Merge pull request #2772 from zzet/bugfix/path_and_page-project-member-access-#2745

fix edit project members access link and page fixes refs #2745

Merge pull request #2772 from zzet/bugfix/path_and_page-project-member-access-#2745
fix edit project members access link and page fixes refs #2745
Dmitriy Zaporozhets
2 parents 439229ef 75a02e09
Showing 10 changed files with 42 additions and 40 deletions Show diff stats
app/controllers/admin/projects/application_controller.rb
app/controllers/admin/projects/members_controller.rb
app/controllers/admin/teams/members_controller.rb
app/controllers/admin/users_controller.rb
app/controllers/team_members_controller.rb
app/controllers/teams/members_controller.rb
app/models/user.rb
app/views/admin/groups/show.html.haml
app/views/admin/users/show.html.haml
config/routes.rb
@@ -6,6 +6,6 @@ class Admin::Projects::ApplicationController &lt; Admin::ApplicationController
   protected
   def project
-    @project ||= Project.find_by_path(params[:project_id])
+    @project ||= Project.find_with_namespace(params[:project_id])
   end
 end
@@ -22,7 +22,7 @@ class Admin::Projects::MembersController &lt; Admin::Projects::ApplicationControlle
   private
   def team_member
-    @member ||= project.users.find(params[:id])
+    @member ||= project.users.find_by_username(params[:id])
   end
   def team_member_relation
@@ -36,6 +36,6 @@ class Admin::Teams::MembersController &lt; Admin::Teams::ApplicationController
   protected
   def team_member
-    @member ||= user_team.members.find(params[:id])
+    @member ||= user_team.members.find_by_username(params[:id])
   end
 end
@@ -7,25 +7,21 @@ class Admin::UsersController &lt; Admin::ApplicationController
   end
   def show
-    @admin_user = User.find(params[:id])
-
-    @projects = if @admin_user.authorized_projects.empty?
+    projects = if admin_user.authorized_projects.empty?
                Project
              else
-               Project.without_user(@admin_user)
+               Project.without_user(admin_user)
              end.all
   end
   def team_update
-    @admin_user = User.find(params[:id])
-
     UsersProject.add_users_into_projects(
       params[:project_ids],
-      [@admin_user.id],
+      [admin_user.id],
       params[:project_access]
     )
-    redirect_to [:admin, @admin_user], notice: 'Teams were successfully updated.'
+    redirect_to [:admin, admin_user], notice: 'Teams were successfully updated.'
   end
@@ -34,13 +30,11 @@ class Admin::UsersController &lt; Admin::ApplicationController
   end
   def edit
-    @admin_user = User.find(params[:id])
+    admin_user
   end
   def block
-    @admin_user = User.find(params[:id])
-
-    if @admin_user.block
+    if admin_user.block
       redirect_to :back, alert: "Successfully blocked"
     else
       redirect_to :back, alert: "Error occured. User was not blocked"
@@ -48,9 +42,7 @@ class Admin::UsersController &lt; Admin::ApplicationController
   end
   def unblock
-    @admin_user = User.find(params[:id])
-
-    if @admin_user.update_attribute(:blocked, false)
+    if admin_user.update_attribute(:blocked, false)
       redirect_to :back, alert: "Successfully unblocked"
     else
       redirect_to :back, alert: "Error occured. User was not unblocked"
@@ -82,30 +74,34 @@ class Admin::UsersController &lt; Admin::ApplicationController
       params[:user].delete(:password_confirmation)
     end
-    @admin_user = User.find(params[:id])
-    @admin_user.admin = (admin && admin.to_i > 0)
+    admin_user.admin = (admin && admin.to_i > 0)
     respond_to do |format|
-      if @admin_user.update_attributes(params[:user], as: :admin)
-        format.html { redirect_to [:admin, @admin_user], notice: 'User was successfully updated.' }
+      if admin_user.update_attributes(params[:user], as: :admin)
+        format.html { redirect_to [:admin, admin_user], notice: 'User was successfully updated.' }
         format.json { head :ok }
       else
         format.html { render action: "edit" }
-        format.json { render json: @admin_user.errors, status: :unprocessable_entity }
+        format.json { render json: admin_user.errors, status: :unprocessable_entity }
       end
     end
   end
   def destroy
-    @admin_user = User.find(params[:id])
-    if @admin_user.personal_projects.count > 0
+    if admin_user.personal_projects.count > 0
       redirect_to admin_users_path, alert: "User is a project owner and can't be removed." and return
     end
-    @admin_user.destroy
+    admin_user.destroy
     respond_to do |format|
-      format.html { redirect_to admin_users_url }
+      format.html { redirect_to admin_users_path }
       format.json { head :ok }
     end
   end
+
+  protected
+
+  def admin_user
+    @admin_user ||= User.find_by_username(params[:id])
+  end
 end
@@ -39,7 +39,7 @@ class TeamMembersController &lt; ProjectResourceController
   end
   def destroy
-    @user_project_relation = project.users_projects.find_by_user_id(params[:id])
+    @user_project_relation = project.users_projects.find_by_user_id(member)
     @user_project_relation.destroy
     respond_to do |format|
@@ -59,6 +59,6 @@ class TeamMembersController &lt; ProjectResourceController
   protected
   def member
-    @member ||= User.find(params[:id])
+    @member ||= User.find_by_username(params[:id])
   end
 end
@@ -43,7 +43,7 @@ class Teams::MembersController &lt; Teams::ApplicationController
   protected
   def team_member
-    @member ||= user_team.members.find(params[:id])
+    @member ||= user_team.members.find_by_username(params[:id])
   end
 end
@@ -143,6 +143,11 @@ class User &lt; ActiveRecord::Base
   #
   # Instance methods
   #
+
+  def to_param
+    username
+  end
+
   def generate_password
     if self.force_random_password
       self.password = self.password_confirmation = Devise.friendly_token.first(8)
@@ -72,16 +72,17 @@
           %th Users
           %th Project Access:
-      - @group.users.each do |u|
-        %tr{class: "user_#{u.id}"}
-          %td.name= link_to u.name, admin_user_path(u)
+      - @group.users.each do |user|
+        - next unless user
+        %tr{class: "user_#{user.id}"}
+          %td.name= link_to user.name, admin_user_path(user)
           %td.projects_access
-            - u.authorized_projects.in_namespace(@group).each do |project|
-              - u_p = u.users_projects.in_project(project).first
+            - user.authorized_projects.in_namespace(@group).each do |project|
+              - u_p = user.users_projects.in_project(project).first
               - next unless u_p
               %span
-                = project.name
-                = link_to "(#{ u_p.project_access_human })", edit_admin_team_member_path(u_p)
+                = project.name_with_namespace
+                = link_to "(#{ u_p.project_access_human })", edit_admin_project_member_path(project, user)
       %tr
         %td.input= select_tag :user_ids, options_from_collection_for_select(@users , :id, :name), multiple: true, data: {placeholder: 'Select users'}, class: 'chosen span5'
         %td= select_tag :project_access, options_for_select(Project.access_options), {class: "project-access-select chosen span3"}
@@ -123,5 +123,5 @@
       %tr
         %td= link_to project.name_with_namespace, admin_project_path(project)
         %td= tm.project_access_human
-        %td= link_to 'Edit Access', edit_admin_team_member_path(tm), class: "btn small"
-        %td= link_to 'Remove from team', admin_team_member_path(tm), confirm: 'Are you sure?', method: :delete, class: "btn small danger"
+        %td= link_to 'Edit Access', edit_admin_project_member_path(project, tm.user), class: "btn small"
+        %td= link_to 'Remove from team', admin_project_member_path(project, tm.user), confirm: 'Are you sure?', method: :delete, class: "btn small danger"
@@ -84,7 +84,7 @@ Gitlab::Application.routes.draw do
         get :team
         put :team_update
       end
-      scope module: :projects, constraints: { id: /[^\/]+/ } do
+      scope module: :projects, constraints: { id: /[a-zA-Z.\/0-9_\-]+/ } do
         resources :members, only: [:edit, :update, :destroy]
       end
     end
	@@ -6,6 +6,6 @@ class Admin::Projects::ApplicationController < Admin::ApplicationController		@@ -6,6 +6,6 @@ class Admin::Projects::ApplicationController < Admin::ApplicationController
6	protected	6	protected
7		7
8	def project	8	def project
9	- @project \|\|= Project.find_by_path(params[:project_id])	9	+ @project \|\|= Project.find_with_namespace(params[:project_id])
10	end	10	end
11	end	11	end
	@@ -22,7 +22,7 @@ class Admin::Projects::MembersController < Admin::Projects::ApplicationControlle		@@ -22,7 +22,7 @@ class Admin::Projects::MembersController < Admin::Projects::ApplicationControlle
22	private	22	private
23		23
24	def team_member	24	def team_member
25	- @member \|\|= project.users.find(params[:id])	25	+ @member \|\|= project.users.find_by_username(params[:id])
26	end	26	end
27		27
28	def team_member_relation	28	def team_member_relation
	@@ -36,6 +36,6 @@ class Admin::Teams::MembersController < Admin::Teams::ApplicationController		@@ -36,6 +36,6 @@ class Admin::Teams::MembersController < Admin::Teams::ApplicationController
36	protected	36	protected
37		37
38	def team_member	38	def team_member
39	- @member \|\|= user_team.members.find(params[:id])	39	+ @member \|\|= user_team.members.find_by_username(params[:id])
40	end	40	end
41	end	41	end
	@@ -39,7 +39,7 @@ class TeamMembersController < ProjectResourceController		@@ -39,7 +39,7 @@ class TeamMembersController < ProjectResourceController
39	end	39	end
40		40
41	def destroy	41	def destroy
42	- @user_project_relation = project.users_projects.find_by_user_id(params[:id])	42	+ @user_project_relation = project.users_projects.find_by_user_id(member)
43	@user_project_relation.destroy	43	@user_project_relation.destroy
44		44
45	respond_to do \|format\|	45	respond_to do \|format\|
	@@ -59,6 +59,6 @@ class TeamMembersController < ProjectResourceController		@@ -59,6 +59,6 @@ class TeamMembersController < ProjectResourceController
59	protected	59	protected
60		60
61	def member	61	def member
62	- @member \|\|= User.find(params[:id])	62	+ @member \|\|= User.find_by_username(params[:id])
63	end	63	end
64	end	64	end
	@@ -43,7 +43,7 @@ class Teams::MembersController < Teams::ApplicationController		@@ -43,7 +43,7 @@ class Teams::MembersController < Teams::ApplicationController
43	protected	43	protected
44		44
45	def team_member	45	def team_member
46	- @member \|\|= user_team.members.find(params[:id])	46	+ @member \|\|= user_team.members.find_by_username(params[:id])
47	end	47	end
48		48
49	end	49	end
	@@ -123,5 +123,5 @@		@@ -123,5 +123,5 @@
123	%tr	123	%tr
124	%td= link_to project.name_with_namespace, admin_project_path(project)	124	%td= link_to project.name_with_namespace, admin_project_path(project)
125	%td= tm.project_access_human	125	%td= tm.project_access_human
126	- %td= link_to 'Edit Access', edit_admin_team_member_path(tm), class: "btn small"
127	- %td= link_to 'Remove from team', admin_team_member_path(tm), confirm: 'Are you sure?', method: :delete, class: "btn small danger"	126	+ %td= link_to 'Edit Access', edit_admin_project_member_path(project, tm.user), class: "btn small"
		127	+ %td= link_to 'Remove from team', admin_project_member_path(project, tm.user), confirm: 'Are you sure?', method: :delete, class: "btn small danger"
	@@ -84,7 +84,7 @@ Gitlab::Application.routes.draw do		@@ -84,7 +84,7 @@ Gitlab::Application.routes.draw do
84	get :team	84	get :team
85	put :team_update	85	put :team_update
86	end	86	end
87	- scope module: :projects, constraints: { id: /[^\/]+/ } do	87	+ scope module: :projects, constraints: { id: /[a-zA-Z.\/0-9_\-]+/ } do
88	resources :members, only: [:edit, :update, :destroy]	88	resources :members, only: [:edit, :update, :destroy]
89	end	89	end
90	end	90	end