Commit 5551ccd7 authored by Felipe Artur's avatar Felipe Artur

Code improvements

parent f2a9ee25
...@@ -9,7 +9,7 @@ class GroupsController < Groups::ApplicationController ...@@ -9,7 +9,7 @@ class GroupsController < Groups::ApplicationController
before_action :group, except: [:index, :new, :create] before_action :group, except: [:index, :new, :create]
# Authorize # Authorize
before_action :authorize_read_group!, except: [:index, :show, :new, :create, :autocomplete] before_action :authorize_read_group!, except: [:index, :new, :create]
before_action :authorize_admin_group!, only: [:edit, :update, :destroy, :projects] before_action :authorize_admin_group!, only: [:edit, :update, :destroy, :projects]
before_action :authorize_create_group!, only: [:new, :create] before_action :authorize_create_group!, only: [:new, :create]
...@@ -105,7 +105,7 @@ class GroupsController < Groups::ApplicationController ...@@ -105,7 +105,7 @@ class GroupsController < Groups::ApplicationController
# Dont allow unauthorized access to group # Dont allow unauthorized access to group
def authorize_read_group! def authorize_read_group!
unless @group and (@projects.present? or can?(current_user, :read_group, @group)) unless can?(current_user, :read_group, @group)
if current_user.nil? if current_user.nil?
return authenticate_user! return authenticate_user!
else else
......
...@@ -3,6 +3,16 @@ class UsersController < ApplicationController ...@@ -3,6 +3,16 @@ class UsersController < ApplicationController
before_action :set_user before_action :set_user
def show def show
<<<<<<< HEAD
=======
@contributed_projects = contributed_projects.joined(@user).reject(&:forked?)
@projects = PersonalProjectsFinder.new(@user).execute(current_user)
@projects = @projects.page(params[:page]).per(PER_PAGE)
@groups = @user.groups.order_id_desc
>>>>>>> Code improvements
respond_to do |format| respond_to do |format|
format.html format.html
......
class GroupsFinder class GroupsFinder
def execute(current_user = nil) def execute(current_user = nil)
segments = all_groups(current_user) segments = all_groups(current_user)
if segments.length > 1 if segments.length > 1
...@@ -15,17 +14,9 @@ class GroupsFinder ...@@ -15,17 +14,9 @@ class GroupsFinder
def all_groups(current_user) def all_groups(current_user)
if current_user if current_user
[current_user.authorized_groups, public_and_internal_groups] [current_user.authorized_groups, Group.unscoped.public_and_internal_only]
else else
[Group.public_only] [Group.unscoped.public_only]
end
end end
def public_groups
Group.unscoped.public_only
end
def public_and_internal_groups
Group.unscoped.public_and_internal_only
end end
end end
...@@ -28,7 +28,7 @@ module GroupsHelper ...@@ -28,7 +28,7 @@ module GroupsHelper
group = Group.find_by(path: group) group = Group.find_by(path: group)
end end
if group && group.avatar.present? if group && can?(current_user, :read_group, group) && group.avatar.present?
group.avatar.url group.avatar.url
else else
'no_group_avatar.png' 'no_group_avatar.png'
......
...@@ -83,7 +83,7 @@ class Ability ...@@ -83,7 +83,7 @@ class Ability
subject.group subject.group
end end
if group && group.projects.public_only.any? if group && group.public?
[:read_group] [:read_group]
else else
[] []
...@@ -271,16 +271,13 @@ class Ability ...@@ -271,16 +271,13 @@ class Ability
def group_abilities(user, group) def group_abilities(user, group)
rules = [] rules = []
if user.admin? || group.users.include?(user) || ProjectsFinder.new.execute(user, group: group).any? rules << :read_group if can_read_group?(user, group)
rules << :read_group
end
# Only group masters and group owners can create new projects and change permission level # Only group masters and group owners can create new projects and change permission level
if group.has_master?(user) || group.has_owner?(user) || user.admin? if group.has_master?(user) || group.has_owner?(user) || user.admin?
rules += [ rules += [
:create_projects, :create_projects,
:admin_milestones, :admin_milestones
:change_visibility_level
] ]
end end
...@@ -289,13 +286,20 @@ class Ability ...@@ -289,13 +286,20 @@ class Ability
rules += [ rules += [
:admin_group, :admin_group,
:admin_namespace, :admin_namespace,
:admin_group_member :admin_group_member,
:change_visibility_level
] ]
end end
rules.flatten rules.flatten
end end
def can_read_group?(user, group)
is_project_member = ProjectsFinder.new.execute(user, group: group).any?
internal_group_allowed = group.internal? && user.present?
user.admin? || group.users.include?(user) || is_project_member || group.public? || internal_group_allowed
end
def namespace_abilities(user, namespace) def namespace_abilities(user, namespace)
rules = [] rules = []
......
module SharedScopes
extend ActiveSupport::Concern
included do
scope :public_only, -> { where(visibility_level: Group::PUBLIC) }
scope :public_and_internal_only, -> { where(visibility_level: [Group::PUBLIC, Group::INTERNAL] ) }
end
end
...@@ -21,7 +21,7 @@ class Group < Namespace ...@@ -21,7 +21,7 @@ class Group < Namespace
include Gitlab::ConfigHelper include Gitlab::ConfigHelper
include Gitlab::VisibilityLevel include Gitlab::VisibilityLevel
include Referable include Referable
include SharedScopes
has_many :group_members, dependent: :destroy, as: :source, class_name: 'GroupMember' has_many :group_members, dependent: :destroy, as: :source, class_name: 'GroupMember'
alias_method :members, :group_members alias_method :members, :group_members
...@@ -35,10 +35,6 @@ class Group < Namespace ...@@ -35,10 +35,6 @@ class Group < Namespace
after_create :post_create_hook after_create :post_create_hook
after_destroy :post_destroy_hook after_destroy :post_destroy_hook
scope :public_only, -> { where(visibility_level: Group::PUBLIC) }
scope :public_and_internal_only, -> { where(visibility_level: [Group::PUBLIC, Group::INTERNAL] ) }
class << self class << self
def search(query) def search(query)
where("LOWER(namespaces.name) LIKE :query or LOWER(namespaces.path) LIKE :query", query: "%#{query.downcase}%") where("LOWER(namespaces.name) LIKE :query or LOWER(namespaces.path) LIKE :query", query: "%#{query.downcase}%")
...@@ -69,6 +65,10 @@ class Group < Namespace ...@@ -69,6 +65,10 @@ class Group < Namespace
name name
end end
def visibility_level_field
visibility_level
end
def avatar_url(size = nil) def avatar_url(size = nil)
if avatar.present? if avatar.present?
[gitlab_config.url, avatar.url].join [gitlab_config.url, avatar.url].join
......
...@@ -52,6 +52,7 @@ class Project < ActiveRecord::Base ...@@ -52,6 +52,7 @@ class Project < ActiveRecord::Base
include AfterCommitQueue include AfterCommitQueue
include CaseSensitivity include CaseSensitivity
include TokenAuthenticatable include TokenAuthenticatable
include SharedScopes
extend Gitlab::ConfigHelper extend Gitlab::ConfigHelper
...@@ -213,8 +214,6 @@ class Project < ActiveRecord::Base ...@@ -213,8 +214,6 @@ class Project < ActiveRecord::Base
scope :in_group_namespace, -> { joins(:group) } scope :in_group_namespace, -> { joins(:group) }
scope :personal, ->(user) { where(namespace_id: user.namespace_id) } scope :personal, ->(user) { where(namespace_id: user.namespace_id) }
scope :joined, ->(user) { where('namespace_id != ?', user.namespace_id) } scope :joined, ->(user) { where('namespace_id != ?', user.namespace_id) }
scope :public_only, -> { where(visibility_level: Project::PUBLIC) }
scope :public_and_internal_only, -> { where(visibility_level: Project.public_and_internal_levels) }
scope :non_archived, -> { where(archived: false) } scope :non_archived, -> { where(archived: false) }
scope :for_milestones, ->(ids) { joins(:milestones).where('milestones.id' => ids).distinct } scope :for_milestones, ->(ids) { joins(:milestones).where('milestones.id' => ids).distinct }
......
class AddVisibilityLevelToGroups < ActiveRecord::Migration class AddVisibilityLevelToGroups < ActiveRecord::Migration
def change def change
#All groups will be private when created #All groups will be private when created
add_column :namespaces, :visibility_level, :integer, null: false, default: 0 add_column :namespaces, :visibility_level, :integer, null: false, default: 20
#Set all existing groups to public
Group.update_all(visibility_level: 20)
end end
end end
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20160305220806) do ActiveRecord::Schema.define(version: 20160301124843) do
# These are extensions that must be enabled in order to support this database # These are extensions that must be enabled in order to support this database
enable_extension "plpgsql" enable_extension "plpgsql"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment