Wiki abilities

Dmitriy Zaporozhets
1 parent bdc42488
Showing 3 changed files with 41 additions and 17 deletions Show diff stats
app/controllers/wikis_controller.rb
app/models/ability.rb
app/models/project.rb
 class WikisController < ApplicationController
   before_filter :project
   before_filter :add_project_abilities
+  before_filter :authorize_read_wiki!
+  before_filter :authorize_write_wiki!, :except => [:show, :destroy]
+  before_filter :authorize_admin_wiki!, :only => :destroy
   layout "project"
  
   def show
@@ -48,4 +51,18 @@ class WikisController &lt; ApplicationController
       format.html { redirect_to project_wiki_path(@project, :index), notice: "Page was successfully deleted" }
     end
   end
+
+  protected 
+
+  def authorize_read_wiki!
+    can?(current_user, :read_wiki, @project)
+  end
+
+  def authorize_write_wiki!
+    can?(current_user, :write_wiki, @project)
+  end
+
+  def authorize_admin_wiki!
+    can?(current_user, :admin_wiki, @project)
+  end
 end
@@ -15,21 +15,26 @@ class Ability
  
     rules << [
       :read_project,
+      :read_wiki,
       :read_issue,
       :read_snippet,
       :read_team_member,
       :read_merge_request,
-      :read_note
-    ] if project.allow_read_for?(user)
-
-    rules << [
+      :read_note,
       :write_project,
       :write_issue,
       :write_snippet,
       :write_merge_request,
-      :write_note,
+      :write_note
+    ] if project.guest_access_for?(user)
+
+    rules << [
+      :download_code,
+    ] if project.report_access_for?(user)
+
+    rules << [
       :write_wiki
-    ] if project.allow_write_for?(user)
+    ] if project.dev_access_for?(user)
  
     rules << [
       :modify_issue,
@@ -40,18 +45,16 @@ class Ability
       :admin_snippet,
       :admin_team_member,
       :admin_merge_request,
-      :admin_note
-    ] if project.allow_admin_for?(user)
+      :admin_note,
+      :admin_wiki
+    ] if project.master_access_for?(user)
  
-    rules << [
-      :download_code,
-    ] if project.allow_pull_for?(user)
  
     rules.flatten
   end
  
   class << self
-    [:issue, :note, :snippet, :merge_request, :wiki].each do |name|
+    [:issue, :note, :snippet, :merge_request].each do |name|
       define_method "#{name}_abilities" do |user, subject|
         if subject.author == user
           [
@@ -233,16 +233,20 @@ class Project &lt; ActiveRecord::Base
     !users_projects.where(:user_id => user.id).empty?
   end
  
-  def allow_write_for?(user)
+  def guest_access_for?(user)
     !users_projects.where(:user_id => user.id).empty?
   end
  
-  def allow_admin_for?(user)
-    !users_projects.where(:user_id => user.id, :project_access => [UsersProject::MASTER]).empty? || owner_id == user.id
+  def report_access_for?(user)
+    !users_projects.where(:user_id => user.id, :project_access => [UsersProject::REPORTER, UsersProject::DEVELOPER, UsersProject::MASTER]).empty?
   end
  
-  def allow_pull_for?(user)
-    !users_projects.where(:user_id => user.id, :project_access => [UsersProject::REPORTER, UsersProject::DEVELOPER, UsersProject::MASTER]).empty?
+  def dev_access_for?(user)
+    !users_projects.where(:user_id => user.id, :project_access => [UsersProject::DEVELOPER, UsersProject::MASTER]).empty?
+  end
+
+  def master_access_for?(user)
+    !users_projects.where(:user_id => user.id, :project_access => [UsersProject::MASTER]).empty? || owner_id == user.id
   end
  
