Commit 00e4a479 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

allow/deny user to create group/team

parent 585a53c4
...@@ -6,6 +6,7 @@ class GroupsController < ApplicationController ...@@ -6,6 +6,7 @@ class GroupsController < ApplicationController
# Authorize # Authorize
before_filter :authorize_read_group!, except: [:new, :create] before_filter :authorize_read_group!, except: [:new, :create]
before_filter :authorize_create_group!, only: [:new, :create]
# Load group projects # Load group projects
before_filter :projects, except: [:new, :create] before_filter :projects, except: [:new, :create]
...@@ -103,4 +104,8 @@ class GroupsController < ApplicationController ...@@ -103,4 +104,8 @@ class GroupsController < ApplicationController
return render_404 return render_404
end end
end end
def authorize_create_group!
can?(current_user, :create_group, nil)
end
end end
class Ability class Ability
class << self class << self
def allowed(object, subject) def allowed(user, subject)
return [] unless user.kind_of?(User)
case subject.class.name case subject.class.name
when "Project" then project_abilities(object, subject) when "Project" then project_abilities(user, subject)
when "Issue" then issue_abilities(object, subject) when "Issue" then issue_abilities(user, subject)
when "Note" then note_abilities(object, subject) when "Note" then note_abilities(user, subject)
when "Snippet" then snippet_abilities(object, subject) when "Snippet" then snippet_abilities(user, subject)
when "MergeRequest" then merge_request_abilities(object, subject) when "MergeRequest" then merge_request_abilities(user, subject)
when "Group", "Namespace" then group_abilities(object, subject) when "Group", "Namespace" then group_abilities(user, subject)
when "UserTeam" then user_team_abilities(object, subject) when "UserTeam" then user_team_abilities(user, subject)
else [] else []
end.concat(global_abilities(user))
end end
def global_abilities(user)
rules = []
rules << :create_group if user.can_create_group
rules << :create_team if user.can_create_team
rules
end end
def project_abilities(user, project) def project_abilities(user, project)
......
...@@ -232,7 +232,7 @@ class User < ActiveRecord::Base ...@@ -232,7 +232,7 @@ class User < ActiveRecord::Base
end end
def can_create_group? def can_create_group?
can_create_project? can?(:create_group, nil)
end end
def abilities def abilities
......
...@@ -46,6 +46,14 @@ ...@@ -46,6 +46,14 @@
= f.label :projects_limit = f.label :projects_limit
.input= f.number_field :projects_limit .input= f.number_field :projects_limit
.clearfix
= f.label :can_create_group
.input= f.check_box :can_create_group
.clearfix
= f.label :can_create_team
.input= f.check_box :can_create_team
.clearfix .clearfix
= f.label :admin do = f.label :admin do
%strong.cred Administrator %strong.cred Administrator
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment