From 78ba62d55c8e5e9caf408bb401dcd6abf9e11998 Mon Sep 17 00:00:00 2001 From: Alex Pooley Date: Mon, 6 Jan 2020 15:11:02 +0800 Subject: [PATCH] Align project and personal snippet abilities Mostly a search and replace for *_project_snippet and *_personal_snippet abilities across app and spec files. Replaced with just *_snippet and falling back on the type of subject to determine which policies to apply. There are some less trivial changes included which relate to inferring an abilities name from the subject class. Because ProjectSnippet is a child of Snippet there is some special handling around the place. There is perhaps potential to clean this up a bit as there is the same logic spread out in various locations. Various changes required after review - Renamed before_action names - Fixed snippet note mailer with spec - Removed incorrect/unecessary policy parameter - Fix personal snippet note policy spec --- .../projects/snippets_controller.rb | 24 +++++----- app/controllers/snippets/notes_controller.rb | 2 +- app/controllers/snippets_controller.rb | 8 ++-- app/controllers/uploads_controller.rb | 2 + app/graphql/mutations/snippets/create.rb | 4 +- app/graphql/types/permission_types/project.rb | 2 +- app/graphql/types/permission_types/user.rb | 2 +- app/helpers/projects_helper.rb | 4 +- app/mailers/emails/notes.rb | 16 +++---- app/models/ability.rb | 2 +- app/models/event.rb | 6 +-- app/models/note.rb | 2 +- app/models/project.rb | 2 +- app/models/snippet.rb | 6 +-- app/policies/global_policy.rb | 4 +- app/policies/personal_snippet_policy.rb | 15 +++--- app/policies/project_policy.rb | 14 +++--- app/policies/project_snippet_policy.rb | 37 +++++++-------- app/services/snippets/destroy_service.rb | 4 +- app/views/dashboard/_snippets_head.html.haml | 2 +- app/views/dashboard/snippets/index.html.haml | 2 +- app/views/layouts/header/_new_dropdown.haml | 4 +- .../note_project_snippet_email.html.haml | 1 - .../note_project_snippet_email.text.erb | 1 - ...html.haml => note_snippet_email.html.haml} | 0 ...l.text.erb => note_snippet_email.text.erb} | 0 .../projects/buttons/_dropdown.html.haml | 2 +- .../projects/snippets/_actions.html.haml | 14 +++--- app/views/projects/snippets/index.html.haml | 2 +- app/views/snippets/_actions.html.haml | 12 ++--- app/views/snippets/_snippets.html.haml | 2 +- ee/app/policies/ee/project_snippet_policy.rb | 2 +- ee/spec/policies/project_policy_spec.rb | 2 +- .../policies/project_snippet_policy_spec.rb | 6 +-- lib/api/award_emoji.rb | 2 + lib/api/helpers/notes_helpers.rb | 10 +++- lib/api/project_snippets.rb | 6 +-- lib/api/snippets.rb | 4 +- lib/banzai/reference_parser/snippet_parser.rb | 2 +- spec/mailers/notify_spec.rb | 26 +++++++++-- spec/models/note_spec.rb | 8 ++-- spec/policies/global_policy_spec.rb | 8 ++-- spec/policies/note_policy_spec.rb | 41 +++++++++-------- spec/policies/personal_snippet_policy_spec.rb | 28 +++++------ spec/policies/project_policy_spec.rb | 8 ++-- spec/policies/project_snippet_policy_spec.rb | 46 +++++++++---------- spec/presenters/snippet_presenter_spec.rb | 24 +++++----- .../policies/project_policy_shared_context.rb | 8 ++-- .../snippet_visibility_shared_examples.rb | 8 ++-- 49 files changed, 226 insertions(+), 211 deletions(-) delete mode 100644 app/views/notify/note_project_snippet_email.html.haml delete mode 100644 app/views/notify/note_project_snippet_email.text.erb rename app/views/notify/{note_personal_snippet_email.html.haml => note_snippet_email.html.haml} (100%) rename app/views/notify/{note_personal_snippet_email.text.erb => note_snippet_email.text.erb} (100%) diff --git a/app/controllers/projects/snippets_controller.rb b/app/controllers/projects/snippets_controller.rb index daddd9dd48555c..d7ae6d2cbb4ef8 100644 --- a/app/controllers/projects/snippets_controller.rb +++ b/app/controllers/projects/snippets_controller.rb @@ -15,17 +15,17 @@ class Projects::SnippetsController < Projects::ApplicationController before_action :check_snippets_available! before_action :snippet, only: [:show, :edit, :destroy, :update, :raw, :toggle_award_emoji, :mark_as_spam] - # Allow read any snippet - before_action :authorize_read_project_snippet!, except: [:new, :create, :index] + # Allow create snippet + before_action :authorize_create_snippet!, only: [:new, :create] - # Allow write(create) snippet - before_action :authorize_create_project_snippet!, only: [:new, :create] + # Allow read any snippet + before_action :authorize_read_snippet!, except: [:new, :create, :index] # Allow modify snippet - before_action :authorize_update_project_snippet!, only: [:edit, :update] + before_action :authorize_update_snippet!, only: [:edit, :update] # Allow destroy snippet - before_action :authorize_admin_project_snippet!, only: [:destroy] + before_action :authorize_admin_snippet!, only: [:destroy] respond_to :html @@ -115,16 +115,16 @@ def spammable_path project_snippet_path(@project, @snippet) end - def authorize_read_project_snippet! - return render_404 unless can?(current_user, :read_project_snippet, @snippet) + def authorize_read_snippet! + return render_404 unless can?(current_user, :read_snippet, @snippet) end - def authorize_update_project_snippet! - return render_404 unless can?(current_user, :update_project_snippet, @snippet) + def authorize_update_snippet! + return render_404 unless can?(current_user, :update_snippet, @snippet) end - def authorize_admin_project_snippet! - return render_404 unless can?(current_user, :admin_project_snippet, @snippet) + def authorize_admin_snippet! + return render_404 unless can?(current_user, :admin_snippet, @snippet) end def snippet_params diff --git a/app/controllers/snippets/notes_controller.rb b/app/controllers/snippets/notes_controller.rb index 551b37cb3d35e9..a7e8ef0798bf24 100644 --- a/app/controllers/snippets/notes_controller.rb +++ b/app/controllers/snippets/notes_controller.rb @@ -33,7 +33,7 @@ def finder_params end def authorize_read_snippet! - return render_404 unless can?(current_user, :read_personal_snippet, snippet) + return render_404 unless can?(current_user, :read_snippet, snippet) end def authorize_create_note! diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb index fc073e4736805e..b6ad5fd02b0907 100644 --- a/app/controllers/snippets_controller.rb +++ b/app/controllers/snippets_controller.rb @@ -126,7 +126,7 @@ def spammable_path end def authorize_read_snippet! - return if can?(current_user, :read_personal_snippet, @snippet) + return if can?(current_user, :read_snippet, @snippet) if current_user render_404 @@ -136,15 +136,15 @@ def authorize_read_snippet! end def authorize_update_snippet! - return render_404 unless can?(current_user, :update_personal_snippet, @snippet) + return render_404 unless can?(current_user, :update_snippet, @snippet) end def authorize_admin_snippet! - return render_404 unless can?(current_user, :admin_personal_snippet, @snippet) + return render_404 unless can?