Commit 00e4a479d3732a528745513e4150fe28fee178e2
1 parent
585a53c4
Exists in
master
and in
4 other branches
allow/deny user to create group/team
Showing
4 changed files
with
32 additions
and
10 deletions
Show diff stats
app/controllers/groups_controller.rb
| ... | ... | @@ -6,6 +6,7 @@ class GroupsController < ApplicationController |
| 6 | 6 | |
| 7 | 7 | # Authorize |
| 8 | 8 | before_filter :authorize_read_group!, except: [:new, :create] |
| 9 | + before_filter :authorize_create_group!, only: [:new, :create] | |
| 9 | 10 | |
| 10 | 11 | # Load group projects |
| 11 | 12 | before_filter :projects, except: [:new, :create] |
| ... | ... | @@ -103,4 +104,8 @@ class GroupsController < ApplicationController |
| 103 | 104 | return render_404 |
| 104 | 105 | end |
| 105 | 106 | end |
| 107 | + | |
| 108 | + def authorize_create_group! | |
| 109 | + can?(current_user, :create_group, nil) | |
| 110 | + end | |
| 106 | 111 | end | ... | ... |
app/models/ability.rb
| 1 | 1 | class Ability |
| 2 | 2 | class << self |
| 3 | - def allowed(object, subject) | |
| 3 | + def allowed(user, subject) | |
| 4 | + return [] unless user.kind_of?(User) | |
| 5 | + | |
| 4 | 6 | case subject.class.name |
| 5 | - when "Project" then project_abilities(object, subject) | |
| 6 | - when "Issue" then issue_abilities(object, subject) | |
| 7 | - when "Note" then note_abilities(object, subject) | |
| 8 | - when "Snippet" then snippet_abilities(object, subject) | |
| 9 | - when "MergeRequest" then merge_request_abilities(object, subject) | |
| 10 | - when "Group", "Namespace" then group_abilities(object, subject) | |
| 11 | - when "UserTeam" then user_team_abilities(object, subject) | |
| 7 | + when "Project" then project_abilities(user, subject) | |
| 8 | + when "Issue" then issue_abilities(user, subject) | |
| 9 | + when "Note" then note_abilities(user, subject) | |
| 10 | + when "Snippet" then snippet_abilities(user, subject) | |
| 11 | + when "MergeRequest" then merge_request_abilities(user, subject) | |
| 12 | + when "Group", "Namespace" then group_abilities(user, subject) | |
| 13 | + when "UserTeam" then user_team_abilities(user, subject) | |
| 12 | 14 | else [] |
| 13 | - end | |
| 15 | + end.concat(global_abilities(user)) | |
| 16 | + end | |
| 17 | + | |
| 18 | + def global_abilities(user) | |
| 19 | + rules = [] | |
| 20 | + rules << :create_group if user.can_create_group | |
| 21 | + rules << :create_team if user.can_create_team | |
| 22 | + rules | |
| 14 | 23 | end |
| 15 | 24 | |
| 16 | 25 | def project_abilities(user, project) | ... | ... |
app/models/user.rb
app/views/admin/users/_form.html.haml
| ... | ... | @@ -47,6 +47,14 @@ |
| 47 | 47 | .input= f.number_field :projects_limit |
| 48 | 48 | |
| 49 | 49 | .clearfix |
| 50 | + = f.label :can_create_group | |
| 51 | + .input= f.check_box :can_create_group | |
| 52 | + | |
| 53 | + .clearfix | |
| 54 | + = f.label :can_create_team | |
| 55 | + .input= f.check_box :can_create_team | |
| 56 | + | |
| 57 | + .clearfix | |
| 50 | 58 | = f.label :admin do |
| 51 | 59 | %strong.cred Administrator |
| 52 | 60 | .input= f.check_box :admin | ... | ... |