From 4a4a67c62d52f064091117be13752f41beb544a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miquel=20Sabat=C3=A9=20Sol=C3=A0?= Date: Mon, 18 Jul 2016 16:08:38 +0200 Subject: [PATCH] webhook: don't forbid users to see the webhooks on their personal namespace MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes #980 Signed-off-by: Miquel Sabaté Solà --- app/policies/webhook_policy.rb | 5 ++--- spec/policies/webhook_policy_spec.rb | 4 +++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/app/policies/webhook_policy.rb b/app/policies/webhook_policy.rb index 80c32ea28..055acdec1 100644 --- a/app/policies/webhook_policy.rb +++ b/app/policies/webhook_policy.rb @@ -43,11 +43,10 @@ def resolve .joins(team: [:team_users]) .where( "(namespaces.visibility = :public OR namespaces.visibility = :protected OR "\ - "team_users.user_id = :user_id) AND " \ - "namespaces.global = :global AND namespaces.name != :username", + "team_users.user_id = :user_id) AND namespaces.global = :global", public: Namespace.visibilities[:visibility_public], protected: Namespace.visibilities[:visibility_protected], user_id: user.id, - global: false, username: user.username + global: false ) .pluck(:id) diff --git a/spec/policies/webhook_policy_spec.rb b/spec/policies/webhook_policy_spec.rb index f1d143abd..5c0d211d7 100644 --- a/spec/policies/webhook_policy_spec.rb +++ b/spec/policies/webhook_policy_spec.rb @@ -75,8 +75,10 @@ expect(Pundit.policy_scope(viewer, Webhook).to_a).to match_array(expected) end - it "does not show webhooks to user" do + it "does show webhooks to user when appropiate" do expect(Pundit.policy_scope(user, Webhook).to_a).to be_empty + create(:webhook, namespace: user.namespace) + expect(Pundit.policy_scope(user, Webhook).to_a).to_not be_empty end end end