From dad0c65e9181e67d237735e0261c49a9de28459c Mon Sep 17 00:00:00 2001 From: Martin Emde Date: Wed, 20 Nov 2024 12:10:01 -0800 Subject: [PATCH] Allow owners of fully yanked gems to access some sidebar controls Access to control of ownership, trusted publishers, etc is still important so that new versions of the gem can be pushed. --- app/helpers/rubygems_helper.rb | 2 +- app/views/rubygems/_aside_yanked.html.erb | 23 +++++++++++++++++++++ app/views/rubygems/show_yanked.html.erb | 2 ++ config/locales/en.yml | 4 ++-- test/integration/rubygems_test.rb | 25 +++++++++++++++++++++++ 5 files changed, 53 insertions(+), 3 deletions(-) create mode 100644 app/views/rubygems/_aside_yanked.html.erb diff --git a/app/helpers/rubygems_helper.rb b/app/helpers/rubygems_helper.rb index a6f2db4279c..d652cb01316 100644 --- a/app/helpers/rubygems_helper.rb +++ b/app/helpers/rubygems_helper.rb @@ -56,7 +56,7 @@ def unsubscribe_link(rubygem) link_to t("rubygems.aside.links.unsubscribe"), rubygem_subscription_path(rubygem.slug), class: [:toggler, "gem__link", "t-list__item", style], id: "unsubscribe", - method: :delete, remote: true + method: :delete end def change_diff_link(rubygem, latest_version) diff --git a/app/views/rubygems/_aside_yanked.html.erb b/app/views/rubygems/_aside_yanked.html.erb new file mode 100644 index 00000000000..8f38d52e008 --- /dev/null +++ b/app/views/rubygems/_aside_yanked.html.erb @@ -0,0 +1,23 @@ +
+ <% if @adoption %> + <%= link_to "adoption", rubygem_adoptions_path(@rubygem.slug), class: "adoption__tag" %> + <% end %> + + <% if @rubygem.metadata_mfa_required? %> +

+ <%= t('.requires_mfa') %>: + + true + +

+ <% end %> +
+ <%= unsubscribe_link(@rubygem) %> + <%= ownership_link(@rubygem) if policy(@rubygem).show_unconfirmed_ownerships? %> + <%= rubygem_trusted_publishers_link(@rubygem) if policy(@rubygem).configure_trusted_publishers? %> + <%= oidc_api_key_role_links(@rubygem) if policy(@rubygem).configure_oidc? %> + <%= resend_owner_confirmation_link(@rubygem) if @rubygem.unconfirmed_ownership?(current_user) %> + <%= rubygem_adoptions_link(@rubygem) if policy(@rubygem).show_adoption? %> + <%= rubygem_security_events_link(@rubygem) if policy(@rubygem).show_events? %> +
+
diff --git a/app/views/rubygems/show_yanked.html.erb b/app/views/rubygems/show_yanked.html.erb index 61b2755fa1a..c48eede221f 100644 --- a/app/views/rubygems/show_yanked.html.erb +++ b/app/views/rubygems/show_yanked.html.erb @@ -19,4 +19,6 @@ <%= render partial: "rubygems/gem_members", locals: { latest_version: @latest_version, rubygem: @rubygem } %> <% end %> + + <%= render "rubygems/aside_yanked" %> diff --git a/config/locales/en.yml b/config/locales/en.yml index d88cefe17e9..ae765c2669b 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -739,8 +739,8 @@ en: show_yanked: not_hosted_notice: This gem is not currently hosted on RubyGems.org. Yanked versions of this gem may already exist. reserved_namespace_html: - one: This gem previously existed, but has been removed by its owner. The RubyGems.org team has reserved this gem name for 1 more day. After that time is up, anyone will be able to claim this gem name using gem push.
If you are the previous owner of this gem, you can change ownership of this gem using the gem owner command. You can also create new versions of this gem using gem push. - other: This gem previously existed, but has been removed by its owner. The RubyGems.org team has reserved this gem name for %{count} more days. After that time is up, anyone will be able to claim this gem name using gem push.
If you are the previous owner of this gem, you can change ownership of this gem using the gem owner command. You can also create new versions of this gem using gem push. + one: This gem previously existed, but has been removed by its owner. The RubyGems.org team has reserved this gem name for 1 more day. After that time is up, anyone will be able to claim this gem name using gem push.

If you are the previous owner of this gem, you can change ownership of this gem using the gem owner command or create new versions of this gem using gem push. + other: This gem previously existed, but has been removed by its owner. The RubyGems.org team has reserved this gem name for %{count} more days. After that time is up, anyone will be able to claim this gem name using gem push.

If you are the previous owner of this gem, you can change ownership of this gem using the gem owner command or create new versions of this gem using gem push. security_events: title: Security Events description_html: "This page shows the security events that have occurred on %{gem}. If you see any suspicious activity, please contact support." diff --git a/test/integration/rubygems_test.rb b/test/integration/rubygems_test.rb index 1fc945eed7e..4ec6796efa7 100644 --- a/test/integration/rubygems_test.rb +++ b/test/integration/rubygems_test.rb @@ -28,4 +28,29 @@ class RubygemsTest < ActionDispatch::IntegrationTest assert page.has_content? "Provenance" end + + test "GET to show for a fully yanked gem as owner" do + user = create(:user, remember_token_expires_at: Gemcutter::REMEMBER_FOR.from_now) + rubygem = create(:rubygem, owners: [user], number: "1.0.0", created_at: 2.months.ago) + version = rubygem.versions.sole + user.deletions.create!(version:) + rubygem.reload + + assert_predicate rubygem.public_versions.to_a, :empty? + + get "/gems/#{rubygem.name}" + + assert page.has_content? "This gem previously existed, but has been removed by its owner." + refute page.has_link? "Owners" + refute page.has_link? "Trusted publishers" + refute page.has_link? "Security Events" + + post session_path(session: { who: user.handle, password: PasswordHelpers::SECURE_TEST_PASSWORD }) + + get "/gems/#{rubygem.name}" + + assert page.has_link? "Owners" + assert page.has_link? "Trusted publishers" + assert page.has_link? "Security Events" + end end