(current_user, :admin_snippet, @snippet) end def authorize_create_snippet! - return render_404 unless can?(current_user, :create_personal_snippet) + return render_404 unless can?(current_user, :create_snippet) end def snippet_params diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb index 67d3364847077e..0b092d2622bc26 100644 --- a/app/controllers/uploads_controller.rb +++ b/app/controllers/uploads_controller.rb @@ -41,6 +41,8 @@ def authorize_access! case model when Note can?(current_user, :read_project, model.project) + when Snippet, ProjectSnippet + can?(current_user, :read_snippet, model) when User # We validate the current user has enough (writing) # access to itself when a secret is given. diff --git a/app/graphql/mutations/snippets/create.rb b/app/graphql/mutations/snippets/create.rb index 4e0e65d09a9e44..266a123de82d45 100644 --- a/app/graphql/mutations/snippets/create.rb +++ b/app/graphql/mutations/snippets/create.rb @@ -67,11 +67,11 @@ def find_object(full_path:) end def authorized_resource?(project) - Ability.allowed?(context[:current_user], :create_project_snippet, project) + Ability.allowed?(context[:current_user], :create_snippet, project) end def can_create_personal_snippet? - Ability.allowed?(context[:current_user], :create_personal_snippet) + Ability.allowed?(context[:current_user], :create_snippet) end end end diff --git a/app/graphql/types/permission_types/project.rb b/app/graphql/types/permission_types/project.rb index 2879dbd2b5c65f..094c72fa812a56 100644 --- a/app/graphql/types/permission_types/project.rb +++ b/app/graphql/types/permission_types/project.rb @@ -21,7 +21,7 @@ class Project < BasePermissionType permission_field :create_snippet def create_snippet - Ability.allowed?(context[:current_user], :create_project_snippet, object) + Ability.allowed?(context[:current_user], :create_snippet, object) end end end diff --git a/app/graphql/types/permission_types/user.rb b/app/graphql/types/permission_types/user.rb index dba4de2daccc79..93d9787d58e17a 100644 --- a/app/graphql/types/permission_types/user.rb +++ b/app/graphql/types/permission_types/user.rb @@ -8,7 +8,7 @@ class User < BasePermissionType permission_field :create_snippet def create_snippet - Ability.allowed?(context[:current_user], :create_personal_snippet) + Ability.allowed?(context[:current_user], :create_snippet) end end end diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb index 63f1f24b6114f2..339d68871aee5f 100644 --- a/app/helpers/projects_helper.rb +++ b/app/helpers/projects_helper.rb @@ -425,7 +425,7 @@ def tab_ability_map { environments: :read_environment, milestones: :read_milestone, - snippets: :read_project_snippet, + snippets: :read_snippet, settings: :admin_project, builds: :read_build, clusters: :read_cluster, @@ -443,7 +443,7 @@ def search_tab_ability_map blobs: :download_code, commits: :download_code, merge_requests: :read_merge_request, - notes: [:read_merge_request, :download_code, :read_issue, :read_project_snippet], + notes: [:read_merge_request, :download_code, :read_issue, :read_snippet], members: :read_project_member ) end diff --git a/app/mailers/emails/notes.rb b/app/mailers/emails/notes.rb index de70d0073b3119..6dd4ccb510ac00 100644 --- a/app/mailers/emails/notes.rb +++ b/app/mailers/emails/notes.rb @@ -26,19 +26,17 @@ def note_merge_request_email(recipient_id, note_id, reason = nil) mail_answer_note_thread(@merge_request, @note, note_thread_options(recipient_id, reason)) end - def note_project_snippet_email(recipient_id, note_id, reason = nil) + def note_snippet_email(recipient_id, note_id, reason = nil) setup_note_mail(note_id, recipient_id) - @snippet = @note.noteable - @target_url = project_snippet_url(*note_target_url_options) - mail_answer_note_thread(@snippet, @note, note_thread_options(recipient_id, reason)) - end - def note_personal_snippet_email(recipient_id, note_id, reason = nil) - setup_note_mail(note_id, recipient_id) + case @snippet + when ProjectSnippet + @target_url = project_snippet_url(*note_target_url_options) + when Snippet + @target_url = gitlab_snippet_url(@note.noteable) + end - @snippet = @note.noteable - @target_url = gitlab_snippet_url(@note.noteable) mail_answer_note_thread(@snippet, @note, note_thread_options(recipient_id, reason)) end diff --git a/app/models/ability.rb b/app/models/ability.rb index 1466407d0d1082..671a92632d5c5b 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -24,7 +24,7 @@ def users_that_can_read_group(users, group) # read the given snippet. def users_that_can_read_personal_snippet(users, snippet) DeclarativePolicy.subject_scope do - users.select { |u| allowed?(u, :read_personal_snippet, snippet) } + users.select { |u| allowed?(u, :read_snippet, snippet) } end end diff --git a/app/models/event.rb b/app/models/event.rb index 9611019adb88a6..35fb062311f70d 100644 --- a/app/models/event.rb +++ b/app/models/event.rb @@ -145,10 +145,8 @@ def visible_to_user?(user = nil) Ability.allowed?(user, :read_issue, note? ? note_target : target) elsif merge_request? || merge_request_note? Ability.allowed?(user, :read_merge_request, note? ? note_target : target) - elsif personal_snippet_note? - Ability.allowed?(user, :read_personal_snippet, note_target) - elsif project_snippet_note? - Ability.allowed?(user, :read_project_snippet, note_target) + elsif personal_snippet_note? || project_snippet_note? + Ability.allowed?(user, :read_snippet, note_target) elsif milestone? Ability.allowed?(user, :read_milestone, project) else diff --git a/app/models/note.rb b/app/models/note.rb index de9478ce68d8c1..0434f0963d3913 100644 --- a/app/models/note.rb +++ b/app/models/note.rb @@ -367,7 +367,7 @@ def to_ability_name end def noteable_ability_name - for_snippet? ? noteable.class.name.underscore : noteable_type.demodulize.underscore + for_snippet? ? 'snippet' : noteable_type.demodulize.underscore end def can_be_discussion_note? diff --git a/app/models/project.rb b/app/models/project.rb index a73ca7d5bbbc96..6ef4af169799e9 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -2274,7 +2274,7 @@ def storage_upgradable? end def snippets_visible?(user = nil) - Ability.allowed?(user, :read_project_snippet, self) + Ability.allowed?(user, :read_snippet, self) end def max_attachment_size diff --git a/app/models/snippet.rb b/app/models/snippet.rb index b7f396681afefd..19685cdb78e228 100644 --- a/app/models/snippet.rb +++ b/app/models/snippet.rb @@ -215,9 +215,7 @@ def visibility_level_field end def embeddable? - ability = project_id? ? :read_project_snippet : :read_personal_snippet - - Ability.allowed?(nil, ability, self) + Ability.allowed?(nil, :read_snippet, self) end def notes_with_associations @@ -240,7 +238,7 @@ def spammable_entity_type end def to_ability_name - model_name.singular + 'snippet' end def valid_secret_token?