Commit 573d367b authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Modify permissions for project and group

* Hooks and team pages allowed only for masters/owners
* Group page allowed for admin
* Corrent authentication for Projects controller
* Hide some project elements from visitor
parent 087d7e55
class Projects::HooksController < Projects::ApplicationController
# Authorize
before_filter :authorize_read_project!
before_filter :authorize_admin_project!, only: [:new, :create, :destroy]
before_filter :authorize_admin_project!
respond_to :html
......
......@@ -14,8 +14,6 @@ class Projects::SnippetsController < Projects::ApplicationController
# Allow destroy snippet
before_filter :authorize_admin_project_snippet!, only: [:destroy]
layout 'projects'
respond_to :html
def index
......
class Projects::TeamMembersController < Projects::ApplicationController
# Authorize
before_filter :authorize_read_project!
before_filter :authorize_admin_project!, except: [:index, :show]
before_filter :authorize_admin_project!
layout "project_settings"
......
class ProjectsController < Projects::ApplicationController
class ProjectsController < ApplicationController
skip_before_filter :authenticate_user!, only: [:show]
skip_before_filter :project, only: [:new, :create]
skip_before_filter :repository, only: [:new, :create]
before_filter :project, except: [:new, :create]
before_filter :repository, except: [:new, :create]
# Authorize
before_filter :authorize_read_project!, except: [:index, :new, :create]
......
......@@ -154,7 +154,7 @@ class Ability
def group_abilities user, group
rules = []
if group.users.include?(user)
if group.users.include?(user) || user.admin?
rules << :read_group
end
......
......@@ -32,6 +32,10 @@ class Group < Namespace
end
end
def add_user(user, group_access)
self.users_groups.create(user_id: user.id, group_access: group_access)
end
def change_owner(user)
self.owner = user
membership = users_groups.where(user_id: user.id).first
......
......@@ -19,6 +19,7 @@
%i.icon-download-alt
%span.only-wide Download
- if current_user
.dropdown.pull-right
%a.dropdown-toggle.btn{href: '#', "data-toggle" => "dropdown"}
%i.icon-plus-sign-alt
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment