) + is_expected.to be_allowed(:read_snippet) is_expected.to be_allowed(:create_note) is_expected.to be_allowed(:award_emoji) is_expected.to be_allowed(*author_permissions) @@ -39,7 +39,7 @@ def permissions(user) subject { permissions(nil) } it do - is_expected.to be_allowed(:read_personal_snippet) + is_expected.to be_allowed(:read_snippet) is_expected.to be_disallowed(:create_note) is_expected.to be_disallowed(:award_emoji) is_expected.to be_disallowed(*author_permissions) @@ -50,7 +50,7 @@ def permissions(user) subject { permissions(regular_user) } it do - is_expected.to be_allowed(:read_personal_snippet) + is_expected.to be_allowed(:read_snippet) is_expected.to be_allowed(:create_note) is_expected.to be_allowed(:award_emoji) is_expected.to be_disallowed(*author_permissions) @@ -61,7 +61,7 @@ def permissions(user) subject { permissions(snippet.author) } it do - is_expected.to be_allowed(:read_personal_snippet) + is_expected.to be_allowed(:read_snippet) is_expected.to be_allowed(:create_note) is_expected.to be_allowed(:award_emoji) is_expected.to be_allowed(*author_permissions) @@ -78,7 +78,7 @@ def permissions(user) subject { permissions(nil) } it do - is_expected.to be_disallowed(:read_personal_snippet) + is_expected.to be_disallowed(:read_snippet) is_expected.to be_disallowed(:create_note) is_expected.to be_disallowed(:award_emoji) is_expected.to be_disallowed(*author_permissions) @@ -89,7 +89,7 @@ def permissions(user) subject { permissions(regular_user) } it do - is_expected.to be_allowed(:read_personal_snippet) + is_expected.to be_allowed(:read_snippet) is_expected.to be_allowed(:create_note) is_expected.to be_allowed(:award_emoji) is_expected.to be_disallowed(*author_permissions) @@ -100,7 +100,7 @@ def permissions(user) subject { permissions(external_user) } it do - is_expected.to be_disallowed(:read_personal_snippet) + is_expected.to be_disallowed(:read_snippet) is_expected.to be_disallowed(:create_note) is_expected.to be_disallowed(:award_emoji) is_expected.to be_disallowed(*author_permissions) @@ -111,7 +111,7 @@ def permissions(user) subject { permissions(snippet.author) } it do - is_expected.to be_allowed(:read_personal_snippet) + is_expected.to be_allowed(:read_snippet) is_expected.to be_allowed(:create_note) is_expected.to be_allowed(:award_emoji) is_expected.to be_allowed(*author_permissions) @@ -128,7 +128,7 @@ def permissions(user) subject { permissions(nil) } it do - is_expected.to be_disallowed(:read_personal_snippet) + is_expected.to be_disallowed(:read_snippet) is_expected.to be_disallowed(:create_note) is_expected.to be_disallowed(:award_emoji) is_expected.to be_disallowed(*author_permissions) @@ -139,7 +139,7 @@ def permissions(user) subject { permissions(regular_user) } it do - is_expected.to be_disallowed(:read_personal_snippet) + is_expected.to be_disallowed(:read_snippet) is_expected.to be_disallowed(:create_note) is_expected.to be_disallowed(:award_emoji) is_expected.to be_disallowed(*author_permissions) @@ -150,7 +150,7 @@ def permissions(user) subject { permissions(external_user) } it do - is_expected.to be_disallowed(:read_personal_snippet) + is_expected.to be_disallowed(:read_snippet) is_expected.to be_disallowed(:create_note) is_expected.to be_disallowed(:award_emoji) is_expected.to be_disallowed(*author_permissions) @@ -161,7 +161,7 @@ def permissions(user) subject { permissions(snippet.author) } it do - is_expected.to be_allowed(:read_personal_snippet) + is_expected.to be_allowed(:read_snippet) is_expected.to be_allowed(:create_note) is_expected.to be_allowed(:award_emoji) is_expected.to be_allowed(*author_permissions) diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index e47204c774b4240758f3e86312875b8ab94a8365..1a4b8315fdedfde119fc624c978fbfbab52e074b 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -17,7 +17,7 @@ %i[ read_project read_board read_list read_wiki read_issue read_project_for_iids read_issue_iid read_label - read_milestone read_project_snippet read_project_member read_note + read_milestone read_snippet read_project_member read_note create_project create_issue create_note upload_file create_merge_request_in award_emoji read_release ] @@ -25,7 +25,7 @@ let(:base_reporter_permissions) do %i[ - download_code fork_project create_project_snippet update_issue + download_code fork_project create_snippet update_issue admin_issue admin_label admin_list read_commit_status read_build read_container_image read_pipeline read_environment read_deployment read_merge_request download_wiki_code read_sentry_issue @@ -48,8 +48,8 @@ let(:base_maintainer_permissions) do %i[ - push_to_delete_protected_branch update_project_snippet - admin_project_snippet admin_project_member admin_note admin_wiki admin_project + push_to_delete_protected_branch update_snippet + admin_snippet admin_project_member admin_note admin_wiki admin_project admin_commit_status admin_build admin_container_image admin_pipeline admin_environment admin_deployment destroy_release add_cluster daily_statistics diff --git a/spec/policies/project_snippet_policy_spec.rb b/spec/policies/project_snippet_policy_spec.rb index 374636874eef212a2c01e6e598ca9df367b06c29..b55d565a57cd5b3f30089d1c4dc4ea5ceee81470 100644 --- a/spec/policies/project_snippet_policy_spec.rb +++ b/spec/policies/project_snippet_policy_spec.rb @@ -12,8 +12,8 @@ let(:author) { other_user } let(:author_permissions) do [ - :update_project_snippet, - :admin_project_snippet + :update_snippet, + :admin_snippet ] end @@ -26,7 +26,7 @@ end it do - expect_allowed(:read_project_snippet, :create_note) + expect_allowed(:read_snippet, :create_note) expect_disallowed(*author_permissions) end end @@ -38,8 +38,8 @@ context 'not snippet author' do it do - expect_allowed(:read_project_snippet, :create_note) - expect_disallowed(:admin_project_snippet) + expect_allowed(:read_snippet, :create_note) + expect_disallowed(:admin_snippet) end end end @@ -53,7 +53,7 @@ end it do - expect_allowed(:read_project_snippet, :create_note) + expect_allowed(:read_snippet, :create_note) expect_allowed(*author_permissions) end end @@ -64,15 +64,15 @@ end it do - expect_allowed(:read_project_snippet, :create_note) - expect_disallowed(:admin_project_snippet) + expect_allowed(:read_snippet, :create_note) + expect_disallowed(:admin_snippet) end end context 'not a project member' do it do - expect_allowed(:read_project_snippet, :create_note) - expect_disallowed(:admin_project_snippet) + expect_allowed(:read_snippet, :create_note) + expect_disallowed(:admin_snippet) end end end @@ -85,7 +85,7 @@ let(:current_user) { nil } it do - expect_allowed(:read_project_snippet) + expect_allowed(:read_snippet) expect_disallowed(*author_permissions) end end @@ -94,7 +94,7 @@ let(:current_user) { regular_user } it do - expect_allowed(:read_project_snippet, :create_note) + expect_allowed(:read_snippet, :create_note) expect_disallowed(*author_permissions) end @@ -105,7 +105,7 @@ let(:current_user) { external_user } it do - expect_allowed(:read_project_snippet, :create_note) + expect_allowed(:read_snippet, :create_note) expect_disallowed(*author_permissions) end @@ -115,7 +115,7 @@ end it do - expect_allowed(:read_project_snippet, :create_note) + expect_allowed(:read_snippet, :create_note) expect_disallowed(*author_permissions) end end @@ -129,7 +129,7 @@ let(:current_user) { nil } it do - expect_disallowed(:read_project_snippet) + expect_disallowed(:read_snippet) expect_disallowed(*author_permissions) end end @@ -138,7 +138,7 @@ let(:current_user) { regular_user } it do - expect_allowed(:read_project_snippet, :create_note) + expect_allowed(:read_snippet, :create_note) expect_disallowed(*author_permissions) end @@ -149,7 +149,7 @@ let(:current_user) { external_user } it do - expect_disallowed(:read_project_snippet, :create_note) + expect_disallowed(:read_snippet, :create_note) expect_disallowed(*author_permissions) end @@ -159,7 +159,7 @@ end it do - expect_allowed(:read_project_snippet, :create_note) + expect_allowed(:read_snippet, :create_note) expect_disallowed(*author_permissions) end end @@ -173,7 +173,7 @@ let(:current_user) { nil } it do - expect_disallowed(:read_project_snippet) + expect_disallowed(:read_snippet) expect_disallowed(*author_permissions) end end @@ -182,7 +182,7 @@ let(:current_user) { regular_user } it do - expect_disallowed(:read_project_snippet, :create_note) + expect_disallowed(:read_snippet, :create_note) expect_disallowed(*author_permissions) end @@ -193,7 +193,7 @@ let(:current_user) { external_user } it do - expect_disallowed(:read_project_snippet, :create_note) + expect_disallowed(:read_snippet, :create_note) expect_disallowed(*author_permissions) end @@ -203,7 +203,7 @@ end it do - expect_allowed(:read_project_snippet, :create_note) + expect_allowed(:read_snippet, :create_note) expect_disallowed(*author_permissions) end end @@ -214,7 +214,7 @@ let(:current_user) { create(:admin) } it do - expect_allowed(:read_project_snippet, :create_note) + expect_allowed(:read_snippet, :create_note) expect_allowed(*author_permissions) end end diff --git a/spec/presenters/snippet_presenter_spec.rb b/spec/presenters/snippet_presenter_spec.rb index 87f2220979c16817f55f5b2c9d2b6e50a17d10a0..e21179055595f1a05213ee36b92bc83950c2ff6e 100644 --- a/spec/presenters/snippet_presenter_spec.rb +++ b/spec/presenters/snippet_presenter_spec.rb @@ -62,8 +62,8 @@ context 'with PersonalSnippet' do let(:snippet) { personal_snippet } - it 'checks read_personal_snippet' do - expect(presenter).to receive(:can?).with(user, :read_personal_snippet, snippet) + it 'checks read_snippet' do + expect(presenter).to receive(:can?).with(user, :read_snippet, snippet) subject end @@ -72,8 +72,8 @@ context 'with ProjectSnippet' do let(:snippet) { project_snippet } - it 'checks read_project_snippet ' do - expect(presenter).to receive(:can?).with(user, :read_project_snippet, snippet) + it 'checks read_snippet ' do + expect(presenter).to receive(:can?).with(user, :read_snippet, snippet) subject end @@ -86,8 +86,8 @@ context 'with PersonalSnippet' do let(:snippet) { personal_snippet } - it 'checks update_personal_snippet' do - expect(presenter).to receive(:can?).with(user, :update_personal_snippet, snippet) + it 'checks update_snippet' do + expect(presenter).to receive(:can?).with(user, :update_snippet, snippet) subject end @@ -96,8 +96,8 @@ context 'with ProjectSnippet' do let(:snippet) { project_snippet } - it 'checks update_project_snippet ' do - expect(presenter).to receive(:can?).with(user, :update_project_snippet, snippet) + it 'checks update_snippet ' do + expect(presenter).to receive(:can?).with(user, :update_snippet, snippet) subject end @@ -110,8 +110,8 @@ context 'with PersonalSnippet' do let(:snippet) { personal_snippet } - it 'checks admin_personal_snippet' do - expect(presenter).to receive(:can?).with(user, :admin_personal_snippet, snippet) + it 'checks admin_snippet' do + expect(presenter).to receive(:can?).with(user, :admin_snippet, snippet) subject end @@ -120,8 +120,8 @@ context 'with ProjectSnippet' do let(:snippet) { project_snippet } - it 'checks admin_project_snippet ' do - expect(presenter).to receive(:can?).with(user, :admin_project_snippet, snippet) + it 'checks admin_snippet ' do + expect(presenter).to receive(:can?).with(user, :admin_snippet, snippet) subject end diff --git a/spec/support/shared_contexts/policies/project_policy_shared_context.rb b/spec/support/shared_contexts/policies/project_policy_shared_context.rb index 480c5a0fda08f66121761d3e8ed786513b764620..29a64e9b5590fc6a54ae0f53c535bf70a4d5dedf 100644 --- a/spec/support/shared_contexts/policies/project_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/project_policy_shared_context.rb @@ -13,7 +13,7 @@ %i[ read_project read_board read_list read_wiki read_issue read_project_for_iids read_issue_iid read_label - read_milestone read_project_snippet read_project_member read_note + read_milestone read_snippet read_project_member read_note create_project create_issue create_note upload_file create_merge_request_in award_emoji ] @@ -21,7 +21,7 @@ let(:base_reporter_permissions) do %i[ - download_code fork_project create_project_snippet update_issue + download_code fork_project create_snippet update_issue admin_issue admin_label admin_list read_commit_status read_build read_container_image read_pipeline read_environment read_deployment read_merge_request download_wiki_code read_sentry_issue read_prometheus @@ -45,8 +45,8 @@ let(:base_maintainer_permissions) do %i[ - push_to_delete_protected_branch update_project_snippet - admin_project_snippet admin_project_member admin_note admin_wiki admin_project + push_to_delete_protected_branch update_snippet + admin_snippet admin_project_member admin_note admin_wiki admin_project admin_commit_status admin_build admin_container_image admin_pipeline admin_environment admin_deployment destroy_release add_cluster daily_statistics diff --git a/spec/support/shared_examples/finders/snippet_visibility_shared_examples.rb b/spec/support/shared_examples/finders/snippet_visibility_shared_examples.rb index e2089ee623ab0110e107d533c8f4ccc9710663b0..98ab141ab2644be1e953d5ac406dc963062e4784 100644 --- a/spec/support/shared_examples/finders/snippet_visibility_shared_examples.rb +++ b/spec/support/shared_examples/finders/snippet_visibility_shared_examples.rb @@ -234,8 +234,8 @@ end context "For #{params[:project_type]} project and #{params[:user_type]} users" do - it 'agrees with the read_project_snippet policy' do - expect(can?(user, :read_project_snippet, snippet)).to eq(outcome) + it 'agrees with the read_snippet policy' do + expect(can?(user, :read_snippet, snippet)).to eq(outcome) end it 'returns proper outcome' do @@ -297,8 +297,8 @@ let!(:snippet) { create(:personal_snippet, visibility_level: snippet_visibility, author: author) } context "For personal and #{params[:snippet_visibility]} snippets with #{params[:user_type]} user" do - it 'agrees with read_personal_snippet policy' do - expect(can?(user, :read_personal_snippet, snippet)).to eq(outcome) + it 'agrees with read_snippet policy' do + expect(can?(user, :read_snippet, snippet)).to eq(outcome) end it 'returns proper outcome' do