(token) diff --git a/app/policies/global_policy.rb b/app/policies/global_policy.rb index f212bb06bc9267..764d61a9e22256 100644 --- a/app/policies/global_policy.rb +++ b/app/policies/global_policy.rb @@ -75,7 +75,7 @@ class GlobalPolicy < BasePolicy rule { ~anonymous }.policy do enable :read_instance_metadata - enable :create_personal_snippet + enable :create_snippet end rule { admin }.policy do @@ -83,7 +83,7 @@ class GlobalPolicy < BasePolicy enable :update_custom_attribute end - rule { external_user }.prevent :create_personal_snippet + rule { external_user }.prevent :create_snippet end GlobalPolicy.prepend_if_ee('EE::GlobalPolicy') diff --git a/app/policies/personal_snippet_policy.rb b/app/policies/personal_snippet_policy.rb index c2fcf1a10109e2..bc60913563c1b6 100644 --- a/app/policies/personal_snippet_policy.rb +++ b/app/policies/personal_snippet_policy.rb @@ -6,19 +6,19 @@ class PersonalSnippetPolicy < BasePolicy condition(:internal_snippet, scope: :subject) { @subject.internal? } rule { public_snippet }.policy do - enable :read_personal_snippet + enable :read_snippet enable :create_note end rule { is_author | admin }.policy do - enable :read_personal_snippet - enable :update_personal_snippet - enable :admin_personal_snippet + enable :read_snippet + enable :update_snippet + enable :admin_snippet enable :create_note end rule { internal_snippet & ~external_user }.policy do - enable :read_personal_snippet + enable :read_snippet enable :create_note end @@ -26,8 +26,5 @@ class PersonalSnippetPolicy < BasePolicy rule { can?(:create_note) }.enable :award_emoji - rule { can?(:read_all_resources) }.enable :read_personal_snippet - - # Aliasing the ability to ease GraphQL permissions check - rule { can?(:read_personal_snippet) }.enable :read_snippet + rule { can?(:read_all_resources) }.enable :read_snippet end diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index 2789152e175c8c..bbcb3c637a97fd 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -9,7 +9,7 @@ class ProjectPolicy < BasePolicy merge_request label milestone - project_snippet + snippet wiki note pipeline @@ -185,7 +185,7 @@ class ProjectPolicy < BasePolicy enable :read_issue enable :read_label enable :read_milestone - enable :read_project_snippet + enable :read_snippet enable :read_project_member enable :read_note enable :create_project @@ -208,7 +208,7 @@ class ProjectPolicy < BasePolicy enable :download_code enable :read_statistics enable :download_wiki_code - enable :create_project_snippet + enable :create_snippet enable :update_issue enable :reopen_issue enable :admin_issue @@ -286,8 +286,8 @@ class ProjectPolicy < BasePolicy rule { can?(:maintainer_access) }.policy do enable :admin_board enable :push_to_delete_protected_branch - enable :update_project_snippet - enable :admin_project_snippet + enable :update_snippet + enable :admin_snippet enable :admin_project_member enable :admin_note enable :admin_wiki @@ -352,7 +352,7 @@ class ProjectPolicy < BasePolicy end rule { snippets_disabled }.policy do - prevent(*create_read_update_admin_destroy(:project_snippet)) + prevent(*create_read_update_admin_destroy(:snippet)) end rule { wiki_disabled }.policy do @@ -405,7 +405,7 @@ class ProjectPolicy < BasePolicy enable :read_wiki enable :read_label enable :read_milestone - enable :read_project_snippet + enable :read_snippet enable :read_project_member enable :read_merge_request enable :read_note diff --git a/app/policies/project_snippet_policy.rb b/app/policies/project_snippet_policy.rb index a9094fbd95855c..a38d9154102f9b 100644 --- a/app/policies/project_snippet_policy.rb +++ b/app/policies/project_snippet_policy.rb @@ -14,44 +14,41 @@ class ProjectSnippetPolicy < BasePolicy # We have to check both project feature visibility and a snippet visibility and take the stricter one # This will be simplified - check https://gitlab.com/gitlab-org/gitlab-foss/issues/27573 rule { ~can?(:read_project) }.policy do - prevent :read_project_snippet - prevent :update_project_snippet - prevent :admin_project_snippet + prevent :read_snippet + prevent :update_snippet + prevent :admin_snippet end - # we have to use this complicated prevent because the delegated project policy - # is overly greedy in allowing :read_project_snippet, since it doesn't have any - # information about the snippet. However, :read_project_snippet on the *project* - # is used to hide/show various snippet-related controls, so we can't just move - # all of the handling here. + # we have to use this complicated prevent because the delegated project + # policy is overly greedy in allowing :read_snippet, since it doesn't have + # any information about the snippet. However, :read_snippet on the *project* + # is used to hide/show various snippet-related controls, so we can't just + # move all of the handling here. rule do all?(private_snippet | (internal_snippet & external_user), ~project.guest, ~is_author, ~can?(:read_all_resources)) - end.prevent :read_project_snippet + end.prevent :read_snippet rule { internal_snippet & ~is_author & ~admin }.policy do - prevent :update_project_snippet - prevent :admin_project_snippet + prevent :update_snippet + prevent :admin_snippet end - rule { public_snippet }.enable :read_project_snippet + rule { public_snippet }.enable :read_snippet rule { is_author & ~project.reporter & ~admin }.policy do - prevent :admin_project_snippet + prevent :admin_snippet end rule { is_author | admin }.policy do - enable :read_project_snippet - enable :update_project_snippet - enable :admin_project_snippet + enable :read_snippet + enable :update_snippet + enable :admin_snippet end - rule { ~can?(:read_project_snippet) }.prevent :create_note - - # Aliasing the ability to ease GraphQL permissions check - rule { can?(:read_project_snippet) }.enable :read_snippet + rule { ~can?(:read_snippet) }.prevent :create_note end ProjectSnippetPolicy.prepend_if_ee('EE::ProjectSnippetPolicy') diff --git a/app/services/snippets/destroy_service.rb b/app/services/snippets/destroy_service.rb index f253817d94fd53..c1e87e74aa42f5 100644 --- a/app/services/snippets/destroy_service.rb +++ b/app/services/snippets/destroy_service.rb @@ -36,9 +36,7 @@ def execute attr_reader :snippet def user_can_delete_snippet? - return can?(current_user, :admin_project_snippet, snippet) if project - - can?(current_user, :admin_personal_snippet, snippet) + can?(current_user, :admin_snippet, snippet) end def service_response_error(message, http_status) diff --git a/app/views/dashboard/_snippets_head.html.haml b/app/views/dashboard/_snippets_head.html.haml index 4958cdc3745e2b..d2fb4a3cd43e5f 100644 --- a/app/views/dashboard/_snippets_head.html.haml +++ b/app/views/dashboard/_snippets_head.html.haml @@ -3,7 +3,7 @@ - if current_user && current_user.snippets.any? || @snippets.any? .page-title-controls - - if can?(current_user, :create_personal_snippet) + - if can?(current_user, :create_snippet) = link_to _("New snippet"), new_snippet_path, class: "btn btn-success", title: _("New snippet") .top-area diff --git a/app/views/dashboard/snippets/index.html.haml b/app/views/dashboard/snippets/index.html.haml index 44a9270971abea..69155b6c04dfd9 100644 --- a/app/views/dashboard/snippets/index.html.haml +++ b/app/views/dashboard/snippets/index.html.haml @@ -1,7 +1,7 @@ - @hide_top_links = true - page_title "Snippets" - header_title "Snippets", dashboard_snippets_path -- button_path = new_snippet_path if can?(current_user, :create_personal_snippet) +- button_path = new_snippet_path if can?(current_user, :create_snippet) = render 'dashboard/snippets_head' - if current_user.snippets.exists? diff --git a/app/views/layouts/header/_new_dropdown.haml b/app/views/layouts/header/_new_dropdown.haml index 301096215155ea..3cbfb24a86816a 100644 --- a/app/views/layouts/header/_new_dropdown.haml +++ b/app/views/layouts/header/_new_dropdown.haml @@ -21,7 +21,7 @@ - if @project&.persisted? - create_project_issue = show_new_issue_link?(@project) - merge_project = merge_request_source_project_for_project(@project) - - create_project_snippet = can?(current_user, :create_project_snippet, @project) + - create_project_snippet = can?(current_user, :create_snippet, @project) - if create_project_issue || merge_project || create_project_snippet %li.dropdown-bold-header @@ -38,5 +38,5 @@ %li= link_to _('New project'), new_project_path, class: 'qa-global-new-project-link' - if current_user.can_create_group? %li= link_to _('New group'), new_group_path - - if current_user.can?(:create_personal_snippet) + - if current_user.can?(:create_snippet) %li= link_to _('New snippet'), new_snippet_path, class: 'qa-global-new-snippet-link' diff --git a/app/views/notify/note_project_snippet_email.html.haml b/app/views/notify/note_project_snippet_email.html.haml deleted file mode 100644 index 5e69f01a486f19..00000000000000 --- a/app/views/notify/note_project_snippet_email.html.haml +++ /dev/null @@ -1 +0,0 @@ -= render 'note_email' diff --git a/app/views/notify/note_project_snippet_email.text.erb b/app/views/notify/note_project_snippet_email.text.erb deleted file mode 100644 index 413d9e6e9ac7e2..00000000000000 --- a/app/views/notify/note_project_snippet_email.text.erb +++ /dev/null @@ -1 +0,0 @@ -<%= render 'note_email' %> diff --git a/app/views/notify/note_personal_snippet_email.html.haml b/app/views/notify/note_snippet_email.html.haml similarity index 100% rename from app/views/notify/note_personal_snippet_email.html.haml rename to app/views/notify/note_snippet_email.html.haml diff --git a/app/views/notify/note_personal_snippet_email.text.erb b/app/views/notify/note_snippet_email.text.erb similarity index 100% rename from app/views/notify/note_personal_snippet_email.text.erb rename to app/views/notify/note_snippet_email.text.erb diff --git a/app/views/projects/buttons/_dropdown.html.haml b/app/views/projects/buttons/_dropdown.html.haml index f1a7528065a21d..33465953086d90 100644 --- a/app/views/projects/buttons/_dropdown.html.haml +++ b/app/views/projects/buttons/_dropdown.html.haml @@ -1,5 +1,5 @@ - can_create_issue = show_new_issue_link?(@project) -- can_create_project_snippet = can?(current_user, :create_project_snippet, @project) +- can_create_project_snippet = can?(current_user, :create_snippet, @project) - can_push_code = can?(current_user, :push_code, @project) - create_mr_from_new_fork = can?(current_user, :fork_project, @project) && can?(current_user, :create_merge_request_in, @project) - merge_project = merge_request_source_project_for_project(@project) diff --git a/app/views/projects/snippets/_actions.html.haml b/app/views/projects/snippets/_actions.html.haml index 29bad50579c779..41c9bac01024a3 100644 --- a/app/views/projects/snippets/_actions.html.haml +++ b/app/views/projects/snippets/_actions.html.haml @@ -1,33 +1,33 @@ - return unless current_user .d-none.d-sm-block - - if can?(current_user, :update_project_snippet, @snippet) + - if can?(current_user, :update_snippet, @snippet) = link_to edit_project_snippet_path(@project, @snippet), class: "btn btn-grouped" do = _('Edit') - - if can?(current_user, :admin_project_snippet, @snippet) + - if can?(current_user, :admin_snippet, @snippet) = link_to project_snippet_path(@project, @snippet), method: :delete, data: { confirm: _("Are you sure?") }, class: "btn btn-grouped btn-inverted btn-remove", title: _('Delete Snippet') do = _('Delete') - - if can?(current_user, :create_project_snippet, @project) + - if can?(current_user, :create_snippet, @project) = link_to new_project_snippet_path(@project), class: 'btn btn-grouped btn-inverted btn-success', title: _("New snippet") do = _('New snippet') - if @snippet.submittable_as_spam_by?(current_user) = link_to _('Submit as spam'), mark_as_spam_project_snippet_path(@project, @snippet), method: :post, class: 'btn btn-grouped btn-spam', title: _('Submit as spam') -- if can?(current_user, :create_project_snippet, @project) || can?(current_user, :update_project_snippet, @snippet) +- if can?(current_user, :create_snippet, @project) || can?(current_user, :update_snippet, @snippet) .d-block.d-sm-none.dropdown %button.btn.btn-default.btn-block.append-bottom-0.prepend-top-5{ data: { toggle: "dropdown" } } = _('Options') = icon('caret-down') .dropdown-menu.dropdown-menu-full-width %ul - - if can?(current_user, :create_project_snippet, @project) + - if can?(current_user, :create_snippet, @project) %li = link_to new_project_snippet_path(@project), title: _("New snippet") do = _('New snippet') - - if can?(current_user, :admin_project_snippet, @snippet) + - if can?(current_user, :admin_snippet, @snippet) %li = link_to project_snippet_path(@project, @snippet), method: :delete, data: { confirm: _("Are you sure?") }, title: _('Delete Snippet') do = _('Delete') - - if can?(current_user, :update_project_snippet, @snippet) + - if can?(current_user, :update_snippet, @snippet) %li = link_to edit_project_snippet_path(@project, @snippet) do = _('Edit') diff --git a/app/views/projects/snippets/index.html.haml b/app/views/projects/snippets/index.html.haml index 0ce18d83d57a84..65462647419ee3 100644 --- a/app/views/projects/snippets/index.html.haml +++ b/app/views/projects/snippets/index.html.haml @@ -6,7 +6,7 @@ - include_private = @project.team.member?(current_user) || current_user.admin? = render partial: 'snippets/snippets_scope_menu', locals: { subject: @project, include_private: include_private } - - if can?(current_user, :create_project_snippet, @project) + - if can?(current_user, :create_snippet, @project) .nav-controls = link_to _("New snippet"), new_project_snippet_path(@project), class: "btn btn-success", title: _("New snippet") diff --git a/app/views/snippets/_actions.html.haml b/app/views/snippets/_actions.html.haml index 5ee12a2f22af7b..979821a3846c1e 100644 --- a/app/views/snippets/_actions.html.haml +++ b/app/views/snippets/_actions.html.haml @@ -1,13 +1,13 @@ - return unless current_user .d-none.d-sm-block - - if can?(current_user, :update_personal_snippet, @snippet) + - if can?(current_user, :update_snippet, @snippet) = link_to edit_snippet_path(@snippet), class: "btn btn-grouped" do = _("Edit") - - if can?(current_user, :admin_personal_snippet, @snippet) + - if can?(current_user, :admin_snippet, @snippet) = link_to gitlab_snippet_path(@snippet), method: :delete, data: { confirm: _("Are you sure?") }, class: "btn btn-grouped btn-inverted btn-remove", title: _('Delete Snippet') do = _("Delete") - - if can?(current_user, :create_personal_snippet) + - if can?(current_user, :create_snippet) = link_to new_snippet_path, class: "btn btn-grouped btn-success btn-inverted", title: _("New snippet") do = _("New snippet") - if @snippet.submittable_as_spam_by?(current_user) @@ -18,15 +18,15 @@ = icon('caret-down') .dropdown-menu.dropdown-menu-full-width %ul - - if can?(current_user, :create_personal_snippet) + - if can?(current_user, :create_snippet) %li = link_to new_snippet_path, title: _("New snippet") do = _("New snippet") - - if can?(current_user, :admin_personal_snippet, @snippet) + - if can?(current_user, :admin_snippet, @snippet) %li = link_to gitlab_snippet_path(@snippet), method: :delete, data: { confirm: _("Are you sure?") }, title: _('Delete Snippet') do = _("Delete") - - if can?(current_user, :update_personal_snippet, @snippet) + - if can?(current_user, :update_snippet, @snippet) %li = link_to edit_snippet_path(@snippet) do = _("Edit") diff --git a/app/views/snippets/_snippets.html.haml b/app/views/snippets/_snippets.html.haml index 69b19c0def9a9c..1d22575803bdfe 100644 --- a/app/views/snippets/_snippets.html.haml +++ b/app/views/snippets/_snippets.html.haml @@ -3,7 +3,7 @@ - current_user_empty_message_header = s_('UserProfile|You haven\'t created any snippets.') - current_user_empty_message_description = s_('UserProfile|Snippets in GitLab can either be private, internal, or public.') - primary_button_label = _('New snippet') -- primary_button_link = new_snippet_path if can?(current_user, :create_personal_snippet) +- primary_button_link = new_snippet_path if can?(current_user, :create_snippet) - visitor_empty_message = s_('UserProfile|No snippets found.') .snippets-list-holder diff --git a/ee/app/policies/ee/project_snippet_policy.rb b/ee/app/policies/ee/project_snippet_policy.rb index de39e6c886aeff..282affd3ef09f2 100644 --- a/ee/app/policies/ee/project_snippet_policy.rb +++ b/ee/app/policies/ee/project_snippet_policy.rb @@ -6,7 +6,7 @@ module ProjectSnippetPolicy extend ::Gitlab::Utils::Override prepended do - rule { auditor }.enable :read_project_snippet + rule { auditor }.enable :read_snippet end end end diff --git a/ee/spec/policies/project_policy_spec.rb b/ee/spec/policies/project_policy_spec.rb index c46b6d43e01356..94d3117ae50dc7 100644 --- a/ee/spec/policies/project_policy_spec.rb +++ b/ee/spec/policies/project_policy_spec.rb @@ -45,7 +45,7 @@ download_code download_wiki_code read_project read_board read_list read_project_for_iids read_issue_iid read_merge_request_iid read_wiki read_issue read_label read_issue_link read_milestone - read_project_snippet read_project_member read_note read_cycle_analytics + read_snippet read_project_member read_note read_cycle_analytics read_pipeline read_build read_commit_status read_container_image read_environment read_deployment read_merge_request read_pages create_merge_request_in award_emoji diff --git a/ee/spec/policies/project_snippet_policy_spec.rb b/ee/spec/policies/project_snippet_policy_spec.rb index f20e391ec44b0f..e95ecc7b43d680 100644 --- a/ee/spec/policies/project_snippet_policy_spec.rb +++ b/ee/spec/policies/project_snippet_policy_spec.rb @@ -8,8 +8,8 @@ let(:snippet) { create(:project_snippet, snippet_visibility, project: project) } let(:author_permissions) do [ - :update_project_snippet, - :admin_project_snippet + :update_snippet, + :admin_snippet ] end @@ -22,7 +22,7 @@ let(:current_user) { create(:user, :auditor) } it do - is_expected.to be_allowed(:read_project_snippet) + is_expected.to be_allowed(:read_snippet) is_expected.to be_disallowed(*author_permissions) end end diff --git a/lib/api/award_emoji.rb b/lib/api/award_emoji.rb index 7a815fa3dde6de..8e3b3ff8ce5efe 100644 --- a/lib/api/award_emoji.rb +++ b/lib/api/award_emoji.rb @@ -127,6 +127,8 @@ def read_ability(awardable) case awardable when Note read_ability(awardable.noteable) + when Snippet, ProjectSnippet + :read_snippet else :"read_#{awardable.class.to_s.underscore}" end diff --git a/lib/api/helpers/notes_helpers.rb b/lib/api/helpers/notes_helpers.rb index 8adfac346f6d7f..2dd95aba6bc3aa 100644 --- a/lib/api/helpers/notes_helpers.rb +++ b/lib/api/helpers/notes_helpers.rb @@ -72,7 +72,15 @@ def get_note(noteable, note_id) end def noteable_read_ability_name(noteable) - "read_#{noteable.class.to_s.underscore}".to_sym + "read_#{ability_name(noteable)}".to_sym + end + + def ability_name(noteable) + if noteable.respond_to?(:to_ability_name) + noteable.to_ability_name + else + noteable.class.to_s.underscore + end end def find_noteable(parent_type, parent_id, noteable_type, noteable_id) diff --git a/lib/api/project_snippets.rb b/lib/api/project_snippets.rb index ecada843972310..3040c3c27c6d82 100644 --- a/lib/api/project_snippets.rb +++ b/lib/api/project_snippets.rb @@ -60,7 +60,7 @@ def snippets_for_current_user mutually_exclusive :code, :content end post ":id/snippets" do - authorize! :create_project_snippet, user_project + authorize! :create_snippet, user_project snippet_params = declared_params(include_missing: false).merge(request: request, api: true) snippet_params[:content] = snippet_params.delete(:code) if snippet_params[:code].present? @@ -97,7 +97,7 @@ def snippets_for_current_user snippet = snippets_for_current_user.find_by(id: params.delete(:snippet_id)) not_found!('Snippet') unless snippet - authorize! :update_project_snippet, snippet + authorize! :update_snippet, snippet snippet_params = declared_params(include_missing: false) .merge(request: request, api: true) @@ -126,7 +126,7 @@ def snippets_for_current_user snippet = snippets_for_current_user.find_by(id: params[:snippet_id]) not_found!('Snippet') unless snippet - authorize! :admin_project_snippet, snippet + authorize! :admin_snippet, snippet destroy_conditionally!(snippet) do |snippet| service = ::Snippets::DestroyService.new(current_user, snippet) diff --git a/lib/api/snippets.rb b/lib/api/snippets.rb index a7dab373b7f0cb..b5df036c5ca6f2 100644 --- a/lib/api/snippets.rb +++ b/lib/api/snippets.rb @@ -106,7 +106,7 @@ def snippets snippet = snippets_for_current_user.find_by_id(params.delete(:id)) break not_found!('Snippet') unless snippet - authorize! :update_personal_snippet, snippet + authorize! :update_snippet, snippet attrs = declared_params(include_missing: false).merge(request: request, api: true) service_response = ::Snippets::UpdateService.new(nil, current_user, attrs).execute(snippet) @@ -132,7 +132,7 @@ def snippets snippet = snippets_for_current_user.find_by_id(params.delete(:id)) break not_found!('Snippet') unless snippet - authorize! :admin_personal_snippet, snippet + authorize! :admin_snippet, snippet destroy_conditionally!