Only owner of current namespace can change project namespace

Dmitriy Zaporozhets
1 parent f6bfa095
Showing 3 changed files with 15 additions and 9 deletions Show diff stats
app/contexts/project_update_context.rb
app/models/ability.rb
app/views/projects/_form.html.haml
@@ -2,7 +2,7 @@ class ProjectUpdateContext &lt; BaseContext
   def execute(role = :default)
     namespace_id = params[:project].delete(:namespace_id)
  
-    if namespace_id.present?
+    if can?(current_user, :change_namespace, project) && namespace_id.present?
       if namespace_id == Namespace.global_id
         if project.namespace.present?
           # Transfer to global namespace from anyone
@@ -17,9 +17,7 @@ class Ability
  
       # Rules based on role in project
       if project.master_access_for?(user)
-        # TODO: replace with master rules.
-        # Only allow project administration for namespace owners
-        rules << project_admin_rules
+        rules << project_master_rules
  
       elsif project.dev_access_for?(user)
         rules << project_dev_rules
@@ -93,13 +91,15 @@ class Ability
         :admin_merge_request,
         :admin_note,
         :accept_mr,
-        :admin_wiki
+        :admin_wiki,
+        :admin_project
       ]
     end
  
     def project_admin_rules
       project_master_rules + [
-        :admin_project
+        :change_namespace,
+        :rename_project
       ]
     end
  
@@ -21,9 +21,15 @@
       = f.label :namespace_id do
         %span Namespace
       .controls
-        = f.select :namespace_id, namespaces_options(@project.namespace_id), {prompt: 'Choose a project namespace'}, {class: 'chosen'}
-        &nbsp;
-        %span.cred Be careful. Changing project namespace can have unintended side effects
+        - if can? current_user, :change_namespace, @project
+          = f.select :namespace_id, namespaces_options(@project.namespace_id), {prompt: 'Choose a project namespace'}, {class: 'chosen'}
+          &nbsp;
+          %span.cred Be careful. Changing project namespace can have unintended side effects
+        - else
+          %a.btn.btn-small.disabled= @project.namespace.try(:human_name) || "/"
+          &nbsp;
+          %span.cred Only owner can change project namespace.
+
  
     - unless @project.heads.empty?
       .clearfix
...	...	@@ -2,7 +2,7 @@ class ProjectUpdateContext < BaseContext
2	2	def execute(role = :default)
3	3	namespace_id = params[:project].delete(:namespace_id)
4	4
5		- if namespace_id.present?
	5	+ if can?(current_user, :change_namespace, project) && namespace_id.present?
6	6	if namespace_id == Namespace.global_id
7	7	if project.namespace.present?
8	8	# Transfer to global namespace from anyone
...	...
...	...	@@ -17,9 +17,7 @@ class Ability
17	17
18	18	# Rules based on role in project
19	19	if project.master_access_for?(user)
20		- # TODO: replace with master rules.
21		- # Only allow project administration for namespace owners
22		- rules << project_admin_rules
	20	+ rules << project_master_rules
23	21
24	22	elsif project.dev_access_for?(user)
25	23	rules << project_dev_rules
...	...	@@ -93,13 +91,15 @@ class Ability
93	91	:admin_merge_request,
94	92	:admin_note,
95	93	:accept_mr,
96		- :admin_wiki
	94	+ :admin_wiki,
	95	+ :admin_project
97	96	]
98	97	end
99	98
100	99	def project_admin_rules
101	100	project_master_rules + [
102		- :admin_project
	101	+ :change_namespace,
	102	+ :rename_project
103	103	]
104	104	end
105	105
...	...
...	...	@@ -21,9 +21,15 @@
21	21	= f.label :namespace_id do
22	22	%span Namespace
23	23	.controls
24		- = f.select :namespace_id, namespaces_options(@project.namespace_id), {prompt: 'Choose a project namespace'}, {class: 'chosen'}
25		-
26		- %span.cred Be careful. Changing project namespace can have unintended side effects
	24	+ - if can? current_user, :change_namespace, @project
	25	+ = f.select :namespace_id, namespaces_options(@project.namespace_id), {prompt: 'Choose a project namespace'}, {class: 'chosen'}
	26	+
	27	+ %span.cred Be careful. Changing project namespace can have unintended side effects
	28	+ - else
	29	+ %a.btn.btn-small.disabled= @project.namespace.try(:human_name) \|\| "/"
	30	+
	31	+ %span.cred Only owner can change project namespace.
	32	+
27	33
28	34	- unless @project.heads.empty?
29	35	.clearfix
...	...