allow/deny user to create group/team

Dmitriy Zaporozhets
1 parent 585a53c4
Showing 4 changed files with 32 additions and 10 deletions Show diff stats
app/controllers/groups_controller.rb
app/models/ability.rb
app/models/user.rb
app/views/admin/users/_form.html.haml
@@ -6,6 +6,7 @@ class GroupsController &lt; ApplicationController
   # Authorize
   before_filter :authorize_read_group!, except: [:new, :create]
+  before_filter :authorize_create_group!, only: [:new, :create]
   # Load group projects
   before_filter :projects, except: [:new, :create]
@@ -103,4 +104,8 @@ class GroupsController &lt; ApplicationController
       return render_404
     end
   end
+
+  def authorize_create_group!
+    can?(current_user, :create_group, nil)
+  end
 end
 class Ability
   class << self
-    def allowed(object, subject)
+    def allowed(user, subject)
+      return [] unless user.kind_of?(User)
+
       case subject.class.name
-      when "Project" then project_abilities(object, subject)
-      when "Issue" then issue_abilities(object, subject)
-      when "Note" then note_abilities(object, subject)
-      when "Snippet" then snippet_abilities(object, subject)
-      when "MergeRequest" then merge_request_abilities(object, subject)
-      when "Group", "Namespace" then group_abilities(object, subject)
-      when "UserTeam" then user_team_abilities(object, subject)
+      when "Project" then project_abilities(user, subject)
+      when "Issue" then issue_abilities(user, subject)
+      when "Note" then note_abilities(user, subject)
+      when "Snippet" then snippet_abilities(user, subject)
+      when "MergeRequest" then merge_request_abilities(user, subject)
+      when "Group", "Namespace" then group_abilities(user, subject)
+      when "UserTeam" then user_team_abilities(user, subject)
       else []
-      end
+      end.concat(global_abilities(user))
+    end
+
+    def global_abilities(user)
+      rules = []
+      rules << :create_group if user.can_create_group
+      rules << :create_team if user.can_create_team
+      rules
     end
     def project_abilities(user, project)
@@ -232,7 +232,7 @@ class User &lt; ActiveRecord::Base
   end
   def can_create_group?
-    can_create_project?
+    can?(:create_group, nil)
   end
   def abilities
@@ -47,6 +47,14 @@
             .input= f.number_field :projects_limit
           .clearfix
+            = f.label :can_create_group
+            .input= f.check_box :can_create_group
+
+          .clearfix
+            = f.label :can_create_team
+            .input= f.check_box :can_create_team
+
+          .clearfix
             = f.label :admin do
               %strong.cred Administrator
             .input= f.check_box :admin
	@@ -232,7 +232,7 @@ class User < ActiveRecord::Base		@@ -232,7 +232,7 @@ class User < ActiveRecord::Base
232	end	232	end
233		233
234	def can_create_group?	234	def can_create_group?
235	- can_create_project?	235	+ can?(:create_group, nil)
236	end	236	end
237		237
238	def abilities	238	def abilities
	@@ -47,6 +47,14 @@		@@ -47,6 +47,14 @@
47	.input= f.number_field :projects_limit	47	.input= f.number_field :projects_limit
48		48
49	.clearfix	49	.clearfix
		50	+ = f.label :can_create_group
		51	+ .input= f.check_box :can_create_group
		52	+
		53	+ .clearfix
		54	+ = f.label :can_create_team
		55	+ .input= f.check_box :can_create_team
		56	+
		57	+ .clearfix
50	= f.label :admin do	58	= f.label :admin do
51	%strong.cred Administrator	59	%strong.cred Administrator
52	.input= f.check_box :admin	60	.input= f.check_box :admin