From cc0295b789a89a3f52e83e34b08ddf17b464308a Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Wed, 5 Dec 2012 06:14:05 +0300 Subject: [PATCH] Only owner can remove project --- app/controllers/application_controller.rb | 4 ++++ app/controllers/projects_controller.rb | 2 ++ app/views/help/permissions.html.haml | 1 + app/views/projects/_form.html.haml | 7 ++++--- app/views/services/_gitlab_ci.html.haml | 2 +- app/views/services/index.html.haml | 2 +- 6 files changed, 13 insertions(+), 5 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 5735c1d..75cd8f1 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -112,6 +112,10 @@ class ApplicationController < ActionController::Base render file: Rails.root.join("public", "404"), layout: false, status: "404" end + def render_403 + render file: Rails.root.join("public", "403"), layout: false, status: "403" + end + def require_non_empty_project redirect_to @project if @project.empty_repo? end diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index a6e7f1f..272a6e9 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -89,6 +89,8 @@ class ProjectsController < ProjectResourceController end def destroy + return access_denied! unless can?(current_user, :remove_project, project) + # Disable the UsersProject update_repository call, otherwise it will be # called once for every person removed from the project UsersProject.skip_callback(:destroy, :after, :update_repository) diff --git a/app/views/help/permissions.html.haml b/app/views/help/permissions.html.haml index cf8ce9c..c9ec701 100644 --- a/app/views/help/permissions.html.haml +++ b/app/views/help/permissions.html.haml @@ -66,3 +66,4 @@ %legend Owner %ul %li Transfer project to another namespace + %li Remove project diff --git a/app/views/projects/_form.html.haml b/app/views/projects/_form.html.haml index 879f107..448293c 100644 --- a/app/views/projects/_form.html.haml +++ b/app/views/projects/_form.html.haml @@ -26,7 +26,7 @@   %span.cred Be careful. Changing project namespace can have unintended side effects - else - %a.btn.btn-small.disabled= @project.namespace.try(:human_name) || "/" + %a.btn.disabled= @project.namespace.try(:human_name) || "/"   %span.cred Only owner can change project namespace. @@ -69,5 +69,6 @@ = f.submit 'Save', class: "btn save-btn" = link_to 'Cancel', @project, class: "btn" - unless @project.new_record? - .right - = link_to 'Remove', @project, confirm: 'Are you sure?', method: :delete, class: "btn danger" + - if can?(current_user, :remove_project, @project) + .right + = link_to 'Remove', @project, confirm: 'Removed project can not be restored! Are you sure?', method: :delete, class: "btn danger" diff --git a/app/views/services/_gitlab_ci.html.haml b/app/views/services/_gitlab_ci.html.haml index 09d139c..649c5cc 100644 --- a/app/views/services/_gitlab_ci.html.haml +++ b/app/views/services/_gitlab_ci.html.haml @@ -5,7 +5,7 @@ - if @service.active %small.cgreen Enabled - else - %small.btn Disabled + %small.cgray Disabled diff --git a/app/views/services/index.html.haml b/app/views/services/index.html.haml index 65e9438..81599ec 100644 --- a/app/views/services/index.html.haml +++ b/app/views/services/index.html.haml @@ -12,7 +12,7 @@ - if @gitlab_ci_service.active %small.cgreen Enabled - else - %small.btn Disabled + %small.cgray Disabled %li.wll %h4 Jenkins CI -- libgit2 0.21.2