Modify permissions for project and group

* Hooks and team pages allowed only for masters/owners * Group page allowed for admin * Corrent authentication for Projects controller * Hide some project elements from visitor

Modify permissions for project and group
* Hooks and team pages allowed only for masters/owners * Group page allowed for admin * Corrent authentication for Projects controller * Hide some project elements from visitor
Dmitriy Zaporozhets
1 parent 087d7e55
Showing 7 changed files with 44 additions and 43 deletions Show diff stats
app/controllers/projects/hooks_controller.rb
app/controllers/projects/snippets_controller.rb
app/controllers/projects/team_members_controller.rb
app/controllers/projects_controller.rb
app/models/ability.rb
app/models/group.rb
app/views/projects/_clone_panel.html.haml
 class Projects::HooksController < Projects::ApplicationController
   # Authorize
-  before_filter :authorize_read_project!
-  before_filter :authorize_admin_project!, only: [:new, :create, :destroy]
+  before_filter :authorize_admin_project!
  
   respond_to :html
  
@@ -14,8 +14,6 @@ class Projects::SnippetsController &lt; Projects::ApplicationController
   # Allow destroy snippet
   before_filter :authorize_admin_project_snippet!, only: [:destroy]
  
-  layout 'projects'
-
   respond_to :html
  
   def index
 class Projects::TeamMembersController < Projects::ApplicationController
   # Authorize
-  before_filter :authorize_read_project!
-  before_filter :authorize_admin_project!, except: [:index, :show]
+  before_filter :authorize_admin_project!
  
   layout "project_settings"
  
-class ProjectsController < Projects::ApplicationController
+class ProjectsController < ApplicationController
   skip_before_filter :authenticate_user!, only: [:show]
-  skip_before_filter :project, only: [:new, :create]
-  skip_before_filter :repository, only: [:new, :create]
+  before_filter :project, except: [:new, :create]
+  before_filter :repository, except: [:new, :create]
  
   # Authorize
   before_filter :authorize_read_project!, except: [:index, :new, :create]
@@ -154,7 +154,7 @@ class Ability
     def group_abilities user, group
       rules = []
  
-      if group.users.include?(user)
+      if group.users.include?(user) || user.admin?
         rules << :read_group
       end
  
@@ -32,6 +32,10 @@ class Group &lt; Namespace
     end
   end
  
+  def add_user(user, group_access)
+    self.users_groups.create(user_id: user.id, group_access: group_access)
+  end
+
   def change_owner(user)
     self.owner = user
     membership = users_groups.where(user_id: user.id).first
@@ -19,37 +19,38 @@
               %i.icon-download-alt
               %span.only-wide Download
  
-        .dropdown.pull-right
-          %a.dropdown-toggle.btn{href: '#', "data-toggle" => "dropdown"}
-            %i.icon-plus-sign-alt
-            %span.only-wide New
-            %b.caret
-          %ul.dropdown-menu
-            - if @project.issues_enabled && can?(current_user, :write_issue, @project)
-              %li
-                = link_to url_for_new_issue, title: "New Issue" do
-                  Issue
-            - if @project.merge_requests_enabled && can?(current_user, :write_merge_request, @project)
-              %li
-                = link_to new_project_merge_request_path(@project), title: "New Merge Request" do
-                  Merge Request
-            - if @project.snippets_enabled && can?(current_user, :write_snippet, @project)
-              %li
-                = link_to new_project_snippet_path(@project), title: "New Snippet" do
-                  Snippet
-            - if can? current_user, :push_code, @project
-              %li.divider
-              %li
-                = link_to new_project_branch_path(@project) do
-                  %i.icon-code-fork
-                  Git branch
-              %li
-                = link_to new_project_tag_path(@project) do
-                  %i.icon-tag
-                  Git tag
+        - if current_user
+          .dropdown.pull-right
+            %a.dropdown-toggle.btn{href: '#', "data-toggle" => "dropdown"}
+              %i.icon-plus-sign-alt
+              %span.only-wide New
+              %b.caret
+            %ul.dropdown-menu
+              - if @project.issues_enabled && can?(current_user, :write_issue, @project)
+                %li
+                  = link_to url_for_new_issue, title: "New Issue" do
+                    Issue
+              - if @project.merge_requests_enabled && can?(current_user, :write_merge_request, @project)
+                %li
+                  = link_to new_project_merge_request_path(@project), title: "New Merge Request" do
+                    Merge Request
+              - if @project.snippets_enabled && can?(current_user, :write_snippet, @project)
+                %li
+                  = link_to new_project_snippet_path(@project), title: "New Snippet" do
+                    Snippet
+              - if can? current_user, :push_code, @project
+                %li.divider
+                %li
+                  = link_to new_project_branch_path(@project) do
+                    %i.icon-code-fork
+                    Git branch
+                %li
+                  = link_to new_project_tag_path(@project) do
+                    %i.icon-tag
+                    Git tag
  
