Permalink
Browse files

User can leave group from group page.

  • Loading branch information...
1 parent c86553c commit 439a61783d0b61bbcc8f3c9e5b828b2270a679aa @cirosantilli cirosantilli committed Feb 7, 2014
@@ -135,12 +135,12 @@ def method_missing(method_sym, *arguments, &block)
end
end
- def render_404
- render file: Rails.root.join("public", "404"), layout: false, status: "404"
+ def render_403
+ head :forbidden
end
- def render_403
- render file: Rails.root.join("public", "403"), layout: false, status: "403"
+ def render_404
+ render file: Rails.root.join("public", "404"), layout: false, status: "404"
end
def require_non_empty_project
@@ -7,12 +7,11 @@ def index
def leave
@users_group = group.users_groups.where(user_id: current_user.id).first
-
- if group.last_owner?(current_user)
- redirect_to(profile_groups_path, alert: "You can't leave group. You must add at least one more owner to it.")
- else
+ if can?(current_user, :destroy, @users_group)
@users_group.destroy
redirect_to(profile_groups_path, info: "You left #{group.name} group.")
+ else
+ return render_403
end
end
@@ -19,11 +19,14 @@ def update
def destroy
@users_group = @group.users_groups.find(params[:id])
- @users_group.destroy
-
- respond_to do |format|
- format.html { redirect_to members_group_path(@group), notice: 'User was successfully removed from group.' }
- format.js { render nothing: true }
+ if can?(current_user, :destroy, @users_group) # May fail if last owner.
+ @users_group.destroy
+ respond_to do |format|
+ format.html { redirect_to members_group_path(@group), notice: 'User was successfully removed from group.' }
+ format.js { render nothing: true }
+ end
+ else
+ return render_403
end
end
@@ -1,6 +1,10 @@
module GroupsHelper
def remove_user_from_group_message(group, user)
- "You are going to remove #{user.name} from #{group.name} Group. Are you sure?"
+ "Are you sure you want to remove \"#{user.name}\" from \"#{group.name}\"?"
+ end
+
+ def leave_group_message(group)
+ "Are you sure you want to leave \"#{group}\" group?"
end
def group_head_title
View
@@ -14,6 +14,7 @@ def allowed(user, subject)
when "MergeRequest" then merge_request_abilities(user, subject)
when "Group" then group_abilities(user, subject)
when "Namespace" then namespace_abilities(user, subject)
+ when "UsersGroup" then users_group_abilities(user, subject)
else []
end.concat(global_abilities(user))
end
@@ -219,5 +220,19 @@ def namespace_abilities user, namespace
end
end
end
+
+ def users_group_abilities(user, subject)
+ rules = []
+ target_user = subject.user
+ group = subject.group
+ can_manage = group_abilities(user, group).include?(:manage_group)
+ if can_manage && (user != target_user)
+ rules << :modify
+ end
+ if !group.last_owner?(user) && (can_manage || (user == target_user))
+ rules << :destroy
+ end
+ rules
+ end
end
end
@@ -6,7 +6,6 @@
%strong= link_to "here", help_permissions_path, class: "vlink"
%hr
-- can_manage_group = current_user.can? :manage_group, @group
.ui-box
.title
%strong #{@group.name}
@@ -15,6 +14,6 @@
(#{@members.count})
%ul.well-list
- @members.each do |member|
- = render 'users_groups/users_group', member: member, show_controls: can_manage_group
-- if can_manage_group
+ = render 'users_groups/users_group', member: member, show_controls: true
+- if current_user.can? :manage_group, @group
= render "new_group_member"
@@ -217,3 +217,4 @@
%td
%td
%td.permission-x &#10003;
+ %p.light Any user can remove himself from a group, unless he is the last Owner of the group.
