Modify permissions for project and group

* Hooks and team pages allowed only for masters/owners * Group page allowed for admin * Corrent authentication for Projects controller * Hide some project elements from visitor

Modify permissions for project and group
* Hooks and team pages allowed only for masters/owners * Group page allowed for admin * Corrent authentication for Projects controller * Hide some project elements from visitor
573d367b · Dmitriy Zaporozhets · 087d7e55 · 573d367b · 573d367b · 573d367b
Commit 573d367b authored Sep 25, 2013 by Dmitriy Zaporozhets
7 changed files
--- a/app/controllers/projects/hooks_controller.rb
+++ b/app/controllers/projects/hooks_controller.rb
 class Projects::HooksController < Projects::ApplicationController
  # Authorize
-  before_filter :authorize_read_project!
+  before_filter :authorize_admin_project!
-  before_filter :authorize_admin_project!, only: [:new, :create, :destroy]
  respond_to :html

--- a/app/controllers/projects/snippets_controller.rb
+++ b/app/controllers/projects/snippets_controller.rb
@@ -14,8 +14,6 @@ class Projects::SnippetsController < Projects::ApplicationController
  # Allow destroy snippet
  before_filter :authorize_admin_project_snippet!, only: [:destroy]
-  layout 'projects'
  respond_to :html
  def index

--- a/app/controllers/projects/team_members_controller.rb
+++ b/app/controllers/projects/team_members_controller.rb
 class Projects::TeamMembersController < Projects::ApplicationController
  # Authorize
-  before_filter :authorize_read_project!
+  before_filter :authorize_admin_project!
-  before_filter :authorize_admin_project!, except: [:index, :show]
  layout "project_settings"

--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
-class ProjectsController < Projects::ApplicationController
+class ProjectsController < ApplicationController
  skip_before_filter :authenticate_user!, only: [:show]
-  skip_before_filter :project, only: [:new, :create]
+  before_filter :project, except: [:new, :create]
-  skip_before_filter :repository, only: [:new, :create]
+  before_filter :repository, except: [:new, :create]
  # Authorize
  before_filter :authorize_read_project!, except: [:index, :new, :create]

--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -154,7 +154,7 @@ class Ability
    def group_abilities user, group
      rules = []
-      if group.users.include?(user)
+      if group.users.include?(user) || user.admin?
        rules << :read_group
      end

--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -32,6 +32,10 @@ class Group < Namespace
    end
  end
+  def add_user(user, group_access)
+    self.users_groups.create(user_id: user.id, group_access: group_access)
+  end
  def change_owner(user)
    self.owner = user
    membership = users_groups.where(user_id: user.id).first

--- a/app/views/projects/_clone_panel.html.haml
+++ b/app/views/projects/_clone_panel.html.haml
@@ -19,6 +19,7 @@
              %i.icon-download-alt
              %span.only-wide Download
+        - if current_user
          .dropdown.pull-right
            %a.dropdown-toggle.btn{href: '#', "data-toggle" => "dropdown"}
              %i.icon-plus-sign-alt