-            - if can?(current_user, :admin_team_member, @project)
-              %li.divider
-              %li
-                = link_to new_project_team_member_path(@project), title: "New project member" do
-                  Project member
+              - if can?(current_user, :admin_team_member, @project)
+                %li.divider
+                %li
+                  = link_to new_project_team_member_path(@project), title: "New project member" do
+                    Project member
1	1	class Projects::HooksController < Projects::ApplicationController
2	2	# Authorize
3		- before_filter :authorize_read_project!
4		- before_filter :authorize_admin_project!, only: [:new, :create, :destroy]
	3	+ before_filter :authorize_admin_project!
5	4
6	5	respond_to :html
7	6
...	...
...	...	@@ -14,8 +14,6 @@ class Projects::SnippetsController < Projects::ApplicationController
14	14	# Allow destroy snippet
15	15	before_filter :authorize_admin_project_snippet!, only: [:destroy]
16	16
17		- layout 'projects'
18		-
19	17	respond_to :html
20	18
21	19	def index
...	...
1	1	class Projects::TeamMembersController < Projects::ApplicationController
2	2	# Authorize
3		- before_filter :authorize_read_project!
4		- before_filter :authorize_admin_project!, except: [:index, :show]
	3	+ before_filter :authorize_admin_project!
5	4
6	5	layout "project_settings"
7	6
...	...
1		-class ProjectsController < Projects::ApplicationController
	1	+class ProjectsController < ApplicationController
2	2	skip_before_filter :authenticate_user!, only: [:show]
3		- skip_before_filter :project, only: [:new, :create]
4		- skip_before_filter :repository, only: [:new, :create]
	3	+ before_filter :project, except: [:new, :create]
	4	+ before_filter :repository, except: [:new, :create]
5	5
6	6	# Authorize
7	7	before_filter :authorize_read_project!, except: [:index, :new, :create]
...	...
...	...	@@ -154,7 +154,7 @@ class Ability
154	154	def group_abilities user, group
155	155	rules = []
156	156
157		- if group.users.include?(user)
	157	+ if group.users.include?(user) \|\| user.admin?
158	158	rules << :read_group
159	159	end
160	160
...	...
...	...	@@ -32,6 +32,10 @@ class Group < Namespace
32	32	end
33	33	end
34	34
	35	+ def add_user(user, group_access)
	36	+ self.users_groups.create(user_id: user.id, group_access: group_access)
	37	+ end
	38	+
35	39	def change_owner(user)
36	40	self.owner = user
37	41	membership = users_groups.where(user_id: user.id).first
...	...
...	...	@@ -19,37 +19,38 @@
19	19	%i.icon-download-alt
20	20	%span.only-wide Download
21	21
22		- .dropdown.pull-right
23		- %a.dropdown-toggle.btn{href: '#', "data-toggle" => "dropdown"}
24		- %i.icon-plus-sign-alt
25		- %span.only-wide New
26		- %b.caret
27		- %ul.dropdown-menu
28		- - if @project.issues_enabled && can?(current_user, :write_issue, @project)
29		- %li
30		- = link_to url_for_new_issue, title: "New Issue" do
31		- Issue
32		- - if @project.merge_requests_enabled && can?(current_user, :write_merge_request, @project)
33		- %li
34		- = link_to new_project_merge_request_path(@project), title: "New Merge Request" do
35		- Merge Request
36		- - if @project.snippets_enabled && can?(current_user, :write_snippet, @project)
37		- %li
38		- = link_to new_project_snippet_path(@project), title: "New Snippet" do
39		- Snippet
40		- - if can? current_user, :push_code, @project
41		- %li.divider
42		- %li
43		- = link_to new_project_branch_path(@project) do
44		- %i.icon-code-fork
45		- Git branch
46		- %li
47		- = link_to new_project_tag_path(@project) do
48		- %i.icon-tag
49		- Git tag
	22	+ - if current_user
	23	+ .dropdown.pull-right
	24	+ %a.dropdown-toggle.btn{href: '#', "data-toggle" => "dropdown"}
	25	+ %i.icon-plus-sign-alt
	26	+ %span.only-wide New
	27	+ %b.caret
	28	+ %ul.dropdown-menu
	29	+ - if @project.issues_enabled && can?(current_user, :write_issue, @project)
	30	+ %li
	31	+ = link_to url_for_new_issue, title: "New Issue" do
	32	+ Issue
	33	+ - if @project.merge_requests_enabled && can?(current_user, :write_merge_request, @project)
	34	+ %li
	35	+ = link_to new_project_merge_request_path(@project), title: "New Merge Request" do
	36	+ Merge Request
	37	+ - if @project.snippets_enabled && can?(current_user, :write_snippet, @project)
	38	+ %li
	39	+ = link_to new_project_snippet_path(@project), title: "New Snippet" do
	40	+ Snippet
	41	+ - if can? current_user, :push_code, @project
	42	+ %li.divider
	43	+ %li
	44	+ = link_to new_project_branch_path(@project) do
	45	+ %i.icon-code-fork
	46	+ Git branch
	47	+ %li
	48	+ = link_to new_project_tag_path(@project) do
	49	+ %i.icon-tag
	50	+ Git tag
50	51
51		- - if can?(current_user, :admin_team_member, @project)
52		- %li.divider
53		- %li
54		- = link_to new_project_team_member_path(@project), title: "New project member" do
55		- Project member
	52	+ - if can?(current_user, :admin_team_member, @project)
	53	+ %li.divider
	54	+ %li
	55	+ = link_to new_project_team_member_path(@project), title: "New project member" do
	56	+ Project member
...	...