   def root_ref
1	1	class WikisController < ApplicationController
2	2	before_filter :project
3	3	before_filter :add_project_abilities
	4	+ before_filter :authorize_read_wiki!
	5	+ before_filter :authorize_write_wiki!, :except => [:show, :destroy]
	6	+ before_filter :authorize_admin_wiki!, :only => :destroy
4	7	layout "project"
5	8
6	9	def show
...	...	@@ -48,4 +51,18 @@ class WikisController < ApplicationController
48	51	format.html { redirect_to project_wiki_path(@project, :index), notice: "Page was successfully deleted" }
49	52	end
50	53	end
	54	+
	55	+ protected
	56	+
	57	+ def authorize_read_wiki!
	58	+ can?(current_user, :read_wiki, @project)
	59	+ end
	60	+
	61	+ def authorize_write_wiki!
	62	+ can?(current_user, :write_wiki, @project)
	63	+ end
	64	+
	65	+ def authorize_admin_wiki!
	66	+ can?(current_user, :admin_wiki, @project)
	67	+ end
51	68	end
...	...
...	...	@@ -15,21 +15,26 @@ class Ability
15	15
16	16	rules << [
17	17	:read_project,
	18	+ :read_wiki,
18	19	:read_issue,
19	20	:read_snippet,
20	21	:read_team_member,
21	22	:read_merge_request,
22		- :read_note
23		- ] if project.allow_read_for?(user)
24		-
25		- rules << [
	23	+ :read_note,
26	24	:write_project,
27	25	:write_issue,
28	26	:write_snippet,
29	27	:write_merge_request,
30		- :write_note,
	28	+ :write_note
	29	+ ] if project.guest_access_for?(user)
	30	+
	31	+ rules << [
	32	+ :download_code,
	33	+ ] if project.report_access_for?(user)
	34	+
	35	+ rules << [
31	36	:write_wiki
32		- ] if project.allow_write_for?(user)
	37	+ ] if project.dev_access_for?(user)
33	38
34	39	rules << [
35	40	:modify_issue,
...	...	@@ -40,18 +45,16 @@ class Ability
40	45	:admin_snippet,
41	46	:admin_team_member,
42	47	:admin_merge_request,
43		- :admin_note
44		- ] if project.allow_admin_for?(user)
	48	+ :admin_note,
	49	+ :admin_wiki
	50	+ ] if project.master_access_for?(user)
45	51
46		- rules << [
47		- :download_code,
48		- ] if project.allow_pull_for?(user)
49	52
50	53	rules.flatten
51	54	end
52	55
53	56	class << self
54		- [:issue, :note, :snippet, :merge_request, :wiki].each do \|name\|
	57	+ [:issue, :note, :snippet, :merge_request].each do \|name\|
55	58	define_method "#{name}_abilities" do \|user, subject\|
56	59	if subject.author == user
57	60	[
...	...
...	...	@@ -233,16 +233,20 @@ class Project < ActiveRecord::Base
233	233	!users_projects.where(:user_id => user.id).empty?
234	234	end
235	235
236		- def allow_write_for?(user)
	236	+ def guest_access_for?(user)
237	237	!users_projects.where(:user_id => user.id).empty?
238	238	end
239	239
240		- def allow_admin_for?(user)
241		- !users_projects.where(:user_id => user.id, :project_access => [UsersProject::MASTER]).empty? \|\| owner_id == user.id
	240	+ def report_access_for?(user)
	241	+ !users_projects.where(:user_id => user.id, :project_access => [UsersProject::REPORTER, UsersProject::DEVELOPER, UsersProject::MASTER]).empty?
242	242	end
243	243
244		- def allow_pull_for?(user)
245		- !users_projects.where(:user_id => user.id, :project_access => [UsersProject::REPORTER, UsersProject::DEVELOPER, UsersProject::MASTER]).empty?
	244	+ def dev_access_for?(user)
	245	+ !users_projects.where(:user_id => user.id, :project_access => [UsersProject::DEVELOPER, UsersProject::MASTER]).empty?
	246	+ end
	247	+
	248	+ def master_access_for?(user)
	249	+ !users_projects.where(:user_id => user.id, :project_access => [UsersProject::MASTER]).empty? \|\| owner_id == user.id
246	250	end
247	251
248	252	def root_ref
...	...