Commit 2a1c5cdf authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Only owner of current namespace can change project namespace

parent f6bfa095
......@@ -2,7 +2,7 @@ class ProjectUpdateContext < BaseContext
def execute(role = :default)
namespace_id = params[:project].delete(:namespace_id)
if namespace_id.present?
if can?(current_user, :change_namespace, project) && namespace_id.present?
if namespace_id == Namespace.global_id
if project.namespace.present?
# Transfer to global namespace from anyone
......
......@@ -17,9 +17,7 @@ class Ability
# Rules based on role in project
if project.master_access_for?(user)
# TODO: replace with master rules.
# Only allow project administration for namespace owners
rules << project_admin_rules
rules << project_master_rules
elsif project.dev_access_for?(user)
rules << project_dev_rules
......@@ -93,13 +91,15 @@ class Ability
:admin_merge_request,
:admin_note,
:accept_mr,
:admin_wiki
:admin_wiki,
:admin_project
]
end
def project_admin_rules
project_master_rules + [
:admin_project
:change_namespace,
:rename_project
]
end
......
......@@ -21,9 +21,15 @@
= f.label :namespace_id do
%span Namespace
.controls
- if can? current_user, :change_namespace, @project
= f.select :namespace_id, namespaces_options(@project.namespace_id), {prompt: 'Choose a project namespace'}, {class: 'chosen'}
&nbsp;
%span.cred Be careful. Changing project namespace can have unintended side effects
- else
%a.btn.btn-small.disabled= @project.namespace.try(:human_name) || "/"
&nbsp;
%span.cred Only owner can change project namespace.
- unless @project.heads.empty?
.clearfix
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment