Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
ecb83afa
Commit
ecb83afa
authored
Nov 17, 2015
by
Douwe Maan
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Refactor ability changes
parent
e849b51c
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
67 additions
and
71 deletions
+67
-71
app/models/ability.rb
app/models/ability.rb
+30
-24
app/models/concerns/has_owners.rb
app/models/concerns/has_owners.rb
+0
-31
app/models/group.rb
app/models/group.rb
+21
-2
app/models/member.rb
app/models/member.rb
+15
-11
app/models/project.rb
app/models/project.rb
+1
-3
No files found.
app/models/ability.rb
View file @
ecb83afa
...
...
@@ -240,11 +240,11 @@ class Ability
# Only group owner and administrators can admin group
if
group
.
has_owner?
(
user
)
||
user
.
admin?
rules
.
push
(
*
[
:admin_group
,
:admin_namespace
,
:admin_group_member
])
rules
+=
[
:admin_group
,
:admin_namespace
,
:admin_group_member
]
end
rules
.
flatten
...
...
@@ -255,16 +255,15 @@ class Ability
# Only namespace owner and administrators can admin it
if
namespace
.
owner
==
user
||
user
.
admin?
rules
.
push
(
*
[
:create_projects
,
:admin_namespace
])
rules
+=
[
:create_projects
,
:admin_namespace
]
end
rules
.
flatten
end
[
:issue
,
:merge_request
].
each
do
|
name
|
define_method
"
#{
name
}
_abilities"
do
|
user
,
subject
|
rules
=
[]
...
...
@@ -305,15 +304,18 @@ class Ability
rules
=
[]
target_user
=
subject
.
user
group
=
subject
.
group
can_manage
=
group_abilities
(
user
,
group
).
include?
(
:admin_group_member
)
if
can_manage
&&
(
user
!=
target_user
)
rules
<<
:update_group_member
rules
<<
:destroy_group_member
end
unless
group
.
last_owner?
(
target_user
)
can_manage
=
group_abilities
(
user
,
group
).
include?
(
:admin_group_member
)
if
!
group
.
last_owner?
(
user
)
&&
(
can_manage
||
(
user
==
target_user
))
rules
<<
:destroy_group_member
if
can_manage
&&
user
!=
target_user
rules
<<
:update_group_member
rules
<<
:destroy_group_member
end
if
user
==
target_user
rules
<<
:destroy_group_member
end
end
rules
...
...
@@ -323,16 +325,20 @@ class Ability
rules
=
[]
target_user
=
subject
.
user
project
=
subject
.
project
can_manage
=
project_abilities
(
user
,
project
).
include?
(
:admin_project_member
)
if
can_manage
&&
user
!=
target_user
&&
target_user
!=
project
.
owner
rules
<<
:update_project_member
rules
<<
:destroy_project_member
end
unless
target_user
==
project
.
owner
can_manage
=
project_abilities
(
user
,
project
).
include?
(
:admin_project_member
)
if
user
==
target_user
&&
target_user
!=
project
.
owner
rules
<<
:destroy_project_member
if
can_manage
&&
user
!=
target_user
rules
<<
:update_project_member
rules
<<
:destroy_project_member
end
if
user
==
target_user
rules
<<
:destroy_project_member
end
end
rules
end
...
...
app/models/concerns/has_owners.rb
deleted
100644 → 0
View file @
e849b51c
# == Owners concern
#
# Contains owners functionality for groups
#
module
HasOwners
extend
ActiveSupport
::
Concern
def
owners
@owners
||=
members
.
owners
.
includes
(
:user
).
map
(
&
:user
)
end
def
members
raise
NotImplementedError
,
"Expected members to be defined in
#{
self
.
class
.
name
}
"
end
def
add_owner
(
user
,
current_user
=
nil
)
add_user
(
user
,
Gitlab
::
Access
::
OWNER
,
current_user
)
end
def
has_owner?
(
user
)
owners
.
include?
(
user
)
end
def
has_master?
(
user
)
members
.
masters
.
where
(
user_id:
user
).
any?
end
def
last_owner?
(
user
)
has_owner?
(
user
)
&&
owners
.
size
==
1
end
end
app/models/group.rb
View file @
ecb83afa
...
...
@@ -20,8 +20,7 @@ require 'file_size_validator'
class
Group
<
Namespace
include
Gitlab
::
ConfigHelper
include
Referable
include
HasOwners
has_many
:group_members
,
dependent: :destroy
,
as: :source
,
class_name:
'GroupMember'
alias_method
:members
,
:group_members
has_many
:users
,
through: :group_members
...
...
@@ -66,6 +65,10 @@ class Group < Namespace
end
end
def
owners
@owners
||=
group_members
.
owners
.
includes
(
:user
).
map
(
&
:user
)
end
def
add_users
(
user_ids
,
access_level
,
current_user
=
nil
)
user_ids
.
each
do
|
user_id
|
Member
.
add_user
(
self
.
group_members
,
user_id
,
access_level
,
current_user
)
...
...
@@ -92,6 +95,22 @@ class Group < Namespace
add_user
(
user
,
Gitlab
::
Access
::
MASTER
,
current_user
)
end
def
add_owner
(
user
,
current_user
=
nil
)
add_user
(
user
,
Gitlab
::
Access
::
OWNER
,
current_user
)
end
def
has_owner?
(
user
)
owners
.
include?
(
user
)
end
def
has_master?
(
user
)
members
.
masters
.
where
(
user_id:
user
).
any?
end
def
last_owner?
(
user
)
has_owner?
(
user
)
&&
owners
.
size
==
1
end
def
avatar_type
unless
self
.
avatar
.
image?
self
.
errors
.
add
:avatar
,
"only images allowed"
...
...
app/models/member.rb
View file @
ecb83afa
...
...
@@ -34,16 +34,18 @@ class Member < ActiveRecord::Base
message:
"already exists in source"
,
allow_nil:
true
}
validates
:access_level
,
inclusion:
{
in:
Gitlab
::
Access
.
all_values
},
presence:
true
validates
:invite_email
,
presence:
{
if: :invite?
},
email:
{
strict_mode:
true
,
allow_nil:
true
},
uniqueness:
{
scope:
[
:source_type
,
:source_id
],
allow_nil:
true
}
validates
:invite_email
,
presence:
{
if: :invite?
},
email:
{
strict_mode:
true
,
allow_nil:
true
},
uniqueness:
{
scope:
[
:source_type
,
:source_id
],
allow_nil:
true
}
scope
:invite
,
->
{
where
(
user_id:
nil
)
}
scope
:non_invite
,
->
{
where
(
"user_id IS NOT NULL"
)
}
...
...
@@ -100,7 +102,9 @@ class Member < ActiveRecord::Base
private
def
can_update_member?
(
current_user
,
member
)
!
current_user
||
current_user
.
can?
(
:update_group_member
,
member
)
||
# There is no current user for bulk actions, in which case anything is allowed
!
current_user
||
current_user
.
can?
(
:update_group_member
,
member
)
||
current_user
.
can?
(
:update_project_member
,
member
)
end
end
...
...
app/models/project.rb
View file @
ecb83afa
...
...
@@ -42,8 +42,7 @@ class Project < ActiveRecord::Base
include
Sortable
include
AfterCommitQueue
include
CaseSensitivity
include
HasOwners
extend
Gitlab
::
ConfigHelper
extend
Enumerize
...
...
@@ -117,7 +116,6 @@ class Project < ActiveRecord::Base
has_many
:hooks
,
dependent: :destroy
,
class_name:
'ProjectHook'
has_many
:protected_branches
,
dependent: :destroy
has_many
:project_members
,
dependent: :destroy
,
as: :source
,
class_name:
'ProjectMember'
alias_method
:my_members
,
:project_members
has_many
:users
,
through: :project_members
has_many
:deploy_keys_projects
,
dependent: :destroy
has_many
:deploy_keys
,
through: :deploy_keys_projects
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment