4 roles permission system

Dmitriy Zaporozhets
1 parent dac7c44a
Showing 18 changed files with 66 additions and 111 deletions Show diff stats
app/controllers/projects_controller.rb
app/models/project.rb
app/models/repository.rb
app/models/users_project.rb
app/views/admin/projects/show.html.haml
app/views/admin/team_members/_form.html.haml
app/views/admin/users/show.html.haml
app/views/help/permissions.html.haml
app/views/team_members/_form.html.haml
app/views/team_members/_show.html.haml
app/views/team_members/show.html.haml
app/views/widgets/_project_member.html.haml
db/migrate/20120216085842_move_to_roles_permissions.rb
db/schema.rb
spec/models/note_spec.rb
spec/models/project_security_spec.rb
spec/requests/projects_security_spec.rb
spec/requests/team_members_spec.rb
@@ -28,7 +28,7 @@ class ProjectsController &lt; ApplicationController
  
     Project.transaction do
       @project.save!
-      @project.users_projects.create!(:repo_access => Repository::REPO_RW , :project_access => Project::PROJECT_RWA, :user => current_user)
+      @project.users_projects.create!(:project_access => UsersProject::MASTER, :user => current_user)
  
       # when project saved no team member exist so 
       # project repository should be updated after first user add
 require "grit"
  
 class Project < ActiveRecord::Base
-  PROJECT_N = 0
-  PROJECT_R = 1
-  PROJECT_RW = 2
-  PROJECT_RWA = 3
-
   belongs_to :owner, :class_name => "User"
  
   has_many :merge_requests, :dependent => :destroy
@@ -61,12 +56,7 @@ class Project &lt; ActiveRecord::Base
   end
  
   def self.access_options
-    {
-      "Denied" => PROJECT_N,
-      "Read"   => PROJECT_R,
-      "Report" => PROJECT_RW,
-      "Admin"  => PROJECT_RWA
-    }
+    UsersProject.access_roles
   end
  
   def repository
@@ -193,11 +183,11 @@ class Project &lt; ActiveRecord::Base
   # Should be rewrited for new access rights
   def add_access(user, *access)
     access = if access.include?(:admin) 
-               { :project_access => PROJECT_RWA } 
+               { :project_access => UsersProject::MASTER } 
              elsif access.include?(:write)
-               { :project_access => PROJECT_RW } 
+               { :project_access => UsersProject::DEVELOPER } 
              else
-               { :project_access => PROJECT_R } 
+               { :project_access => UsersProject::GUEST } 
              end
     opts = { :user => user }
     opts.merge!(access)
@@ -210,48 +200,48 @@ class Project &lt; ActiveRecord::Base
  
   def repository_readers
     keys = Key.joins({:user => :users_projects}).
-      where("users_projects.project_id = ? AND users_projects.repo_access = ?", id, Repository::REPO_R)
+      where("users_projects.project_id = ? AND users_projects.project_access = ?", id, UsersProject::REPORTER)
     keys.map(&:identifier) + deploy_keys.map(&:identifier)
   end
  
   def repository_writers
     keys = Key.joins({:user => :users_projects}).
-      where("users_projects.project_id = ? AND users_projects.repo_access = ?", id, Repository::REPO_RW)
+      where("users_projects.project_id = ? AND users_projects.project_access = ?", id, UsersProject::DEVELOPER)
     keys.map(&:identifier)
   end
  
   def repository_masters
     keys = Key.joins({:user => :users_projects}).
-      where("users_projects.project_id = ? AND users_projects.repo_access = ?", id, Repository::REPO_MASTER)
+      where("users_projects.project_id = ? AND users_projects.project_access = ?", id, UsersProject::MASTER)
     keys.map(&:identifier)
   end
  
   def readers
-    @readers ||= users_projects.includes(:user).where(:project_access => [PROJECT_R, PROJECT_RW, PROJECT_RWA]).map(&:user)
+    @readers ||= users_projects.includes(:user).map(&:user)
   end
  
   def writers
-    @writers ||= users_projects.includes(:user).where(:project_access => [PROJECT_RW, PROJECT_RWA]).map(&:user)
+    @writers ||= users_projects.includes(:user).map(&:user)
   end
  
   def admins
-    @admins ||= users_projects.includes(:user).where(:project_access => PROJECT_RWA).map(&:user)
+    @admins ||= users_projects.includes(:user).where(:project_access => UsersProject::MASTER).map(&:user)
   end
  
   def allow_read_for?(user)
-    !users_projects.where(:user_id => user.id, :project_access => [PROJECT_R, PROJECT_RW, PROJECT_RWA]).empty?
+    !users_projects.where(:user_id => user.id).empty?
   end
  
   def allow_write_for?(user)
-    !users_projects.where(:user_id => user.id, :project_access => [PROJECT_RW, PROJECT_RWA]).empty?
+    !users_projects.where(:user_id => user.id).empty?
   end
  
   def allow_admin_for?(user)
-    !users_projects.where(:user_id => user.id, :project_access => [PROJECT_RWA]).empty? || owner_id == user.id
+    !users_projects.where(:user_id => user.id, :project_access => [UsersProject::MASTER]).empty? || owner_id == user.id
   end
  
   def allow_pull_for?(user)
-    !users_projects.where(:user_id => user.id, :repo_access => [Repository::REPO_R, Repository::REPO_RW, Repository::REPO_MASTER]).empty?
+    !users_projects.where(:user_id => user.id, :project_access => [UsersProject::REPORTER, UsersProject::DEVELOPER, UsersProject::MASTER]).empty?
   end
  
   def root_ref 
 require File.join(Rails.root, "lib", "gitlabhq", "git_host")
  
 class Repository
-  REPO_N = 0
-  REPO_R = 1
-  REPO_RW = 2
-  REPO_MASTER = 3
-
   attr_accessor :project
  
   def self.default_ref
@@ -13,12 +8,7 @@ class Repository
   end
  
   def self.access_options
-    {
-      "Denied"      => REPO_N,
-      "Pull"        => REPO_R,
-      "Pull & Push" => REPO_RW,
-      "Master"      => REPO_MASTER
-    }
+    {}
   end
  
   def initialize(project)
 class UsersProject < ActiveRecord::Base
-  REPORTER = 21
-  DEVELOPER = 22
-  MASTER = 33
+  GUEST     = 10
+  REPORTER  = 20
+  DEVELOPER = 30
+  MASTER    = 40
  
   belongs_to :user
   belongs_to :project
@@ -21,7 +22,6 @@ class UsersProject &lt; ActiveRecord::Base
     UsersProject.transaction do
       user_ids.each do |user_id|
         users_project = UsersProject.new(
-          :repo_access => repo_access,
           :project_access => project_access,
           :user_id => user_id
         )
@@ -35,7 +35,6 @@ class UsersProject &lt; ActiveRecord::Base
     UsersProject.transaction do
       project_ids.each do |project_id|
         users_project = UsersProject.new(
-          :repo_access => repo_access,
           :project_access => project_access,
         )
         users_project.project_id = project_id
@@ -47,6 +46,7 @@ class UsersProject &lt; ActiveRecord::Base
  
   def self.access_roles
     {
+      "Guest"   => GUEST,
       "Reporter"   => REPORTER,
       "Developer" => DEVELOPER,
       "Master"  => MASTER
@@ -54,7 +54,7 @@ class UsersProject &lt; ActiveRecord::Base
   end
  
   def role_access
-    "#{project_access}#{repo_access}"
+    project_access
   end
  
   def update_repository
@@ -68,7 +68,7 @@ class UsersProject &lt; ActiveRecord::Base
   end
  
   def repo_access_human
-    Repository.access_options.key(self.repo_access)
+    ""
   end
 end
 # == Schema Information
@@ -53,7 +53,6 @@
         %td
           = link_to tm.user_name, admin_users_path(tm.user)
         %td= select_tag :tm_project_access, options_for_select(Project.access_options, tm.project_access), :class => "medium project-access-select", :disabled => :disabled
-        %td= select_tag :tm_repo_access, options_for_select(Repository.access_options, tm.repo_access), :class => "medium repo-access-select", :disabled => :disabled
         %td= link_to 'Edit Access', edit_admin_team_member_path(tm), :class => "btn small"
         %td= link_to 'Remove from team', admin_team_member_path(tm), :confirm => 'Are you sure?', :method => :delete, :class => "btn danger small"
  
@@ -68,7 +67,6 @@
       %tr
         %td= select_tag :user_ids, options_from_collection_for_select(@users , :id, :name),  :multiple => true
         %td= select_tag :project_access, options_for_select(Project.access_options), :class => "project-access-select"
-        %td= select_tag :repo_access, options_for_select(Repository.access_options), :class => "repo-access-select"
  
     .actions
       = submit_tag 'Add', :class => "btn primary"
@@ -10,10 +10,6 @@
     .input
       = f.select :project_access, options_for_select(Project.access_options, @admin_team_member.project_access), {}, :class => "project-access-select"
  
-  .clearfix
-    %label Repository Access:
-    .input
-      = f.select :repo_access, options_for_select(Repository.access_options, @admin_team_member.repo_access), {}, :class => "repo-access-select"
   %br
   .actions
     = f.submit 'Save', :class => "btn primary"
@@ -61,7 +61,6 @@
     %tr
       %td= link_to project.name, admin_project_path(project)
       %td= select_tag :tm_project_access, options_for_select(Project.access_options, tm.project_access), :class => "medium project-access-select", :disabled => :disabled
-      %td= select_tag :tm_repo_access, options_for_select(Repository.access_options, tm.repo_access), :class => "medium repo-access-select", :disabled => :disabled
       %td= link_to 'Edit Access', edit_admin_team_member_path(tm), :class => "btn small"
       %td= link_to 'Remove from team', admin_team_member_path(tm), :confirm => 'Are you sure?', :method => :delete, :class => "btn small danger"
  
@@ -76,7 +75,6 @@
     %tr
       %td= select_tag :project_ids, options_from_collection_for_select(@projects , :id, :name),  :multiple => true
       %td= select_tag :project_access, options_for_select(Project.access_options), :class => "project-access-select"
-      %td= select_tag :repo_access, options_for_select(Repository.access_options), :class => "repo-access-select"
  
   .actions
     = submit_tag 'Add', :class => "btn primary"
@@ -3,6 +3,12 @@
  
 %h4 Reporter
 %ul
+  %li Create new issue
+  %li Create new merge request
+  %li Write on project wall
+
+%h4 Reporter
+%ul
   %li Pull project code
   %li Create new issue
   %li Create new merge request
@@ -14,18 +14,9 @@
  
   .clearfix
     = f.label :project_access, "Project Access"
-    .input= f.select :_project_access, options_for_select(UsersProject.access_roles, @team_member.role_access), {}, :class => "project-access-select"
-    
+    .input= f.select :project_access, options_for_select(Project.access_options, @team_member.project_access), {}, :class => "project-access-select"
  
  
-  -#.clearfix
-    -#= f.label :project_access, "Project Access"
-    -#.input= f.select :project_access, options_for_select(Project.access_options, @team_member.project_access), {}, :class => "project-access-select"
-
-  -#.clearfix
-    -#= f.label :repo_access, "Repository Access"
-    -#.input= f.select :repo_access, options_for_select(Repository.access_options, @team_member.repo_access), {}, :class => "repo-access-select"
-
   .actions
     = f.submit 'Save', :class => "btn primary"
     = link_to "Cancel", team_project_path(@project), :class => "btn"
@@ -37,6 +28,6 @@
  
 :javascript
   $('select#team_member_user_id').chosen();
-  $('select#team_member__project_access').chosen();
+  $('select#team_member_project_access').chosen();
   //$('select#team_member_repo_access').chosen();
   //$('select#team_member_project_access').chosen();
@@ -11,9 +11,6 @@
  
     .span3
       = form_for(member, :as => :team_member, :url => project_team_member_path(@project, member)) do |f|
-        = f.select :_project_access, options_for_select(UsersProject.access_roles, member.role_access), {}, :class => "medium project-access-select", :disabled => !allow_admin
-    -#.span3
-      -#= form_for(member, :as => :team_member, :url => project_team_member_path(@project, member)) do |f|
-        -#= f.select :repo_access, options_for_select(Repository.access_options, member.repo_access), {}, :class => "medium repo-access-select", :disabled => !allow_admin
+        = f.select :project_access, options_for_select(UsersProject.access_roles, member.project_access), {}, :class => "medium project-access-select", :disabled => !allow_admin
     - if @project.owner == user
       %span.label Project Owner
@@ -28,13 +28,6 @@
       = form_for(@team_member, :as => :team_member, :url => project_team_member_path(@project, @team_member)) do |f|
         = f.select :project_access, options_for_select(Project.access_options, @team_member.project_access), {}, :class => "project-access-select", :disabled => !allow_admin
  
