Fix group projects fetch

Signed-off-by: Dmitriy Zaporozhets <[email protected]>

app/controllers/groups_controller.rb

@@ -5,7 +5,7 @@ class GroupsController < ApplicationController
 
   # Authorize
   before_filter :authorize_read_group!, except: [:new, :create]
-  before_filter :authorize_admin_group!, only: [:edit, :update, :destroy]
+  before_filter :authorize_admin_group!, only: [:edit, :update, :destroy, :projects]
   before_filter :authorize_create_group!, only: [:new, :create]
 
   # Load group projects
@@ -108,12 +108,12 @@ def load_projects
   end
 
   def project_ids
-    projects.pluck(:id)
+    @projects.pluck(:id)
   end
 
   # Dont allow unauthorized access to group
   def authorize_read_group!
-    unless @group and (projects.present? or can?(current_user, :read_group, @group))
+    unless @group and (@projects.present? or can?(current_user, :read_group, @group))
       if current_user.nil?
         return authenticate_user!
       else

spec/features/security/group/group_access_spec.rb

@@ -82,5 +82,17 @@
       it { should be_denied_for :user }
       it { should be_denied_for :visitor }
     end
+
+    describe "GET /groups/:path/projects" do
+      subject { projects_group_path(group) }
+
+      it { should be_allowed_for owner }
+      it { should be_denied_for master }
+      it { should be_denied_for reporter }
+      it { should be_allowed_for :admin }
+      it { should be_denied_for guest }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
+    end
   end
 end