(snippet) do |snippet| service = ::Snippets::DestroyService.new(current_user, snippet) diff --git a/lib/banzai/reference_parser/snippet_parser.rb b/lib/banzai/reference_parser/snippet_parser.rb index 6f6ac08de04c04..b86c259efbdd13 100644 --- a/lib/banzai/reference_parser/snippet_parser.rb +++ b/lib/banzai/reference_parser/snippet_parser.rb @@ -12,7 +12,7 @@ def references_relation private def can_read_reference?(user, ref_project, node) - can?(user, :read_project_snippet, referenced_by([node]).first) + can?(user, :read_snippet, referenced_by([node]).first) end end end diff --git a/spec/mailers/notify_spec.rb b/spec/mailers/notify_spec.rb index e4a7d62eb02b7e..19b15a6c6e2ed9 100644 --- a/spec/mailers/notify_spec.rb +++ b/spec/mailers/notify_spec.rb @@ -686,7 +686,7 @@ def id let(:project_snippet) { create(:project_snippet, project: project) } let(:project_snippet_note) { create(:note_on_project_snippet, project: project, noteable: project_snippet) } - subject { described_class.note_project_snippet_email(project_snippet_note.author_id, project_snippet_note.id) } + subject { described_class.note_snippet_email(project_snippet_note.author_id, project_snippet_note.id) } it_behaves_like 'appearance header and footer enabled' it_behaves_like 'appearance header and footer not enabled' @@ -696,10 +696,20 @@ def id end it_behaves_like 'a user cannot unsubscribe through footer link' - it 'has the correct subject and body' do + it 'has the correct subject' do is_expected.to have_referable_subject(project_snippet, reply: true) + end + + it 'has the correct body' do is_expected.to have_body_text project_snippet_note.note end + + it 'links to the project snippet' do + target_url = project_snippet_url(project, + project_snippet_note.noteable, + { anchor: "note_#{project_snippet_note.id}" }) + is_expected.to have_body_text target_url + end end describe 'project was moved' do @@ -1650,15 +1660,23 @@ def invite_to_group(group, inviter:) let(:personal_snippet) { create(:personal_snippet) } let(:personal_snippet_note) { create(:note_on_personal_snippet, noteable: personal_snippet) } - subject { described_class.note_personal_snippet_email(personal_snippet_note.author_id, personal_snippet_note.id) } + subject { described_class.note_snippet_email(personal_snippet_note.author_id, personal_snippet_note.id) } it_behaves_like 'a user cannot unsubscribe through footer link' it_behaves_like 'appearance header and footer enabled' it_behaves_like 'appearance header and footer not enabled' - it 'has the correct subject and body' do + it 'has the correct subject' do is_expected.to have_referable_subject(personal_snippet, reply: true) + end + + it 'has the correct body' do is_expected.to have_body_text personal_snippet_note.note end + + it 'links to the personal snippet' do + target_url = gitlab_snippet_url(personal_snippet_note.noteable) + is_expected.to have_body_text target_url + end end end diff --git a/spec/models/note_spec.rb b/spec/models/note_spec.rb index a6d9ecaa7c59ed..12a74632bb8b92 100644 --- a/spec/models/note_spec.rb +++ b/spec/models/note_spec.rb @@ -718,12 +718,12 @@ def retrieve_participants end describe '#noteable_ability_name' do - it 'returns project_snippet for a project snippet note' do - expect(build(:note_on_project_snippet).noteable_ability_name).to eq('project_snippet') + it 'returns snippet for a project snippet note' do + expect(build(:note_on_project_snippet).noteable_ability_name).to eq('snippet') end - it 'returns personal_snippet for a personal snippet note' do - expect(build(:note_on_personal_snippet).noteable_ability_name).to eq('personal_snippet') + it 'returns snippet for a personal snippet note' do + expect(build(:note_on_personal_snippet).noteable_ability_name).to eq('snippet') end it 'returns merge_request for an MR note' do diff --git a/spec/policies/global_policy_spec.rb b/spec/policies/global_policy_spec.rb index f715ecae347c46..77727c6d13b868 100644 --- a/spec/policies/global_policy_spec.rb +++ b/spec/policies/global_policy_spec.rb @@ -307,21 +307,21 @@ end end - describe 'create_personal_snippet' do + describe 'create_snippet' do context 'when anonymous' do let(:current_user) { nil } - it { is_expected.not_to be_allowed(:create_personal_snippet) } + it { is_expected.not_to be_allowed(:create_snippet) } end context 'regular user' do - it { is_expected.to be_allowed(:create_personal_snippet) } + it { is_expected.to be_allowed(:create_snippet) } end context 'when external' do let(:current_user) { build(:user, :external) } - it { is_expected.not_to be_allowed(:create_personal_snippet) } + it { is_expected.not_to be_allowed(:create_snippet) } end end end diff --git a/spec/policies/note_policy_spec.rb b/spec/policies/note_policy_spec.rb index 5aee66275d47bd..2619bb2fe3caef 100644 --- a/spec/policies/note_policy_spec.rb +++ b/spec/policies/note_policy_spec.rb @@ -54,6 +54,27 @@ end end + context 'when the noteable is a personal snippet' do + let(:noteable) { create(:personal_snippet, :public) } + let(:note) { create(:note, noteable: noteable, author: user) } + + it 'can edit note' do + expect(policy).to be_allowed(:admin_note) + expect(policy).to be_allowed(:resolve_note) + expect(policy).to be_allowed(:read_note) + end + + context 'when it is private' do + let(:noteable) { create(:personal_snippet, :private) } + + it 'can not edit nor read the note' do + expect(policy).to be_disallowed(:admin_note) + expect(policy).to be_disallowed(:resolve_note) + expect(policy).to be_disallowed(:read_note) + end + end + end + context 'when the project is public' do context 'when the note author is not a project member' do it 'can edit a note' do @@ -79,26 +100,6 @@ end end - context 'when the noteable is a personal snippet' do - let(:noteable) { create(:personal_snippet, :public) } - - it 'can edit note' do - expect(policy).to be_allowed(:admin_note) - expect(policy).to be_allowed(:resolve_note) - expect(policy).to be_allowed(:read_note) - end - - context 'when it is private' do - let(:noteable) { create(:personal_snippet, :private) } - - it 'can not edit nor read the note' do - expect(policy).to be_disallowed(:admin_note) - expect(policy).to be_disallowed(:resolve_note) - expect(policy).to be_disallowed(:read_note) - end - end - end - context 'when a discussion is confidential' do before do issue.update_attribute(:confidential, true) diff --git a/spec/policies/personal_snippet_policy_spec.rb b/spec/policies/personal_snippet_policy_spec.rb index 0abdf7382be185..a6b76620c290b6 100644 --- a/spec/policies/personal_snippet_policy_spec.rb +++ b/spec/policies/personal_snippet_policy_spec.rb @@ -10,8 +10,8 @@ let(:author_permissions) do [ - :update_personal_snippet, - :admin_personal_snippet + :update_snippet, + :admin_snippet ] end @@ -24,7 +24,7 @@ def permissions(user) subject { permissions(admin_user) } it do - is_expected.to be_allowed(:read_personal_snippet) + is_expected.to