-  %tr
-    %td Repository Access
-    %td
-      = form_for(@team_member, :as => :team_member, :url => project_team_member_path(@project, @team_member)) do |f|
-        = f.select :repo_access, options_for_select(Repository.access_options, @team_member.repo_access), {}, :class => "repo-access-select", :disabled => !allow_admin
-
-
   - unless user.skype.empty?
     %tr
       %td Skype:
@@ -13,7 +13,6 @@
  
     .span3
       %span.label= member.project_access_human
-      %span.label= member.repo_access_human
  
   - if can? current_user, :write_project, @project
     - if @project.issues_enabled && @project.merge_requests_enabled
@@ -0,0 +1,18 @@
+class MoveToRolesPermissions < ActiveRecord::Migration
+  def up
+    repo_n = 0
+    repo_r = 1
+    repo_rw = 2
+    project_rwa = 3
+
+    UsersProject.update_all ["project_access = ?", UsersProject::MASTER], ["project_access = ?", project_rwa]
+    UsersProject.update_all ["project_access = ?", UsersProject::DEVELOPER], ["repo_access = ?", repo_rw]
+    UsersProject.update_all ["project_access = ?", UsersProject::REPORTER], ["repo_access = ?", repo_r]
+    UsersProject.update_all ["project_access = ?", UsersProject::GUEST], ["repo_access = ?", repo_n]
+
+    remove_column :users_projects, :repo_access
+  end
+
+  def down
+  end
+end
@@ -11,19 +11,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
  
-ActiveRecord::Schema.define(:version => 20120215182305) do
-
-  create_table "features", :force => true do |t|
-    t.string   "name"
-    t.string   "branch_name"
-    t.integer  "assignee_id"
-    t.integer  "author_id"
-    t.integer  "project_id"
-    t.datetime "created_at"
-    t.datetime "updated_at"
-    t.string   "version"
-    t.integer  "status",      :default => 0, :null => false
-  end
+ActiveRecord::Schema.define(:version => 20120216085842) do
  
   create_table "issues", :force => true do |t|
     t.string   "title"
@@ -160,7 +148,6 @@ ActiveRecord::Schema.define(:version =&gt; 20120215182305) do
     t.integer  "project_id",                    :null => false
     t.datetime "created_at"
     t.datetime "updated_at"
-    t.integer  "repo_access",    :default => 0, :null => false
     t.integer  "project_access", :default => 0, :null => false
   end
  
@@ -64,9 +64,8 @@ describe Note do
  
     describe :read do
       before do
-        @p1.users_projects.create(:user => @u1, :project_access => Project::PROJECT_N)
-        @p1.users_projects.create(:user => @u2, :project_access => Project::PROJECT_R)
-        @p2.users_projects.create(:user => @u3, :project_access => Project::PROJECT_R)
+        @p1.users_projects.create(:user => @u2, :project_access => UsersProject::GUEST)
+        @p2.users_projects.create(:user => @u3, :project_access => UsersProject::GUEST)
       end
  
       it { @abilities.allowed?(@u1, :read_note, @p1).should be_false }
@@ -76,9 +75,8 @@ describe Note do
  
     describe :write do
       before do
-        @p1.users_projects.create(:user => @u1, :project_access => Project::PROJECT_R)
-        @p1.users_projects.create(:user => @u2, :project_access => Project::PROJECT_RW)
-        @p2.users_projects.create(:user => @u3, :project_access => Project::PROJECT_RW)
+        @p1.users_projects.create(:user => @u2, :project_access => UsersProject::DEVELOPER)
+        @p2.users_projects.create(:user => @u3, :project_access => UsersProject::DEVELOPER)
       end
  
       it { @abilities.allowed?(@u1, :write_note, @p1).should be_false }
@@ -88,9 +86,9 @@ describe Note do
  
     describe :admin do
       before do
-        @p1.users_projects.create(:user => @u1, :project_access => Project::PROJECT_R)
-        @p1.users_projects.create(:user => @u2, :project_access => Project::PROJECT_RWA)
-        @p2.users_projects.create(:user => @u3, :project_access => Project::PROJECT_RWA)
+        @p1.users_projects.create(:user => @u1, :project_access => UsersProject::REPORTER)
+        @p1.users_projects.create(:user => @u2, :project_access => UsersProject::MASTER)
+        @p2.users_projects.create(:user => @u3, :project_access => UsersProject::MASTER)
       end
  
       it { @abilities.allowed?(@u1, :admin_note, @p1).should be_false }
@@ -12,8 +12,7 @@ describe Project do
  
     describe "read access" do
       before do
-        @p1.users_projects.create(:project => @p1, :user => @u1, :project_access => Project::PROJECT_N)
-        @p1.users_projects.create(:project => @p1, :user => @u2, :project_access => Project::PROJECT_R)
+        @p1.users_projects.create(:project => @p1, :user => @u2, :project_access => UsersProject::REPORTER)
       end
  
       it { @abilities.allowed?(@u1, :read_project, @p1).should be_false }
@@ -22,8 +21,7 @@ describe Project do
  
     describe "write access" do
       before do
-        @p1.users_projects.create(:project => @p1, :user => @u1, :project_access => Project::PROJECT_R)
-        @p1.users_projects.create(:project => @p1, :user => @u2, :project_access => Project::PROJECT_RW)
+        @p1.users_projects.create(:project => @p1, :user => @u2, :project_access => UsersProject::DEVELOPER)
       end
  
       it { @abilities.allowed?(@u1, :write_project, @p1).should be_false }
@@ -32,8 +30,8 @@ describe Project do
  
     describe "admin access" do
       before do
-        @p1.users_projects.create(:project => @p1, :user => @u1, :project_access => Project::PROJECT_RW)
-        @p1.users_projects.create(:project => @p1, :user => @u2, :project_access => Project::PROJECT_RWA)
+        @p1.users_projects.create(:project => @p1, :user => @u1, :project_access => UsersProject::DEVELOPER)
+        @p1.users_projects.create(:project => @p1, :user => @u2, :project_access => UsersProject::MASTER)
       end
  
       it { @abilities.allowed?(@u1, :admin_project, @p1).should be_false }
@@ -20,11 +20,9 @@ describe &quot;Projects&quot; do
       @u2 = Factory :user
       @u3 = Factory :user
       # full access
-      @project.users_projects.create(:user => @u1, :project_access => Project::PROJECT_RWA)
-      # no access
-      @project.users_projects.create(:user => @u2, :project_access => Project::PROJECT_N)
+      @project.users_projects.create(:user => @u1, :project_access => UsersProject::MASTER)
       # readonly
-      @project.users_projects.create(:user => @u3, :project_access => Project::PROJECT_R)
+      @project.users_projects.create(:user => @u3, :project_access => UsersProject::REPORTER)
     end
  
     describe "GET /project_code" do
@@ -31,8 +31,7 @@ describe &quot;TeamMembers&quot; do
       before do
         within "#new_team_member" do 
           select @user_1.name, :from => "team_member_user_id"
-          select "Report", :from => "team_member_project_access"
-          select "Pull",   :from => "team_member_repo_access"
+          select "Reporter", :from => "team_member_project_access"
         end
       end
  
@@ -45,8 +44,7 @@ describe &quot;TeamMembers&quot; do
         page.should have_content @user_1.name
  
