Modify permissions for project and group

* Hooks and team pages allowed only for masters/owners * Group page allowed for admin * Corrent authentication for Projects controller * Hide some project elements from visitor

Modify permissions for project and group
* Hooks and team pages allowed only for masters/owners * Group page allowed for admin * Corrent authentication for Projects controller * Hide some project elements from visitor
Dmitriy Zaporozhets
1 parent 087d7e55
Showing 7 changed files with 44 additions and 43 deletions Show diff stats
app/controllers/projects/hooks_controller.rb
app/controllers/projects/snippets_controller.rb
app/controllers/projects/team_members_controller.rb
app/controllers/projects_controller.rb
app/models/ability.rb
app/models/group.rb
app/views/projects/_clone_panel.html.haml
 class Projects::HooksController < Projects::ApplicationController
   # Authorize
-  before_filter :authorize_read_project!
-  before_filter :authorize_admin_project!, only: [:new, :create, :destroy]
+  before_filter :authorize_admin_project!
   respond_to :html
@@ -14,8 +14,6 @@ class Projects::SnippetsController &lt; Projects::ApplicationController
   # Allow destroy snippet
   before_filter :authorize_admin_project_snippet!, only: [:destroy]
-  layout 'projects'
-
   respond_to :html
   def index
 class Projects::TeamMembersController < Projects::ApplicationController
   # Authorize
-  before_filter :authorize_read_project!
-  before_filter :authorize_admin_project!, except: [:index, :show]
+  before_filter :authorize_admin_project!
   layout "project_settings"
-class ProjectsController < Projects::ApplicationController
+class ProjectsController < ApplicationController
   skip_before_filter :authenticate_user!, only: [:show]
-  skip_before_filter :project, only: [:new, :create]
-  skip_before_filter :repository, only: [:new, :create]
+  before_filter :project, except: [:new, :create]
+  before_filter :repository, except: [:new, :create]
   # Authorize
   before_filter :authorize_read_project!, except: [:index, :new, :create]
@@ -154,7 +154,7 @@ class Ability
     def group_abilities user, group
       rules = []
-      if group.users.include?(user)
+      if group.users.include?(user) || user.admin?
         rules << :read_group
       end
@@ -32,6 +32,10 @@ class Group &lt; Namespace
     end
   end
+  def add_user(user, group_access)
+    self.users_groups.create(user_id: user.id, group_access: group_access)
+  end
+
   def change_owner(user)
     self.owner = user
     membership = users_groups.where(user_id: user.id).first
@@ -19,37 +19,38 @@
               %i.icon-download-alt
               %span.only-wide Download
-        .dropdown.pull-right
-          %a.dropdown-toggle.btn{href: '#', "data-toggle" => "dropdown"}
-            %i.icon-plus-sign-alt
-            %span.only-wide New
-            %b.caret
-          %ul.dropdown-menu
-            - if @project.issues_enabled && can?(current_user, :write_issue, @project)
-              %li
-                = link_to url_for_new_issue, title: "New Issue" do
-                  Issue
-            - if @project.merge_requests_enabled && can?(current_user, :write_merge_request, @project)
-              %li
-                = link_to new_project_merge_request_path(@project), title: "New Merge Request" do
-                  Merge Request
-            - if @project.snippets_enabled && can?(current_user, :write_snippet, @project)
-              %li
-                = link_to new_project_snippet_path(@project), title: "New Snippet" do
-                  Snippet
-            - if can? current_user, :push_code, @project
-              %li.divider
-              %li
-                = link_to new_project_branch_path(@project) do
-                  %i.icon-code-fork
-                  Git branch
-              %li
-                = link_to new_project_tag_path(@project) do
-                  %i.icon-tag
-                  Git tag
+        - if current_user
+          .dropdown.pull-right
+            %a.dropdown-toggle.btn{href: '#', "data-toggle" => "dropdown"}
+              %i.icon-plus-sign-alt
+              %span.only-wide New
+              %b.caret
+            %ul.dropdown-menu
+              - if @project.issues_enabled && can?(current_user, :write_issue, @project)
+                %li
+                  = link_to url_for_new_issue, title: "New Issue" do
+                    Issue
+              - if @project.merge_requests_enabled && can?(current_user, :write_merge_request, @project)
+                %li
+                  = link_to new_project_merge_request_path(@project), title: "New Merge Request" do
+                    Merge Request
+              - if @project.snippets_enabled && can?(current_user, :write_snippet, @project)
+                %li
+                  = link_to new_project_snippet_path(@project), title: "New Snippet" do
+                    Snippet
+              - if can? current_user, :push_code, @project
+                %li.divider
+                %li
+                  = link_to new_project_branch_path(@project) do
+                    %i.icon-code-fork
+                    Git branch
+                %li
+                  = link_to new_project_tag_path(@project) do
+                    %i.icon-tag
+                    Git tag
-            - if can?(current_user, :admin_team_member, @project)
-              %li.divider
-              %li
-                = link_to new_project_team_member_path(@project), title: "New project member" do
-                  Project member
+              - if can?(current_user, :admin_team_member, @project)
+                %li.divider
+                %li
+                  = link_to new_project_team_member_path(@project), title: "New project member" do
+                    Project member
1	class Projects::HooksController < Projects::ApplicationController	1	class Projects::HooksController < Projects::ApplicationController
2	# Authorize	2	# Authorize
3	- before_filter :authorize_read_project!
4	- before_filter :authorize_admin_project!, only: [:new, :create, :destroy]	3	+ before_filter :authorize_admin_project!
5		4
6	respond_to :html	5	respond_to :html
7		6
	@@ -14,8 +14,6 @@ class Projects::SnippetsController < Projects::ApplicationController		@@ -14,8 +14,6 @@ class Projects::SnippetsController < Projects::ApplicationController
14	# Allow destroy snippet	14	# Allow destroy snippet
15	before_filter :authorize_admin_project_snippet!, only: [:destroy]	15	before_filter :authorize_admin_project_snippet!, only: [:destroy]
16		16
17	- layout 'projects'
18	-
19	respond_to :html	17	respond_to :html
20		18
21	def index	19	def index
1	class Projects::TeamMembersController < Projects::ApplicationController	1	class Projects::TeamMembersController < Projects::ApplicationController
2	# Authorize	2	# Authorize
3	- before_filter :authorize_read_project!
4	- before_filter :authorize_admin_project!, except: [:index, :show]	3	+ before_filter :authorize_admin_project!
5		4
6	layout "project_settings"	5	layout "project_settings"
7		6
1	-class ProjectsController < Projects::ApplicationController	1	+class ProjectsController < ApplicationController
2	skip_before_filter :authenticate_user!, only: [:show]	2	skip_before_filter :authenticate_user!, only: [:show]
3	- skip_before_filter :project, only: [:new, :create]
4	- skip_before_filter :repository, only: [:new, :create]	3	+ before_filter :project, except: [:new, :create]
		4	+ before_filter :repository, except: [:new, :create]
5		5
6	# Authorize	6	# Authorize
7	before_filter :authorize_read_project!, except: [:index, :new, :create]	7	before_filter :authorize_read_project!, except: [:index, :new, :create]
	@@ -154,7 +154,7 @@ class Ability		@@ -154,7 +154,7 @@ class Ability
154	def group_abilities user, group	154	def group_abilities user, group
155	rules = []	155	rules = []
156		156
157	- if group.users.include?(user)	157	+ if group.users.include?(user) \|\| user.admin?
158	rules << :read_group	158	rules << :read_group
159	end	159	end
160		160