Commit 49d58492f210faa11bbd4125ffd6b241356da827
1 parent
bdc42488
Exists in
master
and in
4 other branches
Wiki abilities
Showing
3 changed files
with
41 additions
and
17 deletions
Show diff stats
app/controllers/wikis_controller.rb
| 1 | class WikisController < ApplicationController | 1 | class WikisController < ApplicationController |
| 2 | before_filter :project | 2 | before_filter :project |
| 3 | before_filter :add_project_abilities | 3 | before_filter :add_project_abilities |
| 4 | + before_filter :authorize_read_wiki! | ||
| 5 | + before_filter :authorize_write_wiki!, :except => [:show, :destroy] | ||
| 6 | + before_filter :authorize_admin_wiki!, :only => :destroy | ||
| 4 | layout "project" | 7 | layout "project" |
| 5 | 8 | ||
| 6 | def show | 9 | def show |
| @@ -48,4 +51,18 @@ class WikisController < ApplicationController | @@ -48,4 +51,18 @@ class WikisController < ApplicationController | ||
| 48 | format.html { redirect_to project_wiki_path(@project, :index), notice: "Page was successfully deleted" } | 51 | format.html { redirect_to project_wiki_path(@project, :index), notice: "Page was successfully deleted" } |
| 49 | end | 52 | end |
| 50 | end | 53 | end |
| 54 | + | ||
| 55 | + protected | ||
| 56 | + | ||
| 57 | + def authorize_read_wiki! | ||
| 58 | + can?(current_user, :read_wiki, @project) | ||
| 59 | + end | ||
| 60 | + | ||
| 61 | + def authorize_write_wiki! | ||
| 62 | + can?(current_user, :write_wiki, @project) | ||
| 63 | + end | ||
| 64 | + | ||
| 65 | + def authorize_admin_wiki! | ||
| 66 | + can?(current_user, :admin_wiki, @project) | ||
| 67 | + end | ||
| 51 | end | 68 | end |
app/models/ability.rb
| @@ -15,21 +15,26 @@ class Ability | @@ -15,21 +15,26 @@ class Ability | ||
| 15 | 15 | ||
| 16 | rules << [ | 16 | rules << [ |
| 17 | :read_project, | 17 | :read_project, |
| 18 | + :read_wiki, | ||
| 18 | :read_issue, | 19 | :read_issue, |
| 19 | :read_snippet, | 20 | :read_snippet, |
| 20 | :read_team_member, | 21 | :read_team_member, |
| 21 | :read_merge_request, | 22 | :read_merge_request, |
| 22 | - :read_note | ||
| 23 | - ] if project.allow_read_for?(user) | ||
| 24 | - | ||
| 25 | - rules << [ | 23 | + :read_note, |
| 26 | :write_project, | 24 | :write_project, |
| 27 | :write_issue, | 25 | :write_issue, |
| 28 | :write_snippet, | 26 | :write_snippet, |
| 29 | :write_merge_request, | 27 | :write_merge_request, |
| 30 | - :write_note, | 28 | + :write_note |
| 29 | + ] if project.guest_access_for?(user) | ||
| 30 | + | ||
| 31 | + rules << [ | ||
| 32 | + :download_code, | ||
| 33 | + ] if project.report_access_for?(user) | ||
| 34 | + | ||
| 35 | + rules << [ | ||
| 31 | :write_wiki | 36 | :write_wiki |
| 32 | - ] if project.allow_write_for?(user) | 37 | + ] if project.dev_access_for?(user) |
| 33 | 38 | ||
| 34 | rules << [ | 39 | rules << [ |
| 35 | :modify_issue, | 40 | :modify_issue, |
| @@ -40,18 +45,16 @@ class Ability | @@ -40,18 +45,16 @@ class Ability | ||
| 40 | :admin_snippet, | 45 | :admin_snippet, |
| 41 | :admin_team_member, | 46 | :admin_team_member, |
| 42 | :admin_merge_request, | 47 | :admin_merge_request, |
| 43 | - :admin_note | ||
| 44 | - ] if project.allow_admin_for?(user) | 48 | + :admin_note, |
| 49 | + :admin_wiki | ||
| 50 | + ] if project.master_access_for?(user) | ||
| 45 | 51 | ||
| 46 | - rules << [ | ||
| 47 | - :download_code, | ||
| 48 | - ] if project.allow_pull_for?(user) | ||
| 49 | 52 | ||
| 50 | rules.flatten | 53 | rules.flatten |
| 51 | end | 54 | end |
| 52 | 55 | ||
| 53 | class << self | 56 | class << self |
| 54 | - [:issue, :note, :snippet, :merge_request, :wiki].each do |name| | 57 | + [:issue, :note, :snippet, :merge_request].each do |name| |
| 55 | define_method "#{name}_abilities" do |user, subject| | 58 | define_method "#{name}_abilities" do |user, subject| |
| 56 | if subject.author == user | 59 | if subject.author == user |
| 57 | [ | 60 | [ |
app/models/project.rb
| @@ -233,16 +233,20 @@ class Project < ActiveRecord::Base | @@ -233,16 +233,20 @@ class Project < ActiveRecord::Base | ||
| 233 | !users_projects.where(:user_id => user.id).empty? | 233 | !users_projects.where(:user_id => user.id).empty? |
| 234 | end | 234 | end |
| 235 | 235 | ||
| 236 | - def allow_write_for?(user) | 236 | + def guest_access_for?(user) |
| 237 | !users_projects.where(:user_id => user.id).empty? | 237 | !users_projects.where(:user_id => user.id).empty? |
| 238 | end | 238 | end |
| 239 | 239 | ||
| 240 | - def allow_admin_for?(user) | ||
| 241 | - !users_projects.where(:user_id => user.id, :project_access => [UsersProject::MASTER]).empty? || owner_id == user.id | 240 | + def report_access_for?(user) |
| 241 | + !users_projects.where(:user_id => user.id, :project_access => [UsersProject::REPORTER, UsersProject::DEVELOPER, UsersProject::MASTER]).empty? | ||
| 242 | end | 242 | end |
| 243 | 243 | ||
| 244 | - def allow_pull_for?(user) | ||
| 245 | - !users_projects.where(:user_id => user.id, :project_access => [UsersProject::REPORTER, UsersProject::DEVELOPER, UsersProject::MASTER]).empty? | 244 | + def dev_access_for?(user) |
| 245 | + !users_projects.where(:user_id => user.id, :project_access => [UsersProject::DEVELOPER, UsersProject::MASTER]).empty? | ||
| 246 | + end | ||
| 247 | + | ||
| 248 | + def master_access_for?(user) | ||
| 249 | + !users_projects.where(:user_id => user.id, :project_access => [UsersProject::MASTER]).empty? || owner_id == user.id | ||
| 246 | end | 250 | end |
| 247 | 251 | ||
| 248 | def root_ref | 252 | def root_ref |