Commit 573d367b authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Modify permissions for project and group

* Hooks and team pages allowed only for masters/owners
* Group page allowed for admin
* Corrent authentication for Projects controller
* Hide some project elements from visitor
parent 087d7e55
class Projects::HooksController < Projects::ApplicationController class Projects::HooksController < Projects::ApplicationController
# Authorize # Authorize
before_filter :authorize_read_project! before_filter :authorize_admin_project!
before_filter :authorize_admin_project!, only: [:new, :create, :destroy]
respond_to :html respond_to :html
......
...@@ -14,8 +14,6 @@ class Projects::SnippetsController < Projects::ApplicationController ...@@ -14,8 +14,6 @@ class Projects::SnippetsController < Projects::ApplicationController
# Allow destroy snippet # Allow destroy snippet
before_filter :authorize_admin_project_snippet!, only: [:destroy] before_filter :authorize_admin_project_snippet!, only: [:destroy]
layout 'projects'
respond_to :html respond_to :html
def index def index
......
class Projects::TeamMembersController < Projects::ApplicationController class Projects::TeamMembersController < Projects::ApplicationController
# Authorize # Authorize
before_filter :authorize_read_project! before_filter :authorize_admin_project!
before_filter :authorize_admin_project!, except: [:index, :show]
layout "project_settings" layout "project_settings"
......
class ProjectsController < Projects::ApplicationController class ProjectsController < ApplicationController
skip_before_filter :authenticate_user!, only: [:show] skip_before_filter :authenticate_user!, only: [:show]
skip_before_filter :project, only: [:new, :create] before_filter :project, except: [:new, :create]
skip_before_filter :repository, only: [:new, :create] before_filter :repository, except: [:new, :create]
# Authorize # Authorize
before_filter :authorize_read_project!, except: [:index, :new, :create] before_filter :authorize_read_project!, except: [:index, :new, :create]
......
...@@ -154,7 +154,7 @@ class Ability ...@@ -154,7 +154,7 @@ class Ability
def group_abilities user, group def group_abilities user, group
rules = [] rules = []
if group.users.include?(user) if group.users.include?(user) || user.admin?
rules << :read_group rules << :read_group
end end
......
...@@ -32,6 +32,10 @@ class Group < Namespace ...@@ -32,6 +32,10 @@ class Group < Namespace
end end
end end
def add_user(user, group_access)
self.users_groups.create(user_id: user.id, group_access: group_access)
end
def change_owner(user) def change_owner(user)
self.owner = user self.owner = user
membership = users_groups.where(user_id: user.id).first membership = users_groups.where(user_id: user.id).first
......
...@@ -19,6 +19,7 @@ ...@@ -19,6 +19,7 @@
%i.icon-download-alt %i.icon-download-alt
%span.only-wide Download %span.only-wide Download
- if current_user
.dropdown.pull-right .dropdown.pull-right
%a.dropdown-toggle.btn{href: '#', "data-toggle" => "dropdown"} %a.dropdown-toggle.btn{href: '#', "data-toggle" => "dropdown"}
%i.icon-plus-sign-alt %i.icon-plus-sign-alt
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment