Skip to content
This repository has been archived by the owner on Apr 17, 2023. It is now read-only.

Commit

Permalink
webhook: don't forbid users to see the webhooks on their personal nam…
Browse files Browse the repository at this point in the history
…espace

Fixes #980

Signed-off-by: Miquel Sabaté Solà <[email protected]>
  • Loading branch information
mssola committed Jul 18, 2016
1 parent 63971b4 commit 4a4a67c
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 4 deletions.
5 changes: 2 additions & 3 deletions app/policies/webhook_policy.rb
Original file line number Diff line number Diff line change
Expand Up @@ -43,11 +43,10 @@ def resolve
.joins(team: [:team_users])
.where(
"(namespaces.visibility = :public OR namespaces.visibility = :protected OR "\
"team_users.user_id = :user_id) AND " \
"namespaces.global = :global AND namespaces.name != :username",
"team_users.user_id = :user_id) AND namespaces.global = :global",
public: Namespace.visibilities[:visibility_public],
protected: Namespace.visibilities[:visibility_protected], user_id: user.id,
global: false, username: user.username
global: false
)
.pluck(:id)

Expand Down
4 changes: 3 additions & 1 deletion spec/policies/webhook_policy_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -75,8 +75,10 @@
expect(Pundit.policy_scope(viewer, Webhook).to_a).to match_array(expected)
end

it "does not show webhooks to user" do
it "does show webhooks to user when appropiate" do
expect(Pundit.policy_scope(user, Webhook).to_a).to be_empty
create(:webhook, namespace: user.namespace)
expect(Pundit.policy_scope(user, Webhook).to_a).to_not be_empty
end
end
end

0 comments on commit 4a4a67c

Please sign in to comment.