Merge pull request #2772 from zzet/bugfix/path_and_page-project-member-access-#2745

fix edit project members access link and page fixes refs #2745

Merge pull request #2772 from zzet/bugfix/path_and_page-project-member-access-#2745
fix edit project members access link and page fixes refs #2745
Dmitriy Zaporozhets
2 parents 439229ef 75a02e09
Showing 10 changed files with 42 additions and 40 deletions Show diff stats
app/controllers/admin/projects/application_controller.rb
app/controllers/admin/projects/members_controller.rb
app/controllers/admin/teams/members_controller.rb
app/controllers/admin/users_controller.rb
app/controllers/team_members_controller.rb
app/controllers/teams/members_controller.rb
app/models/user.rb
app/views/admin/groups/show.html.haml
app/views/admin/users/show.html.haml
config/routes.rb
@@ -6,6 +6,6 @@ class Admin::Projects::ApplicationController &lt; Admin::ApplicationController
   protected
  
   def project
-    @project ||= Project.find_by_path(params[:project_id])
+    @project ||= Project.find_with_namespace(params[:project_id])
   end
 end
@@ -22,7 +22,7 @@ class Admin::Projects::MembersController &lt; Admin::Projects::ApplicationControlle
   private
  
   def team_member
-    @member ||= project.users.find(params[:id])
+    @member ||= project.users.find_by_username(params[:id])
   end
  
   def team_member_relation
@@ -36,6 +36,6 @@ class Admin::Teams::MembersController &lt; Admin::Teams::ApplicationController
   protected
  
   def team_member
-    @member ||= user_team.members.find(params[:id])
+    @member ||= user_team.members.find_by_username(params[:id])
   end
 end
@@ -7,25 +7,21 @@ class Admin::UsersController &lt; Admin::ApplicationController
   end
  
   def show
-    @admin_user = User.find(params[:id])
-
-    @projects = if @admin_user.authorized_projects.empty?
+    projects = if admin_user.authorized_projects.empty?
                Project
              else
-               Project.without_user(@admin_user)
+               Project.without_user(admin_user)
              end.all
   end
  
   def team_update
-    @admin_user = User.find(params[:id])
-
     UsersProject.add_users_into_projects(
       params[:project_ids],
-      [@admin_user.id],
+      [admin_user.id],
       params[:project_access]
     )
  
-    redirect_to [:admin, @admin_user], notice: 'Teams were successfully updated.'
+    redirect_to [:admin, admin_user], notice: 'Teams were successfully updated.'
   end
  
  
@@ -34,13 +30,11 @@ class Admin::UsersController &lt; Admin::ApplicationController
   end
  
   def edit
-    @admin_user = User.find(params[:id])
+    admin_user
   end
  
   def block
-    @admin_user = User.find(params[:id])
-
-    if @admin_user.block
+    if admin_user.block
       redirect_to :back, alert: "Successfully blocked"
     else
       redirect_to :back, alert: "Error occured. User was not blocked"
@@ -48,9 +42,7 @@ class Admin::UsersController &lt; Admin::ApplicationController
   end
  
   def unblock
-    @admin_user = User.find(params[:id])
-
-    if @admin_user.update_attribute(:blocked, false)
+    if admin_user.update_attribute(:blocked, false)
       redirect_to :back, alert: "Successfully unblocked"
     else
       redirect_to :back, alert: "Error occured. User was not unblocked"
@@ -82,30 +74,34 @@ class Admin::UsersController &lt; Admin::ApplicationController
       params[:user].delete(:password_confirmation)
     end
  
-    @admin_user = User.find(params[:id])
-    @admin_user.admin = (admin && admin.to_i > 0)
+    admin_user.admin = (admin && admin.to_i > 0)
  
     respond_to do |format|
-      if @admin_user.update_attributes(params[:user], as: :admin)
-        format.html { redirect_to [:admin, @admin_user], notice: 'User was successfully updated.' }
+      if admin_user.update_attributes(params[:user], as: :admin)
+        format.html { redirect_to [:admin, admin_user], notice: 'User was successfully updated.' }
         format.json { head :ok }
       else
         format.html { render action: "edit" }
-        format.json { render json: @admin_user.errors, status: :unprocessable_entity }
+        format.json { render json: admin_user.errors, status: :unprocessable_entity }
       end
     end
   end
  
   def destroy
-    @admin_user = User.find(params[:id])
-    if @admin_user.personal_projects.count > 0
+    if admin_user.personal_projects.count > 0
       redirect_to admin_users_path, alert: "User is a project owner and can't be removed." and return
     end
-    @admin_user.destroy
+    admin_user.destroy
  
     respond_to do |format|
-      format.html { redirect_to admin_users_url }
+      format.html { redirect_to admin_users_path }
       format.json { head :ok }
     end
   end
+
+  protected
+
+  def admin_user
+    @admin_user ||= User.find_by_username(params[:id])
+  end
 end
@@ -39,7 +39,7 @@ class TeamMembersController &lt; ProjectResourceController
   end
  
   def destroy
-    @user_project_relation = project.users_projects.find_by_user_id(params[:id])
+    @user_project_relation = project.users_projects.find_by_user_id(member)
     @user_project_relation.destroy
  
     respond_to do |format|
@@ -59,6 +59,6 @@ class TeamMembersController &lt; ProjectResourceController
   protected
  
   def member
-    @member ||= User.find(params[:id])
+    @member ||= User.find_by_username(params[:id])
   end
 end
@@ -43,7 +43,7 @@ class Teams::MembersController &lt; Teams::ApplicationController
   protected
  
   def team_member
-    @member ||= user_team.members.find(params[:id])
+    @member ||= user_team.members.find_by_username(params[:id])
   end
  
 end
@@ -143,6 +143,11 @@ class User &lt; ActiveRecord::Base
   #
   # Instance methods
   #
+
+  def to_param
+    username
+  end
+
   def generate_password
     if self.force_random_password
       self.password = self.password_confirmation = Devise.friendly_token.first(8)
@@ -72,16 +72,17 @@
           %th Users
           %th Project Access:
  
-      - @group.users.each do |u|
-        %tr{class: "user_#{u.id}"}
-          %td.name= link_to u.name, admin_user_path(u)
+      - @group.users.each do |user|
+        - next unless user
+        %tr{class: "user_#{user.id}"}
+          %td.name= link_to user.name, admin_user_path(user)
           %td.projects_access
-            - u.authorized_projects.in_namespace(@group).each do |project|
-              - u_p = u.users_projects.in_project(project).first
+            - user.authorized_projects.in_namespace(@group).each do |project|
+              - u_p = user.users_projects.in_project(project).first
               - next unless u_p
               %span
-                = project.name
-                = link_to "(#{ u_p.project_access_human })", edit_admin_team_member_path(u_p)
+                = project.name_with_namespace
+                = link_to "(#{ u_p.project_access_human })", edit_admin_project_member_path(project, user)
       %tr
         %td.input= select_tag :user_ids, options_from_collection_for_select(@users , :id, :name), multiple: true, data: {placeholder: 'Select users'}, class: 'chosen span5'
         %td= select_tag :project_access, options_for_select(Project.access_options), {class: "project-access-select chosen span3"}
@@ -123,5 +123,5 @@
       %tr
         %td= link_to project.name_with_namespace, admin_project_path(project)
         %td= tm.project_access_human
-        %td= link_to 'Edit Access', edit_admin_team_member_path(tm), class: "btn small"
-        %td= link_to 'Remove from team', admin_team_member_path(tm), confirm: 'Are you sure?', method: :delete, class: "btn small danger"
+        %td= link_to 'Edit Access', edit_admin_project_member_path(project, tm.user), class: "btn small"
+        %td= link_to 'Remove from team', admin_project_member_path(project, tm.user), confirm: 'Are you sure?', method: :delete, class: "btn small danger"
@@ -84,7 +84,7 @@ Gitlab::Application.routes.draw do
         get :team
         put :team_update
       end
-      scope module: :projects, constraints: { id: /[^\/]+/ } do
+      scope module: :projects, constraints: { id: /[a-zA-Z.\/0-9_\-]+/ } do
         resources :members, only: [:edit, :update, :destroy]
       end
     end
...	...	@@ -6,6 +6,6 @@ class Admin::Projects::ApplicationController < Admin::ApplicationController
6	6	protected
7	7
8	8	def project
9		- @project \|\|= Project.find_by_path(params[:project_id])
	9	+ @project \|\|= Project.find_with_namespace(params[:project_id])
10	10	end
11	11	end
...	...
...	...	@@ -22,7 +22,7 @@ class Admin::Projects::MembersController < Admin::Projects::ApplicationControlle
22	22	private
23	23
24	24	def team_member
25		- @member \|\|= project.users.find(params[:id])
	25	+ @member \|\|= project.users.find_by_username(params[:id])
26	26	end
27	27
28	28	def team_member_relation
...	...
...	...	@@ -36,6 +36,6 @@ class Admin::Teams::MembersController < Admin::Teams::ApplicationController
36	36	protected
37	37
38	38	def team_member
39		- @member \|\|= user_team.members.find(params[:id])
	39	+ @member \|\|= user_team.members.find_by_username(params[:id])
40	40	end
41	41	end
...	...
...	...	@@ -7,25 +7,21 @@ class Admin::UsersController < Admin::ApplicationController
7	7	end
8	8
9	9	def show
10		- @admin_user = User.find(params[:id])
11		-
12		- @projects = if @admin_user.authorized_projects.empty?
	10	+ projects = if admin_user.authorized_projects.empty?
13	11	Project
14	12	else
15		- Project.without_user(@admin_user)
	13	+ Project.without_user(admin_user)
16	14	end.all
17	15	end
18	16
19	17	def team_update
20		- @admin_user = User.find(params[:id])
21		-
22	18	UsersProject.add_users_into_projects(
23	19	params[:project_ids],
24		- [@admin_user.id],
	20	+ [admin_user.id],
25	21	params[:project_access]
26	22	)
27	23
28		- redirect_to [:admin, @admin_user], notice: 'Teams were successfully updated.'
	24	+ redirect_to [:admin, admin_user], notice: 'Teams were successfully updated.'
29	25	end
30	26
31	27
...	...	@@ -34,13 +30,11 @@ class Admin::UsersController < Admin::ApplicationController
34	30	end
35	31
36	32	def edit
37		- @admin_user = User.find(params[:id])
	33	+ admin_user
38	34	end
39	35
40	36	def block
41		- @admin_user = User.find(params[:id])
42		-
43		- if @admin_user.block
	37	+ if admin_user.block
44	38	redirect_to :back, alert: "Successfully blocked"
45	39	else
46	40	redirect_to :back, alert: "Error occured. User was not blocked"
...	...	@@ -48,9 +42,7 @@ class Admin::UsersController < Admin::ApplicationController
48	42	end
49	43
50	44	def unblock
51		- @admin_user = User.find(params[:id])
52		-
53		- if @admin_user.update_attribute(:blocked, false)
	45	+ if admin_user.update_attribute(:blocked, false)
54	46	redirect_to :back, alert: "Successfully unblocked"
55	47	else
56	48	redirect_to :back, alert: "Error occured. User was not unblocked"
...	...	@@ -82,30 +74,34 @@ class Admin::UsersController < Admin::ApplicationController
82	74	params[:user].delete(:password_confirmation)
83	75	end
84	76
85		- @admin_user = User.find(params[:id])
86		- @admin_user.admin = (admin && admin.to_i > 0)
	77	+ admin_user.admin = (admin && admin.to_i > 0)
87	78
88	79	respond_to do \|format\|
89		- if @admin_user.update_attributes(params[:user], as: :admin)
90		- format.html { redirect_to [:admin, @admin_user], notice: 'User was successfully updated.' }
	80	+ if admin_user.update_attributes(params[:user], as: :admin)
	81	+ format.html { redirect_to [:admin, admin_user], notice: 'User was successfully updated.' }
91	82	format.json { head :ok }
92	83	else
93	84	format.html { render action: "edit" }
94		- format.json { render json: @admin_user.errors, status: :unprocessable_entity }
	85	+ format.json { render json: admin_user.errors, status: :unprocessable_entity }
95	86	end
96	87	end
97	88	end
98	89
99	90	def destroy
100		- @admin_user = User.find(params[:id])
101		- if @admin_user.personal_projects.count > 0
	91	+ if admin_user.personal_projects.count > 0
102	92	redirect_to admin_users_path, alert: "User is a project owner and can't be removed." and return
103	93	end
104		- @admin_user.destroy
	94	+ admin_user.destroy
105	95
106	96	respond_to do \|format\|
107		- format.html { redirect_to admin_users_url }
	97	+ format.html { redirect_to admin_users_path }
108	98	format.json { head :ok }
109	99	end
110	100	end
	101	+
	102	+ protected
	103	+
	104	+ def admin_user
	105	+ @admin_user \|\|= User.find_by_username(params[:id])
	106	+ end
111	107	end
...	...
...	...	@@ -39,7 +39,7 @@ class TeamMembersController < ProjectResourceController
39	39	end
40	40
41	41	def destroy
42		- @user_project_relation = project.users_projects.find_by_user_id(params[:id])
	42	+ @user_project_relation = project.users_projects.find_by_user_id(member)
43	43	@user_project_relation.destroy
44	44
45	45	respond_to do \|format\|
...	...	@@ -59,6 +59,6 @@ class TeamMembersController < ProjectResourceController
59	59	protected
60	60
61	61	def member
62		- @member \|\|= User.find(params[:id])
	62	+ @member \|\|= User.find_by_username(params[:id])
63	63	end
64	64	end
...	...
...	...	@@ -43,7 +43,7 @@ class Teams::MembersController < Teams::ApplicationController
43	43	protected
44	44
45	45	def team_member
46		- @member \|\|= user_team.members.find(params[:id])
	46	+ @member \|\|= user_team.members.find_by_username(params[:id])
47	47	end
48	48
49	49	end
...	...
...	...	@@ -143,6 +143,11 @@ class User < ActiveRecord::Base
143	143	#
144	144	# Instance methods
145	145	#
	146	+
	147	+ def to_param
	148	+ username
	149	+ end
	150	+
146	151	def generate_password
147	152	if self.force_random_password
148	153	self.password = self.password_confirmation = Devise.friendly_token.first(8)
...	...
...	...	@@ -72,16 +72,17 @@
72	72	%th Users
73	73	%th Project Access:
74	74
75		- - @group.users.each do \|u\|
76		- %tr{class: "user_#{u.id}"}
77		- %td.name= link_to u.name, admin_user_path(u)
	75	+ - @group.users.each do \|user\|
	76	+ - next unless user
	77	+ %tr{class: "user_#{user.id}"}
	78	+ %td.name= link_to user.name, admin_user_path(user)
78	79	%td.projects_access
79		- - u.authorized_projects.in_namespace(@group).each do \|project\|
80		- - u_p = u.users_projects.in_project(project).first
	80	+ - user.authorized_projects.in_namespace(@group).each do \|project\|
	81	+ - u_p = user.users_projects.in_project(project).first
81	82	- next unless u_p
82	83	%span
83		- = project.name
84		- = link_to "(#{ u_p.project_access_human })", edit_admin_team_member_path(u_p)
	84	+ = project.name_with_namespace
	85	+ = link_to "(#{ u_p.project_access_human })", edit_admin_project_member_path(project, user)
85	86	%tr
86	87	%td.input= select_tag :user_ids, options_from_collection_for_select(@users , :id, :name), multiple: true, data: {placeholder: 'Select users'}, class: 'chosen span5'
87	88	%td= select_tag :project_access, options_for_select(Project.access_options), {class: "project-access-select chosen span3"}
...	...
...	...	@@ -123,5 +123,5 @@
123	123	%tr
124	124	%td= link_to project.name_with_namespace, admin_project_path(project)
125	125	%td= tm.project_access_human
126		- %td= link_to 'Edit Access', edit_admin_team_member_path(tm), class: "btn small"
127		- %td= link_to 'Remove from team', admin_team_member_path(tm), confirm: 'Are you sure?', method: :delete, class: "btn small danger"
	126	+ %td= link_to 'Edit Access', edit_admin_project_member_path(project, tm.user), class: "btn small"
	127	+ %td= link_to 'Remove from team', admin_project_member_path(project, tm.user), confirm: 'Are you sure?', method: :delete, class: "btn small danger"
...	...
...	...	@@ -84,7 +84,7 @@ Gitlab::Application.routes.draw do
84	84	get :team
85	85	put :team_update
86	86	end
87		- scope module: :projects, constraints: { id: /[^\/]+/ } do
	87	+ scope module: :projects, constraints: { id: /[a-zA-Z.\/0-9_\-]+/ } do
88	88	resources :members, only: [:edit, :update, :destroy]
89	89	end
90	90	end
...	...