- Change Summary:
-
Some fixes for unit tests. Forgot to commit the latest fixes before posting the review request.
- Diff:
-
Revision 2 (+297 -20)
Add support for invite-only groups.
Review Request #1889 — Created Nov. 1, 2010 and submitted
Add support for invite-only groups. This provides support for marking a group as invite-only. An invite-only group cannot be viewed by non-members of the group, either through the web or the API. A review request targetting only invite-only groups cannot be viewed unless the user is either explicitly specified on the review request or they're a member of at least one of the targetted groups. If a review request has any public groups listed, then the review request will be visible. We operate on the principle that things are by default open, and to make a review request private, it must go out to private groups. This will be extended later to support repository access control. Users will be able to see review requests and groups that you may not have access to in the various lists. This may change in a future commit, but right now the filtering is done on access and not on list. The only place where this is actually a problem is on the "All Review Requests" page, since if it's on your dashboard, you won't be able to see it. The Groups page filters as well.
Unit tests passed. I tested this with a dummy user on my dev server and verified that I couldn't access the groups or review requests I didn't have permission to access. Same with the API.