Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Refactor abilities. Added ProjectUpdate context. Fixed few bugs with …

…namespaces
  • Loading branch information...
commit eb1004f7890d25a86beb0ca0a7eca802d9fce665 1 parent a1ffc67
@randx randx authored
View
21 app/contexts/project_update_context.rb
@@ -0,0 +1,21 @@
+class ProjectUpdateContext < BaseContext
+ def execute(role = :default)
+ namespace_id = params[:project].delete(:namespace_id)
+
+ if namespace_id.present?
+ if namespace_id == Namespace.global_id
+ if project.namespace.present?
+ # Transfer to global namespace from anyone
+ project.transfer(nil)
+ end
+ elsif namespace_id.to_i != project.namespace_id
+ # Transfer to someone namespace
+ namespace = Namespace.find(namespace_id)
+ project.transfer(namespace)
+ end
+ end
+
+ project.update_attributes(params[:project], as: role)
+ end
+end
+
View
8 app/controllers/admin/projects_controller.rb
@@ -24,13 +24,9 @@ def team_update
end
def update
- owner_id = params[:project].delete(:owner_id)
+ status = ProjectUpdateContext.new(project, current_user, params).execute(:admin)
- if owner_id
- @project.owner = User.find(owner_id)
- end
-
- if @project.update_attributes(params[:project], as: :admin)
+ if status
redirect_to [:admin, @project], notice: 'Project was successfully updated.'
else
render action: "edit"
View
13 app/controllers/application_controller.rb
@@ -2,6 +2,7 @@ class ApplicationController < ActionController::Base
before_filter :authenticate_user!
before_filter :reject_blocked!
before_filter :set_current_user_for_observers
+ before_filter :add_abilities
before_filter :dev_tools if Rails.env == 'development'
protect_from_forgery
@@ -65,11 +66,17 @@ def can?(object, action, subject)
def project
id = params[:project_id] || params[:id]
- @project ||= current_user.projects.find_with_namespace(id)
- @project || render_404
+ @project = Project.find_with_namespace(id)
+
+ if @project and can?(current_user, :read_project, @project)
+ @project
+ else
+ @project = nil
+ render_404
+ end
end
- def add_project_abilities
+ def add_abilities
abilities << Ability
end
View
2  app/controllers/dashboard_controller.rb
@@ -5,7 +5,7 @@ class DashboardController < ApplicationController
before_filter :event_filter, only: :index
def index
- @groups = Group.where(id: current_user.projects.pluck(:namespace_id))
+ @groups = current_user.accessed_groups
@projects = @projects.page(params[:page]).per(30)
@events = Event.in_projects(current_user.project_ids)
@events = @event_filter.apply_filter(@events)
View
9 app/controllers/groups_controller.rb
@@ -4,7 +4,6 @@ class GroupsController < ApplicationController
before_filter :group
before_filter :projects
- before_filter :add_project_abilities
def show
@events = Event.in_projects(project_ids).limit(20).offset(params[:offset] || 0)
@@ -45,7 +44,7 @@ def search
end
def people
- @users = group.users.all
+ @users = group.users
end
protected
@@ -55,7 +54,11 @@ def group
end
def projects
- @projects ||= current_user.projects_sorted_by_activity.where(namespace_id: @group.id)
+ @projects ||= if can?(current_user, :manage_group, @group)
+ @group.projects.all
+ else
+ current_user.projects_sorted_by_activity.where(namespace_id: @group.id)
+ end
end
def project_ids
View
2  app/controllers/project_resource_controller.rb
@@ -1,5 +1,3 @@
class ProjectResourceController < ApplicationController
before_filter :project
- # Authorize
- before_filter :add_project_abilities
end
View
14 app/controllers/projects_controller.rb
@@ -34,20 +34,10 @@ def create
end
def update
- if params[:project].has_key?(:namespace_id)
- namespace_id = params[:project].delete(:namespace_id)
- if namespace_id == Namespace.global_id and project.namespace.present?
- # Transfer to global namespace from anyone
- project.transfer(nil)
- elsif namespace_id.present? and namespace_id.to_i != project.namespace_id
- # Transfer to someone namespace
- namespace = Namespace.find(namespace_id)
- project.transfer(namespace)
- end
- end
+ status = ProjectUpdateContext.new(project, current_user, params).execute
respond_to do |format|
- if project.update_attributes(params[:project])
+ if status
flash[:notice] = 'Project was successfully updated.'
format.html { redirect_to edit_project_path(project), notice: 'Project was successfully updated.' }
format.js
View
64 app/models/ability.rb
@@ -15,7 +15,37 @@ def allowed(object, subject)
def project_abilities(user, project)
rules = []
- rules << [
+ # Rules based on role in project
+ if project.master_access_for?(user)
+ # TODO: replace with master rules.