be_allowed(:read_snippet) is_expected.to be_allowed(:create_note) is_expected.to be_allowed(:award_emoji) is_expected.to be_allowed(*author_permissions) @@ -39,7 +39,7 @@ def permissions(user) subject { permissions(nil) } it do - is_expected.to be_allowed(:read_personal_snippet) + is_expected.to be_allowed(:read_snippet) is_expected.to be_disallowed(:create_note) is_expected.to be_disallowed(:award_emoji) is_expected.to be_disallowed(*author_permissions) @@ -50,7 +50,7 @@ def permissions(user) subject { permissions(regular_user) } it do - is_expected.to be_allowed(:read_personal_snippet) + is_expected.to be_allowed(:read_snippet) is_expected.to be_allowed(:create_note) is_expected.to be_allowed(:award_emoji) is_expected.to be_disallowed(*author_permissions) @@ -61,7 +61,7 @@ def permissions(user) subject { permissions(snippet.author) } it do - is_expected.to be_allowed(:read_personal_snippet) + is_expected.to be_allowed(:read_snippet) is_expected.to be_allowed(:create_note) is_expected.to be_allowed(:award_emoji) is_expected.to be_allowed(*author_permissions) @@ -78,7 +78,7 @@ def permissions(user) subject { permissions(nil) } it do - is_expected.to be_disallowed(:read_personal_snippet) + is_expected.to be_disallowed(:read_snippet) is_expected.to be_disallowed(:create_note) is_expected.to be_disallowed(:award_emoji) is_expected.to be_disallowed(*author_permissions) @@ -89,7 +89,7 @@ def permissions(user) subject { permissions(regular_user) } it do - is_expected.to be_allowed(:read_personal_snippet) + is_expected.to be_allowed(:read_snippet) is_expected.to be_allowed(:create_note) is_expected.to be_allowed(:award_emoji) is_expected.to be_disallowed(*author_permissions) @@ -100,7 +100,7 @@ def permissions(user) subject { permissions(external_user) } it do - is_expected.to be_disallowed(:read_personal_snippet) + is_expected.to be_disallowed(:read_snippet) is_expected.to be_disallowed(:create_note) is_expected.to be_disallowed(:award_emoji) is_expected.to be_disallowed(*author_permissions) @@ -111,7 +111,7 @@ def permissions(user) subject { permissions(snippet.author) } it do - is_expected.to be_allowed(:read_personal_snippet) + is_expected.to be_allowed(:read_snippet) is_expected.to be_allowed(:create_note) is_expected.to be_allowed(:award_emoji) is_expected.to be_allowed(*author_permissions) @@ -128,7 +128,7 @@ def permissions(user) subject { permissions(nil) } it do - is_expected.to be_disallowed(:read_personal_snippet) + is_expected.to be_disallowed(:read_snippet) is_expected.to be_disallowed(:create_note) is_expected.to be_disallowed(:award_emoji) is_expected.to be_disallowed(*author_permissions) @@ -139,7 +139,7 @@ def permissions(user) subject { permissions(regular_user) } it do - is_expected.to be_disallowed(:read_personal_snippet) + is_expected.to be_disallowed(:read_snippet) is_expected.to be_disallowed(:create_note) is_expected.to be_disallowed(:award_emoji) is_expected.to be_disallowed(*author_permissions) @@ -150,7 +150,7 @@ def permissions(user) subject { permissions(external_user) } it do - is_expected.to be_disallowed(:read_personal_snippet) + is_expected.to be_disallowed(:read_snippet) is_expected.to be_disallowed(:create_note) is_expected.to be_disallowed(:award_emoji) is_expected.to be_disallowed(*author_permissions) @@ -161,7 +161,7 @@ def permissions(user) subject { permissions(snippet.author) } it do - is_expected.to be_allowed(:read_personal_snippet) + is_expected.to be_allowed(:read_snippet) is_expected.to be_allowed(:create_note) is_expected.to be_allowed(:award_emoji) is_expected.to be_allowed(*author_permissions) diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index e47204c774b424..1a4b8315fdedfd 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -17,7 +17,7 @@ %i[ read_project read_board read_list read_wiki read_issue read_project_for_iids read_issue_iid read_label - read_milestone read_project_snippet read_project_member read_note + read_milestone read_snippet read_project_member read_note create_project create_issue create_note upload_file create_merge_request_in award_emoji read_release ] @@ -25,7 +25,7 @@ let(:base_reporter_permissions) do %i[ - download_code fork_project create_project_snippet update_issue + download_code fork_project create_snippet update_issue admin_issue admin_label admin_list read_commit_status read_build read_container_image read_pipeline read_environment read_deployment read_merge_request download_wiki_code read_sentry_issue @@ -48,8 +48,8 @@ let(:base_maintainer_permissions) do %i[ - push_to_delete_protected_branch update_project_snippet - admin_project_snippet admin_project_member admin_note admin_wiki admin_project + push_to_delete_protected_branch update_snippet + admin_snippet admin_project_member admin_note admin_wiki admin_project admin_commit_status admin_build admin_container_image admin_pipeline admin_environment admin_deployment destroy_release add_cluster daily_statistics diff --git a/spec/policies/project_snippet_policy_spec.rb b/spec/policies/project_snippet_policy_spec.rb index 374636874eef21..b55d565a57cd5b 100644 --- a/spec/policies/project_snippet_policy_spec.rb +++ b/spec/policies/project_snippet_policy_spec.rb @@ -12,8 +12,8 @@ let(:author) { other_user } let(:author_permissions) do [ - :update_project_snippet, - :admin_project_snippet + :update_snippet, + :admin_snippet ] end @@ -26,7 +26,7 @@ end it do - expect_allowed(:read_project_snippet, :create_note) + expect_allowed(:read_snippet, :create_note) expect_disallowed(*author_permissions) end end @@ -38,8 +38,8 @@ context 'not snippet author' do it do - expect_allowed(:read_project_snippet, :create_note) - expect_disallowed(:admin_project_snippet) + expect_allowed(:read_snippet, :create_note) + expect_disallowed(:admin_snippet) end end end @@ -53,7 +53,7 @@ end it do - expect_allowed(:read_project_snippet, :create_note) + expect_allowed(:read_snippet, :create_note) expect_allowed(*author_permissions) end end @@ -64,15 +64,15 @@ end it do - expect_allowed(:read_project_snippet, :create_note) - expect_disallowed(:admin_project_snippet) + expect_allowed(:read_snippet, :create_note) + expect_disallowed(:admin_snippet) end end context 'not a project member' do it do - expect_allowed(:read_project_snippet, :create_note) - expect_disallowed(:admin_project_snippet) + expect_allowed(:read_snippet, :create_note) + expect_disallowed(:admin_snippet) end end end @@ -85,7 +85,7 @@ let(:current_user) { nil } it do - expect_allowed(:read_project_snippet) + expect_allowed(:read_snippet) expect_disallowed(*author_permissions) end end @@ -94,7 +94,7 @@ let(:current_user) { regular_user } it do - expect_allowed(:read_project_snippet, :create_note) + expect_allowed(:read_snippet, :create_note) expect_disallowed(*author_permissions) end @@ -105,7 +105,7 @@ let(:current_user) { external_user } it do - expect_allowed(:read_project_snippet, :create_note) + expect_allowed(:read_snippet, :create_note) expect_disallowed(*author_permissions) end @@ -115,7 +115,7 @@ end it do - expect_allowed(:read_project_snippet, :create_note) + expect_allowed(:read_snippet, :create_note) expect_disallowed(*author_permissions) end end @@ -129,7 +129,7 @@ let(:current_user) { nil } it do - expect_disallowed(:read_project_snippet) + expect_disallowed(:read_snippet) expect_disallowed(*author_permissions) end end @@ -138,7 +138,7 @@ let(:current_user) { regular_user } it do - expect_allowed(:read_project_snippet, :create_note) + expect_allowed(:read_snippet, :create_note) expect_disallowed(*author_permissions) end @@ -149,7 +149,7 @@ let(:current_user) { external_user } it do - expect_disallowed(:read_project_snippet, :create_note) + expect_disallowed(:read_snippet, :create_note) expect_disallowed(*author_permissions) end @@ -159,7 +159,7 @@ end it do - expect_allowed(:read_project_snippet, :create_note) + expect_allowed(:read_snippet, :create_note) expect_disallowed(*author_permissions) end end @@ -173,7 +173,7 @@ let(:current_user) { nil } it do - expect_disallowed(:read_project_snippet) + expect_disallowed(:read_snippet) expect_disallowed(*author_permissions) end end @@ -182,7 +182,7 @@ let(:current_user) { regular_user } it do - expect_disallowed(:read_project_snippet, :create_note) + expect_disallowed(:read_snippet, :create_note) expect_disallowed(*author_permissions) end @@ -193,7 +193,7 @@ let(:current_user) { external_user } it do - expect_disallowed(:read_project_snippet, :create_note) + expect_disallowed(:read_snippet, :create_note) expect_disallowed(*author_permissions) end @@ -203,7 +203,7 @@ end it do - expect_allowed(:read_project_snippet, :create_note) + expect_allowed(:read_snippet, :create_note) expect_disallowed(*author_permissions) end end @@ -214,7 +214,7 @@ let(:current_user) { create(:admin) } it do - expect_allowed(:read_project_snippet, :create_note) + expect_allowed(:read_snippet, :create_note) expect_allowed(*author_permissions) end end diff --git a/spec/presenters/snippet_presenter_spec.rb b/spec/presenters/snippet_presenter_spec.rb index 87f2220979c168..e21179055595f1 100644 --- a/spec/presenters/snippet_presenter_spec.rb +++ b/spec/presenters/snippet_presenter_spec.rb @@ -62,8 +62,8 @@ context 'with PersonalSnippet' do let(:snippet) { personal_snippet } - it 'checks read_personal_snippet' do - expect(presenter).to receive(:can?).with(user, :read_personal_snippet, snippet) + it 'checks read_snippet' do + expect(presenter).to receive(:can?).with(user, :read_snippet, snippet) subject end @@ -72,8 +72,8 @@ context 'with ProjectSnippet' do let(:snippet) { project_snippet } - it 'checks read_project_snippet ' do - expect(presenter).to receive(:can?).with(user, :read_project_snippet, snippet) + it 'checks read_snippet ' do + expect(presenter).to receive(:can?).with(user, :read_snippet, snippet) subject end @@ -86,8 +86,8 @@ context 'with PersonalSnippet' do let(:snippet) { personal_snippet } - it 'checks update_personal_snippet' do - expect(presenter).to receive(:can?).with(user, :update_personal_snippet, snippet) + it 'checks update_snippet' do + expect(presenter).to receive(:can?).with(user, :update_snippet, snippet) subject end @@ -96,8 +96,8 @@ context 'with ProjectSnippet' do let(:snippet) { project_snippet } - it 'checks update_project_snippet ' do - expect(presenter).to receive(:can?).with(user, :update_project_snippet, snippet) + it 'checks update_snippet ' do + expect(presenter).to receive(:can?).with(user, :update_snippet, snippet) subject end @@ -110,8 +110,8 @@ context 'with PersonalSnippet' do let(:snippet) { personal_snippet } - it 'checks admin_personal_snippet' do - expect(presenter).to receive(:can?).with(user, :admin_personal_snippet, snippet) + it 'checks admin_snippet' do + expect(presenter).to receive(:can?).with(user, :admin_snippet, snippet) subject end @@ -120,8 +120,8 @@ context 'with ProjectSnippet' do let(:snippet) { project_snippet } - it 'checks admin_project_snippet ' do - expect(presenter).to receive(:can?).with(user, :admin_project_snippet, snippet) + it 'checks admin_snippet ' do + expect(presenter).to receive(:can?).with(user, :admin_snippet, snippet) subject end diff --git a/spec/support/shared_contexts/policies/project_policy_shared_context.rb b/spec/support/shared_contexts/policies/project_policy_shared_context.rb index 480c5a0fda08f6..29a64e9b5590fc 100644 --- a/spec/support/shared_contexts/policies/project_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/project_policy_shared_context.rb @@ -13,7 +13,7 @@ %i[ read_project read_board read_list read_wiki read_issue read_project_for_iids read_issue_iid read_label - read_milestone read_project_snippet read_project_member read_note + read_milestone read_snippet read_project_member read_note create_project create_issue create_note upload_file create_merge_request_in award_emoji ] @@ -21,7 +21,7 @@ let(:base_reporter_permissions) do %i[ - download_code fork_project create_project_snippet update_issue + download_code fork_project create_snippet update_issue admin_issue admin_label admin_list read_commit_status read_build read_container_image read_pipeline read_environment read_deployment read_merge_request download_wiki_code read_sentry_issue read_prometheus @@ -45,8 +45,8 @@ let(:base_maintainer_permissions) do %i[ - push_to_delete_protected_branch update_project_snippet - admin_project_snippet admin_project_member admin_note admin_wiki admin_project + push_to_delete_protected_branch update_snippet + admin_snippet admin_project_member admin_note admin_wiki admin_project admin_commit_status admin_build admin_container_image admin_pipeline admin_environment admin_deployment destroy_release add_cluster daily_statistics diff --git a/spec/support/shared_examples/finders/snippet_visibility_shared_examples.rb b/spec/support/shared_examples/finders/snippet_visibility_shared_examples.rb index e2089ee623ab01..98ab141ab2644b 100644 --- a/spec/support/shared_examples/finders/snippet_visibility_shared_examples.rb +++ b/spec/support/shared_examples/finders/snippet_visibility_shared_examples.rb @@ -234,8 +234,8 @@ end context "For #{params[:project_type]} project and #{params[:user_type]} users" do - it 'agrees with the read_project_snippet policy' do - expect(can?(user, :read_project_snippet, snippet)).to eq(outcome) + it 'agrees with the read_snippet policy' do + expect(can?(user, :read_snippet, snippet)).to eq(outcome) end it 'returns proper outcome' do @@ -297,8 +297,8 @@ let!(:snippet) { create(:personal_snippet, visibility_level: snippet_visibility, author: author) } context "For personal and #{params[:snippet_visibility]} snippets with #{params[:user_type]} user" do - it 'agrees with read_personal_snippet policy' do - expect(can?(user, :read_personal_snippet, snippet)).to eq(outcome) + it 'agrees with read_snippet policy' do + expect(can?(user, :read_snippet, snippet)).to eq(outcome) end it 'returns proper outcome' do -- GitLab