From 81023f8c69f466ef55cdbb68f6b6bfe89e822f3b Mon Sep 17 00:00:00 2001 From: Miha Mencin Date: Mon, 27 Jan 2020 14:27:46 +0100 Subject: [PATCH 1/2] SCI-4300 sckip permission checking for list --- .../repository_columns/checklist_columns_controller.rb | 2 +- app/controllers/repository_columns/list_columns_controller.rb | 2 +- app/controllers/repository_columns/status_columns_controller.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/controllers/repository_columns/checklist_columns_controller.rb b/app/controllers/repository_columns/checklist_columns_controller.rb index c3adf3cd6..0d9af4e56 100644 --- a/app/controllers/repository_columns/checklist_columns_controller.rb +++ b/app/controllers/repository_columns/checklist_columns_controller.rb @@ -4,7 +4,7 @@ module RepositoryColumns class ChecklistColumnsController < BaseColumnsController before_action :load_column, only: %i(update destroy items) before_action :check_create_permissions, only: :create - before_action :check_manage_permissions, only: %i(update destroy items) + before_action :check_manage_permissions, only: %i(update destroy) helper_method :delimiters def create diff --git a/app/controllers/repository_columns/list_columns_controller.rb b/app/controllers/repository_columns/list_columns_controller.rb index 88be0397e..63649506d 100644 --- a/app/controllers/repository_columns/list_columns_controller.rb +++ b/app/controllers/repository_columns/list_columns_controller.rb @@ -4,7 +4,7 @@ module RepositoryColumns class ListColumnsController < BaseColumnsController before_action :load_column, only: %i(update destroy items) before_action :check_create_permissions, only: :create - before_action :check_manage_permissions, only: %i(update destroy items) + before_action :check_manage_permissions, only: %i(update destroy) helper_method :delimiters def create diff --git a/app/controllers/repository_columns/status_columns_controller.rb b/app/controllers/repository_columns/status_columns_controller.rb index 30b515531..9142b0fc3 100644 --- a/app/controllers/repository_columns/status_columns_controller.rb +++ b/app/controllers/repository_columns/status_columns_controller.rb @@ -5,7 +5,7 @@ module RepositoryColumns include InputSanitizeHelper before_action :load_column, only: %i(update destroy items) before_action :check_create_permissions, only: :create - before_action :check_manage_permissions, only: %i(update destroy items) + before_action :check_manage_permissions, only: %i(update destroy) def create service = RepositoryColumns::CreateColumnService From 0d3e8ac3e16609ff4022c86b96467f2bdbe9f6fa Mon Sep 17 00:00:00 2001 From: Miha Mencin Date: Mon, 27 Jan 2020 15:04:53 +0100 Subject: [PATCH 2/2] remove silly test --- .../status_columns_controller_spec.rb | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/spec/controllers/repository_columns/status_columns_controller_spec.rb b/spec/controllers/repository_columns/status_columns_controller_spec.rb index b1ff322cc..5e1c7b76e 100644 --- a/spec/controllers/repository_columns/status_columns_controller_spec.rb +++ b/spec/controllers/repository_columns/status_columns_controller_spec.rb @@ -262,18 +262,5 @@ RSpec.describe RepositoryColumns::StatusColumnsController, type: :controller do expect(response).to(have_http_status(404)) end end - - context 'when user does not have permissions' do - before do - user_team.role = :guest - user_team.save - end - - it 'respons with status 403' do - action - - expect(response).to(have_http_status(403)) - end - end end end