         @member.reload
-        @member.project_access.should == Project::PROJECT_RW
-        @member.repo_access.should == Repository::REPO_R
+        @member.project_access.should == UsersProject::REPORTER
       end
     end
   end
...	...	@@ -28,7 +28,7 @@ class ProjectsController < ApplicationController
28	28
29	29	Project.transaction do
30	30	@project.save!
31		- @project.users_projects.create!(:repo_access => Repository::REPO_RW , :project_access => Project::PROJECT_RWA, :user => current_user)
	31	+ @project.users_projects.create!(:project_access => UsersProject::MASTER, :user => current_user)
32	32
33	33	# when project saved no team member exist so
34	34	# project repository should be updated after first user add
...	...
1	1	require "grit"
2	2
3	3	class Project < ActiveRecord::Base
4		- PROJECT_N = 0
5		- PROJECT_R = 1
6		- PROJECT_RW = 2
7		- PROJECT_RWA = 3
8		-
9	4	belongs_to :owner, :class_name => "User"
10	5
11	6	has_many :merge_requests, :dependent => :destroy
...	...	@@ -61,12 +56,7 @@ class Project < ActiveRecord::Base
61	56	end
62	57
63	58	def self.access_options
64		- {
65		- "Denied" => PROJECT_N,
66		- "Read" => PROJECT_R,
67		- "Report" => PROJECT_RW,
68		- "Admin" => PROJECT_RWA
69		- }
	59	+ UsersProject.access_roles
70	60	end
71	61
72	62	def repository
...	...	@@ -193,11 +183,11 @@ class Project < ActiveRecord::Base
193	183	# Should be rewrited for new access rights
194	184	def add_access(user, *access)
195	185	access = if access.include?(:admin)
196		- { :project_access => PROJECT_RWA }
	186	+ { :project_access => UsersProject::MASTER }
197	187	elsif access.include?(:write)
198		- { :project_access => PROJECT_RW }
	188	+ { :project_access => UsersProject::DEVELOPER }
199	189	else
200		- { :project_access => PROJECT_R }
	190	+ { :project_access => UsersProject::GUEST }
201	191	end
202	192	opts = { :user => user }
203	193	opts.merge!(access)
...	...	@@ -210,48 +200,48 @@ class Project < ActiveRecord::Base
210	200
211	201	def repository_readers
212	202	keys = Key.joins({:user => :users_projects}).
213		- where("users_projects.project_id = ? AND users_projects.repo_access = ?", id, Repository::REPO_R)
	203	+ where("users_projects.project_id = ? AND users_projects.project_access = ?", id, UsersProject::REPORTER)
214	204	keys.map(&:identifier) + deploy_keys.map(&:identifier)
215	205	end
216	206
217	207	def repository_writers
218	208	keys = Key.joins({:user => :users_projects}).
219		- where("users_projects.project_id = ? AND users_projects.repo_access = ?", id, Repository::REPO_RW)
	209	+ where("users_projects.project_id = ? AND users_projects.project_access = ?", id, UsersProject::DEVELOPER)
220	210	keys.map(&:identifier)
221	211	end
222	212
223	213	def repository_masters
224	214	keys = Key.joins({:user => :users_projects}).
225		- where("users_projects.project_id = ? AND users_projects.repo_access = ?", id, Repository::REPO_MASTER)
	215	+ where("users_projects.project_id = ? AND users_projects.project_access = ?", id, UsersProject::MASTER)
226	216	keys.map(&:identifier)
227	217	end
228	218
229	219	def readers
230		- @readers \|\|= users_projects.includes(:user).where(:project_access => [PROJECT_R, PROJECT_RW, PROJECT_RWA]).map(&:user)
	220	+ @readers \|\|= users_projects.includes(:user).map(&:user)
231	221	end
232	222
233	223	def writers
234		- @writers \|\|= users_projects.includes(:user).where(:project_access => [PROJECT_RW, PROJECT_RWA]).map(&:user)
	224	+ @writers \|\|= users_projects.includes(:user).map(&:user)
235	225	end
236	226
237	227	def admins
238		- @admins \|\|= users_projects.includes(:user).where(:project_access => PROJECT_RWA).map(&:user)
	228	+ @admins \|\|= users_projects.includes(:user).where(:project_access => UsersProject::MASTER).map(&:user)
239	229	end
240	230
241	231	def allow_read_for?(user)
242		- !users_projects.where(:user_id => user.id, :project_access => [PROJECT_R, PROJECT_RW, PROJECT_RWA]).empty?
	232	+ !users_projects.where(:user_id => user.id).empty?
243	233	end
244	234
245	235	def allow_write_for?(user)
246		- !users_projects.where(:user_id => user.id, :project_access => [PROJECT_RW, PROJECT_RWA]).empty?
	236	+ !users_projects.where(:user_id => user.id).empty?
247	237	end
248	238
249	239	def allow_admin_for?(user)
250		- !users_projects.where(:user_id => user.id, :project_access => [PROJECT_RWA]).empty? \|\| owner_id == user.id
	240	+ !users_projects.where(:user_id => user.id, :project_access => [UsersProject::MASTER]).empty? \|\| owner_id == user.id
251	241	end
252	242
253	243	def allow_pull_for?(user)
254		- !users_projects.where(:user_id => user.id, :repo_access => [Repository::REPO_R, Repository::REPO_RW, Repository::REPO_MASTER]).empty?
	244	+ !users_projects.where(:user_id => user.id, :project_access => [UsersProject::REPORTER, UsersProject::DEVELOPER, UsersProject::MASTER]).empty?
255	245	end
256	246
257	247	def root_ref
...	...
1	1	require File.join(Rails.root, "lib", "gitlabhq", "git_host")
2	2
3	3	class Repository
4		- REPO_N = 0
5		- REPO_R = 1
6		- REPO_RW = 2
7		- REPO_MASTER = 3
8		-
9	4	attr_accessor :project
10	5
11	6	def self.default_ref
...	...	@@ -13,12 +8,7 @@ class Repository
13	8	end
14	9
15	10	def self.access_options
16		- {
17		- "Denied" => REPO_N,
18		- "Pull" => REPO_R,
19		- "Pull & Push" => REPO_RW,
20		- "Master" => REPO_MASTER
21		- }
	11	+ {}
22	12	end
23	13
24	14	def initialize(project)
...	...
1	1	class UsersProject < ActiveRecord::Base
2		- REPORTER = 21
3		- DEVELOPER = 22
4		- MASTER = 33
	2	+ GUEST = 10
	3	+ REPORTER = 20
	4	+ DEVELOPER = 30
	5	+ MASTER = 40
5	6
6	7	belongs_to :user
7	8	belongs_to :project
...	...	@@ -21,7 +22,6 @@ class UsersProject < ActiveRecord::Base
21	22	UsersProject.transaction do
22	23	user_ids.each do \|user_id\|
23	24	users_project = UsersProject.new(
24		- :repo_access => repo_access,
25	25	:project_access => project_access,
26	26	:user_id => user_id
27	27	)
...	...	@@ -35,7 +35,6 @@ class UsersProject < ActiveRecord::Base
35	35	UsersProject.transaction do
36	36	project_ids.each do \|project_id\|
37	37	users_project = UsersProject.new(
38		- :repo_access => repo_access,
39	38	:project_access => project_access,
40	39	)
41	40	users_project.project_id = project_id
...	...	@@ -47,6 +46,7 @@ class UsersProject < ActiveRecord::Base
47	46
48	47	def self.access_roles
49	48	{
	49	+ "Guest" => GUEST,
50	50	"Reporter" => REPORTER,
51	51	"Developer" => DEVELOPER,
52	52	"Master" => MASTER
...	...	@@ -54,7 +54,7 @@ class UsersProject < ActiveRecord::Base
54	54	end
55	55
56	56	def role_access
57		- "#{project_access}#{repo_access}"
	57	+ project_access
58	58	end
59	59
60	60	def update_repository
...	...	@@ -68,7 +68,7 @@ class UsersProject < ActiveRecord::Base
68	68	end
69	69
70	70	def repo_access_human
71		- Repository.access_options.key(self.repo_access)
	71	+ ""
72	72	end
73	73	end
74	74	# == Schema Information
...	...
...	...	@@ -53,7 +53,6 @@
53	53	%td
54	54	= link_to tm.user_name, admin_users_path(tm.user)
55	55	%td= select_tag :tm_project_access, options_for_select(Project.access_options, tm.project_access), :class => "medium project-access-select", :disabled => :disabled
56		- %td= select_tag :tm_repo_access, options_for_select(Repository.access_options, tm.repo_access), :class => "medium repo-access-select", :disabled => :disabled
57	56	%td= link_to 'Edit Access', edit_admin_team_member_path(tm), :class => "btn small"
58	57	%td= link_to 'Remove from team', admin_team_member_path(tm), :confirm => 'Are you sure?', :method => :delete, :class => "btn danger small"
59	58
...	...	@@ -68,7 +67,6 @@
68	67	%tr
69	68	%td= select_tag :user_ids, options_from_collection_for_select(@users , :id, :name), :multiple => true
70	69	%td= select_tag :project_access, options_for_select(Project.access_options), :class => "project-access-select"
71		- %td= select_tag :repo_access, options_for_select(Repository.access_options), :class => "repo-access-select"
72	70
73	71	.actions
74	72	= submit_tag 'Add', :class => "btn primary"
...	...
...	...	@@ -10,10 +10,6 @@
10	10	.input
11	11	= f.select :project_access, options_for_select(Project.access_options, @admin_team_member.project_access), {}, :class => "project-access-select"
12	12
13		- .clearfix
14		- %label Repository Access:
15		- .input
16		- = f.select :repo_access, options_for_select(Repository.access_options, @admin_team_member.repo_access), {}, :class => "repo-access-select"
17	13	%br
18	14	.actions
19	15	= f.submit 'Save', :class => "btn primary"
...	...
...	...	@@ -61,7 +61,6 @@
61	61	%tr
62	62	%td= link_to project.name, admin_project_path(project)
63	63	%td= select_tag :tm_project_access, options_for_select(Project.access_options, tm.project_access), :class => "medium project-access-select", :disabled => :disabled
64		- %td= select_tag :tm_repo_access, options_for_select(Repository.access_options, tm.repo_access), :class => "medium repo-access-select", :disabled => :disabled
65	64	%td= link_to 'Edit Access', edit_admin_team_member_path(tm), :class => "btn small"
66	65	%td= link_to 'Remove from team', admin_team_member_path(tm), :confirm => 'Are you sure?', :method => :delete, :class => "btn small danger"
67	66
...	...	@@ -76,7 +75,6 @@
76	75	%tr
77	76	%td= select_tag :project_ids, options_from_collection_for_select(@projects , :id, :name), :multiple => true
78	77	%td= select_tag :project_access, options_for_select(Project.access_options), :class => "project-access-select"
79		- %td= select_tag :repo_access, options_for_select(Repository.access_options), :class => "repo-access-select"
80	78
81	79	.actions
82	80	= submit_tag 'Add', :class => "btn primary"
...	...
...	...	@@ -3,6 +3,12 @@
3	3
4	4	%h4 Reporter
5	5	%ul
	6	+ %li Create new issue
	7	+ %li Create new merge request
	8	+ %li Write on project wall
	9	+
	10	+%h4 Reporter
	11	+%ul
6	12	%li Pull project code
7	13	%li Create new issue
8	14	%li Create new merge request
...	...
...	...	@@ -14,18 +14,9 @@
14	14
15	15	.clearfix
16	16	= f.label :project_access, "Project Access"
17		- .input= f.select :_project_access, options_for_select(UsersProject.access_roles, @team_member.role_access), {}, :class => "project-access-select"
18		-
	17	+ .input= f.select :project_access, options_for_select(Project.access_options, @team_member.project_access), {}, :class => "project-access-select"
19	18
20	19
21		- -#.clearfix
22		- -#= f.label :project_access, "Project Access"
23		- -#.input= f.select :project_access, options_for_select(Project.access_options, @team_member.project_access), {}, :class => "project-access-select"
24		-
25		- -#.clearfix
26		- -#= f.label :repo_access, "Repository Access"
27		- -#.input= f.select :repo_access, options_for_select(Repository.access_options, @team_member.repo_access), {}, :class => "repo-access-select"
28		-
29	20	.actions
30	21	= f.submit 'Save', :class => "btn primary"
31	22	= link_to "Cancel", team_project_path(@project), :class => "btn"
...	...	@@ -37,6 +28,6 @@
37	28
38	29	:javascript
39	30	$('select#team_member_user_id').chosen();
40		- $('select#team_member__project_access').chosen();
	31	+ $('select#team_member_project_access').chosen();
41	32	//$('select#team_member_repo_access').chosen();
42	33	//$('select#team_member_project_access').chosen();
...	...
...	...	@@ -11,9 +11,6 @@
11	11
12	12	.span3
13	13	= form_for(member, :as => :team_member, :url => project_team_member_path(@project, member)) do \|f\|
14		- = f.select :_project_access, options_for_select(UsersProject.access_roles, member.role_access), {}, :class => "medium project-access-select", :disabled => !allow_admin
15		- -#.span3
16		- -#= form_for(member, :as => :team_member, :url => project_team_member_path(@project, member)) do \|f\|
17		- -#= f.select :repo_access, options_for_select(Repository.access_options, member.repo_access), {}, :class => "medium repo-access-select", :disabled => !allow_admin
	14	+ = f.select :project_access, options_for_select(UsersProject.access_roles, member.project_access), {}, :class => "medium project-access-select", :disabled => !allow_admin
18	15	- if @project.owner == user
19	16	%span.label Project Owner
...	...