@@ -22,9 +22,10 @@
%i.icon-cogs
Settings
- = link_to leave_profile_group_path(group), data: { confirm: "Are you sure you want to leave #{group.name} group?"}, method: :delete, class: "btn-small btn grouped", title: 'Remove user from group' do
- %i.icon-signout
- Leave
+ - if can?(current_user, :destroy, user_group)
+ = link_to leave_profile_group_path(group), data: { confirm: leave_group_message(group.name) }, method: :delete, class: "btn-small btn grouped", title: 'Remove user from group' do
+ %i.icon-signout
+ Leave
= link_to group, class: 'group-name' do
%strong= group.name
@@ -9,12 +9,17 @@
%span.pull-right
%strong= member.human_access
-
- - if show_controls && can?(current_user, :manage_group, @group) && current_user != user
- = link_to '#', class: "btn-tiny btn js-toggle-button", title: 'Edit access level' do
- %i.icon-edit
- = link_to group_users_group_path(@group, member), data: { confirm: remove_user_from_group_message(@group, user) }, method: :delete, remote: true, class: "btn-tiny btn btn-remove", title: 'Remove user from group' do
- %i.icon-minus.icon-white
+ - if show_controls
+ - if can?(current_user, :modify, member)
+ = link_to '#', class: "btn-tiny btn js-toggle-button", title: 'Edit access level' do
+ %i.icon-edit
+ - if can?(current_user, :destroy, member)
+ - if current_user == member.user
+ = link_to leave_profile_group_path(@group), data: { confirm: leave_group_message(@group.name)}, method: :delete, class: "btn-tiny btn btn-remove", title: 'Remove user from group' do
+ %i.icon-minus.icon-white
+ - else
+ = link_to group_users_group_path(@group, member), data: { confirm: remove_user_from_group_message(@group, user) }, method: :delete, remote: true, class: "btn-tiny btn btn-remove", title: 'Remove user from group' do
+ %i.icon-minus.icon-white
.edit-member.hide.js-toggle-content
= form_for [@group, member], remote: true do |f|
@@ -2,7 +2,7 @@ Feature: Admin Groups
Background:
Given I sign in as an admin
And I have group with projects
- And Create user "John Doe"
+ And User "John Doe" exists
And I visit admin groups page
Scenario: See group list
View
@@ -0,0 +1,116 @@
+Feature: Groups
+ Background:
+ Given I sign in as "John Doe"
+ And "John Doe" is owner of group "Owned"
+ And "John Doe" is guest of group "Guest"
+
+ @javascript
+ Scenario: I should see group "Owned" dashboard list
+ When I visit group "Owned" page
+ Then I should see group "Owned" projects list
+ And I should see projects activity feed
+
+ Scenario: Create a group from dasboard
+ When I visit group "Owned" page
+ And I visit dashboard page
+ And I click new group link
+ And submit form with new group "Samurai" info
+ Then I should be redirected to group "Samurai" page
+ And I should see newly created group "Samurai"
+
+ Scenario: I should see group "Owned" issues list
+ Given project from group "Owned" has issues assigned to me
+ When I visit group "Owned" issues page
+ Then I should see issues from group "Owned" assigned to me
+
+ Scenario: I should see group "Owned" merge requests list
+ Given project from group "Owned" has merge requests assigned to me
+ When I visit group "Owned" merge requests page
+ Then I should see merge requests from group "Owned" assigned to me
+
+ @javascript
+ Scenario: I should add user to projects in group "Owned"
+ Given User "Mary Jane" exists
+ When I visit group "Owned" members page
+ And I select user "Mary Jane" from list with role "Reporter"
+ Then I should see user "Mary Jane" in team list
+
+ Scenario: I should see edit group "Owned" page
+ When I visit group "Owned" settings page
+ And I change group "Owned" name to "new-name"
+ Then I should see new group "Owned" name
+
+ Scenario: I edit group "Owned" avatar
+ When I visit group "Owned" settings page
+ And I change group "Owned" avatar
+ And I visit group "Owned" settings page
+ Then I should see new group "Owned" avatar
+ And I should see the "Remove avatar" button
+
+ Scenario: I remove group "Owned" avatar
+ When I visit group "Owned" settings page
+ And I have group "Owned" avatar
+ And I visit group "Owned" settings page
+ And I remove group "Owned" avatar
+ Then I should not see group "Owned" avatar
+ And I should not see the "Remove avatar" button
+
+ # Leave
+
+ @javascript
+ Scenario: Owner should be able to remove himself from group if he is not the last owner
+ Given "Mary Jane" is owner of group "Owned"
+ When I visit group "Owned" members page
+ Then I should see user "John Doe" in team list
+ Then I should see user "Mary Jane" in team list
+ When I click on the "Remove User From Group" button for "John Doe"
+ And I visit group "Owned" members page
+ Then I should not see user "John Doe" in team list
+ Then I should see user "Mary Jane" in team list
+
+ @javascript
+ Scenario: Owner should not be able to remove himself from group if he is the last owner
+ Given "Mary Jane" is guest of group "Owned"
+ When I visit group "Owned" members page
+ Then I should see user "John Doe" in team list
+ Then I should see user "Mary Jane" in team list
+ Then I should not see the "Remove User From Group" button for "Mary Jane"
+
+ @javascript
+ Scenario: Guest should be able to remove himself from group
+ Given "Mary Jane" is guest of group "Guest"
+ When I visit group "Guest" members page
+ Then I should see user "John Doe" in team list