+ # Only allow project administration for owners
+ rules << project_admin_rules
+
+ elsif project.dev_access_for?(user)
+ rules << project_dev_rules
+
+ elsif project.report_access_for?(user)
+ rules << project_report_rules
+
+ elsif project.guest_access_for?(user)
+ rules << project_guest_rules
+ end
+
+ # If user own project namespace (Ex. group owner or account owner)
+ if project.namespace && project.namespace.owner == user
+ rules << project_admin_rules
+ end
+
+ # If user was set as direct project owner
+ if project.owner == user
+ rules << project_admin_rules
+ end
+
+ rules.flatten
+ end
+
+ def project_guest_rules
+ [
:read_project,
:read_wiki,
:read_issue,
@@ -27,28 +57,30 @@ def project_abilities(user, project)
:write_project,
:write_issue,
:write_note
- ] if project.guest_access_for?(user)
+ ]
+ end
- rules << [
+ def project_report_rules
+ project_guest_rules + [
:download_code,
:write_merge_request,
:write_snippet
- ] if project.report_access_for?(user)
+ ]
+ end
- rules << [
+ def project_dev_rules
+ project_report_rules + [
:write_wiki,
:push_code
- ] if project.dev_access_for?(user)
-
- rules << [
- :push_code_to_protected_branches
- ] if project.master_access_for?(user)
+ ]
+ end
- rules << [
+ def project_master_rules
+ project_dev_rules + [
+ :push_code_to_protected_branches,
:modify_issue,
:modify_snippet,
:modify_merge_request,
- :admin_project,
:admin_issue,
:admin_milestone,
:admin_snippet,
@@ -57,9 +89,13 @@ def project_abilities(user, project)
:admin_note,
:accept_mr,
:admin_wiki
- ] if project.master_access_for?(user) || project.owner == user
+ ]
+ end
- rules.flatten
+ def project_admin_rules
+ project_master_rules + [
+ :admin_project
+ ]
end
def group_abilities user, group
View
4 app/models/group.rb
@@ -13,7 +13,9 @@
class Group < Namespace
def users
- User.joins(:users_projects).where(users_projects: {project_id: project_ids}).uniq
+ users = User.joins(:users_projects).where(users_projects: {project_id: project_ids})
+ users = users << owner
+ users.uniq
end
def human_name
View
12 app/models/namespace.rb
@@ -53,12 +53,14 @@ def ensure_dir_exist
end
def move_dir
- old_path = File.join(Gitlab.config.git_base_path, path_was)
- new_path = File.join(Gitlab.config.git_base_path, path)
- if File.exists?(new_path)
- raise "Already exists"
+ if path_changed?
+ old_path = File.join(Gitlab.config.git_base_path, path_was)
+ new_path = File.join(Gitlab.config.git_base_path, path)
+ if File.exists?(new_path)
+ raise "Already exists"
+ end
+ system("mv #{old_path} #{new_path}")
end
- system("mv #{old_path} #{new_path}")
end
def rm_dir
View
2  app/models/project.rb
@@ -29,7 +29,7 @@ class Project < ActiveRecord::Base
attr_accessible :name, :path, :description, :default_branch, :issues_enabled,
:wall_enabled, :merge_requests_enabled, :wiki_enabled, as: [:default, :admin]
- attr_accessible :namespace_id, as: :admin
+ attr_accessible :namespace_id, :owner_id, as: :admin
attr_accessor :error_code
View
7 app/models/user.rb
@@ -123,4 +123,11 @@ def generate_password
self.password = self.password_confirmation = Devise.friendly_token.first(8)
end
end
+
+ def accessed_groups
+ @accessed_groups ||= begin
+ groups = Group.where(id: self.projects.pluck(:namespace_id)).all
+ groups + self.groups
+ end
+ end
end
View
2  app/views/admin/projects/_form.html.haml
@@ -22,7 +22,7 @@
- unless project.new_record?
.clearfix
= f.label :namespace_id
- .input= f.select :namespace_id, namespaces_options, {}, {class: 'chosen'}
+ .input= f.select :namespace_id, namespaces_options(@project.namespace_id), {}, {class: 'chosen'}
.clearfix
= f.label :owner_id
View
2  app/views/errors/access_denied.html.haml
@@ -1,4 +1,4 @@
-%h1 403
+%h1.http_status_code 403
%h3.page_title Access Denied
%hr
%p You are not allowed to access this page.
View
2  app/views/groups/show.html.haml
@@ -10,7 +10,7 @@
- if @events.any?
.content_list= render @events
- else
- %h4.nothing_here_message Projects activity will be displayed here
+ %p.nothing_here_message Projects activity will be displayed here
.loading.hide
.side
= render "projects", projects: @projects
View
11 db/fixtures/development/010_groups.rb
@@ -0,0 +1,11 @@
+Group.seed(:id, [
+ { id: 100, name: "Gitlab", path: 'gitlab', owner_id: 1},
+ { id: 101, name: "Rails", path: 'rails', owner_id: 1 },
+ { id: 102, name: "KDE", path: 'kde', owner_id: 1 }
+])
+
+Project.seed(:id, [
+ { id: 10, name: "kdebase", path: "kdebase", owner_id: 1, namespace_id: 102 },
+ { id: 11, name: "kdelibs", path: "kdelibs", owner_id: 1, namespace_id: 102 },
+ { id: 12, name: "amarok", path: "amarok", owner_id: 1, namespace_id: 102 }
+])
View
2  spec/models/group_spec.rb
@@ -24,7 +24,7 @@
it { should validate_presence_of :owner }
describe :users do
- it { group.users.should == [] }
+ it { group.users.should == [group.owner] }
end
describe :human_name do
View
3  spec/models/namespace_spec.rb
@@ -55,9 +55,10 @@
describe :move_dir do
before do
@namespace = create :namespace
+ @namespace.stub(path_changed?: true)
end
- it "should raise error when called directly" do
+ it "should raise error when dirtory exists" do
expect { @namespace.move_dir }.to raise_error("Already exists")
end
Please sign in to comment.
Something went wrong with that request. Please try again.