Merge branch '47398-user-is-unable-revoke-a-authorized-application-unless-user-oauth-applications-is-checked-in-admin-settings' into 'master'

Resolve "User is unable revoke a Authorized application unless User OAuth applications is checked in admin settings" Closes #47398 See merge request gitlab-org/gitlab-ce!21835
2018-09-21 11:58:25 +00:00 · 2018-09-21 11:58:25 +00:00 · abab0cd68a
parent e18d8d590b 0c81254421
commit abab0cd68a
6 changed files with 56 additions and 15 deletions
--- a/app/controllers/oauth/applications_controller.rb
+++ b/app/controllers/oauth/applications_controller.rb
@ -4,7 +4,7 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
  include PageLayoutHelper
  include OauthApplications

-  before_action :verify_user_oauth_applications_enabled
+  before_action :verify_user_oauth_applications_enabled, except: :index
  before_action :authenticate_user!
  before_action :add_gon_variables
  before_action :load_scopes, only: [:index, :create, :edit]
--- a/app/views/doorkeeper/applications/index.html.haml
+++ b/app/views/doorkeeper/applications/index.html.haml
@ -16,6 +16,9 @@
        = _('Add new application')
      = render 'form', application: @application
      %hr
+    - else
+      .bs-callout.bs-callout-disabled
+        = _('Adding new applications is disabled in your GitLab instance. Please contact your GitLab administrator to get the permission')
    - if user_oauth_applications?
      .oauth-applications
        %h5
--- a/app/views/layouts/nav/sidebar/_profile.html.haml
+++ b/app/views/layouts/nav/sidebar/_profile.html.haml
@ -28,18 +28,17 @@
            = link_to profile_account_path do
              %strong.fly-out-top-item-name
                = _('Account')
-      - if Gitlab::CurrentSettings.user_oauth_applications?
-        = nav_link(controller: 'oauth/applications') do
-          = link_to applications_profile_path do
-            .nav-icon-container
-              = sprite_icon('applications')
-            %span.nav-item-name
-              = _('Applications')
-          %ul.sidebar-sub-level-items.is-fly-out-only
-            = nav_link(controller: 'oauth/applications', html_options: { class: "fly-out-top-item" } ) do
-              = link_to applications_profile_path do
-                %strong.fly-out-top-item-name
-                  = _('Applications')
+      = nav_link(controller: 'oauth/applications') do
+        = link_to applications_profile_path do
+          .nav-icon-container
+            = sprite_icon('applications')
+          %span.nav-item-name
+            = _('Applications')
+        %ul.sidebar-sub-level-items.is-fly-out-only
+          = nav_link(controller: 'oauth/applications', html_options: { class: "fly-out-top-item" } ) do
+            = link_to applications_profile_path do
+              %strong.fly-out-top-item-name
+                = _('Applications')
      = nav_link(controller: :chat_names) do
        = link_to profile_chat_names_path do
          .nav-icon-container
--- a/changelogs/unreleased/47398-user-is-unable-revoke-a-authorized-application-unless-user-oauth-applications-is-checked-in-admin-settings.yml
+++ b/changelogs/unreleased/47398-user-is-unable-revoke-a-authorized-application-unless-user-oauth-applications-is-checked-in-admin-settings.yml
@ -0,0 +1,6 @@
+---
+title: Allow user to revoke an authorized application even if User OAuth applications
+  setting is disabled in admin settings
+merge_request: 21835
+author:
+type: changed
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@ -355,6 +355,9 @@ msgstr ""
 msgid "Add users to group"
 msgstr ""

+msgid "Adding new applications is disabled in your GitLab instance. Please contact your GitLab administrator to get the permission"
+msgstr ""
+
 msgid "Admin Area"
 msgstr ""

--- a/spec/controllers/oauth/applications_controller_spec.rb
+++ b/spec/controllers/oauth/applications_controller_spec.rb
@ -15,14 +15,44 @@ describe Oauth::ApplicationsController do
        expect(response).to have_gitlab_http_status(200)
      end

-      it 'redirects back to profile page if OAuth applications are disabled' do
-        allow(Gitlab::CurrentSettings.current_application_settings).to receive(:user_oauth_applications?).and_return(false)
+      it 'shows list of applications' do
+        disable_user_oauth

        get :index

+        expect(response).to have_gitlab_http_status(200)
+      end
+    end
+
+    describe 'POST #create' do
+      it 'creates an application' do
+        post :create, oauth_params
+
+        expect(response).to have_gitlab_http_status(302)
+        expect(response).to redirect_to(oauth_application_path(Doorkeeper::Application.last))
+      end
+
+      it 'redirects back to profile page if OAuth applications are disabled' do
+        disable_user_oauth
+
+        post :create, oauth_params
+
        expect(response).to have_gitlab_http_status(302)
        expect(response).to redirect_to(profile_path)
      end
    end
  end
+
+  def disable_user_oauth
+    allow(Gitlab::CurrentSettings.current_application_settings).to receive(:user_oauth_applications?).and_return(false)
+  end
+
+  def oauth_params
+    {
+      doorkeeper_application: {
+        name: 'foo',
+        redirect_uri: 'http://example.org'
+      }
+    }
+  end
 end