+ Then I should see user "Mary Jane" in team list
+ When I click on the "Remove User From Group" button for "John Doe"
+ When I visit group "Guest" members page
+ Then I should not see user "John Doe" in team list
+ Then I should see user "Mary Jane" in team list
+
+ @javascript
+ Scenario: Guest should be able to remove himself from group even if he is the only user in the group
+ When I visit group "Guest" members page
+ Then I should see user "John Doe" in team list
+ When I click on the "Remove User From Group" button for "John Doe"
+ When I visit group "Guest" members page
+ Then I should not see user "John Doe" in team list
+
+ # Remove others
+
+ @javascript
+ Scenario: Owner should be able to remove other users from group
+ Given "Mary Jane" is owner of group "Owned"
+ When I visit group "Owned" members page
+ Then I should see user "John Doe" in team list
+ Then I should see user "Mary Jane" in team list
+ When I click on the "Remove User From Group" button for "Mary Jane"
+ When I visit group "Owned" members page
+ Then I should see user "John Doe" in team list
+ Then I should not see user "Mary Jane" in team list
+
+ Scenario: Guest should not be able to remove other users from group
+ Given "Mary Jane" is guest of group "Guest"
+ When I visit group "Guest" members page
+ Then I should see user "John Doe" in team list
+ Then I should see user "Mary Jane" in team list
+ Then I should not see the "Remove User From Group" button for "Mary Jane"
@@ -1,11 +0,0 @@
-Feature: Groups
- Background:
- Given I sign in as a user
-
- Scenario: Create a group from dasboard
- Given I have group with projects
- And I visit dashboard page
- When I click new group link
- And submit form with new group info
- Then I should be redirected to group page
- And I should see newly created group
@@ -1,47 +0,0 @@
-Feature: Groups
- Background:
- Given I sign in as a user
- And I have group with projects
-
- @javascript
- Scenario: I should see group dashboard list
- When I visit group page
- Then I should see projects list
- And I should see projects activity feed
-
- Scenario: I should see group issues list
- Given project from group has issues assigned to me
- When I visit group issues page
- Then I should see issues from this group assigned to me
-
- Scenario: I should see group merge requests list
- Given project from group has merge requests assigned to me
- When I visit group merge requests page
- Then I should see merge requests from this group assigned to me
-
- @javascript
- Scenario: I should add user to projects in Group
- Given Create user "John Doe"
- When I visit group members page
- And I select user "John Doe" from list with role "Reporter"
- Then I should see user "John Doe" in team list
-
- Scenario: I should see edit group page
- When I visit group settings page
- And I change group name
- Then I should see new group name
-
- Scenario: I edit my group avatar
- When I visit group settings page
- And I change my group avatar
- And I visit group settings page
- Then I should see new group avatar
- And I should see the "Remove avatar" button
-
- Scenario: I remove my group avatar
- When I visit group settings page
- And I have an group avatar
- And I visit group settings page
- And I remove my group avatar
- Then I should not see my group avatar
- And I should not see the "Remove avatar" button
@@ -0,0 +1,47 @@
+Feature: Profile Group
+ Background:
+ Given I sign in as "John Doe"
+ And "John Doe" is owner of group "Owned"
+ And "John Doe" is guest of group "Guest"
+
+ # Leave groups
+
+ @javascript
+ Scenario: Owner should be able to leave from group if he is not the last owner
+ Given "Mary Jane" is owner of group "Owned"
+ When I visit profile groups page
+ Then I should see group "Owned" in group list
+ Then I should see group "Guest" in group list
+ When I click on the "Leave" button for group "Owned"
+ And I visit profile groups page
+ Then I should not see group "Owned" in group list
+ Then I should see group "Guest" in group list
+
+ @javascript
+ Scenario: Owner should not be able to leave from group if he is the last owner
+ Given "Mary Jane" is guest of group "Owned"
+ When I visit profile groups page
+ Then I should see group "Owned" in group list
+ Then I should see group "Guest" in group list
+ Then I should not see the "Leave" button for group "Owned"
+
+ @javascript
+ Scenario: Guest should be able to leave from group
+ Given "Mary Jane" is guest of group "Guest"
+ When I visit profile groups page
+ Then I should see group "Owned" in group list
+ Then I should see group "Guest" in group list
+ When I click on the "Leave" button for group "Guest"
+ When I visit profile groups page
+ Then I should see group "Owned" in group list
+ Then I should not see group "Guest" in group list
+
+ @javascript
+ Scenario: Guest should be able to leave from group even if he is the only user in the group
+ When I visit profile groups page
+ Then I should see group "Owned" in group list
+ Then I should see group "Guest" in group list
+ When I click on the "Leave" button for group "Guest"
+ When I visit profile groups page
+ Then I should see group "Owned" in group list
+ Then I should not see group "Guest" in group list
Oops, something went wrong.

0 comments on commit 439a617

Please sign in to comment.