Limit to only additions and block at project team level.

0e9f0a1c · Marin Jankovski · 4ec4bd29 · 0e9f0a1c · 0e9f0a1c · 0e9f0a1c
Commit 0e9f0a1c authored Dec 15, 2014 by Marin Jankovski
6 changed files
--- a/CHANGELOG-EE
+++ b/CHANGELOG-EE
@@ -2,7 +2,7 @@ v 7.6.0
  - Added Audit events related to membership changes for groups and projects
  - Added option to attempt a rebase before merging merge request
  - Dont show LDAP groups settings if LDAP disabled
-  - Added member lock for groups to disallow membership changes on project level
+  - Added member lock for groups to disallow membership additions on project level

 v 7.5.3
  - Only set up Sidetiq from a Sidekiq server process (fixes Redis::InheritedError)

--- a/app/models/project_team.rb
+++ b/app/models/project_team.rb
@@ -12,7 +12,6 @@ class ProjectTeam
  #   @team << [@users, :master]
  #
  def <<(args)
-    return false if group_member_lock
    users = args.first

    if users.respond_to?(:each)
@@ -53,6 +52,7 @@ class ProjectTeam
  end

  def add_users_ids(user_ids, access)
+    return false if group_member_lock
    ProjectMember.add_users_into_projects(
      [project.id],
      user_ids,

--- a/app/views/projects/team_members/_team_member.html.haml
+++ b/app/views/projects/team_members/_team_member.html.haml
 - user = member.user
 %li{id: dom_id(user), class: "team_member_row access-#{member.human_access.downcase}"}
-  - unless membership_locked?
-    .pull-right
-      - if current_user_can_admin_project
-        - unless @project.personal? && user == current_user
-          .pull-left
-            = form_for(member, as: :project_member, url: project_team_member_path(@project, member.user)) do |f|
-              = f.select :access_level, options_for_select(ProjectMember.access_roles, member.access_level), {}, class: "trigger-submit"
-            &nbsp;
-          = link_to project_team_member_path(@project, user), data: { confirm: remove_from_project_team_message(@project, user)}, method: :delete, class: "btn-tiny btn btn-remove", title: 'Remove user from team' do
-            %i.fa.fa-minus.fa-inverse
+  .pull-right
+    - if current_user_can_admin_project
+      - unless @project.personal? && user == current_user
+        .pull-left
+          = form_for(member, as: :project_member, url: project_team_member_path(@project, member.user)) do |f|
+            = f.select :access_level, options_for_select(ProjectMember.access_roles, member.access_level), {}, class: "trigger-submit"
+          &nbsp;
+        = link_to project_team_member_path(@project, user), data: { confirm: remove_from_project_team_message(@project, user)}, method: :delete, class: "btn-tiny btn btn-remove", title: 'Remove user from team' do
+          %i.fa.fa-minus.fa-inverse
  = image_tag avatar_icon(user.email, 32), class: "avatar s32"
  %p
    %strong= user.name
  %span.cgray= user.username
-
-
--- a/app/views/projects/team_members/index.html.haml
+++ b/app/views/projects/team_members/index.html.haml
@@ -15,7 +15,7 @@
  %strong= link_to "here", help_page_path("permissions", "permissions"), class: "vlink"
  - if membership_locked?
    %span.pull-right
-      Managing user access is disabled at group level
+      Adding new users is disabled at group level

 = render "team", members: @project_members
 - if @group

--- a/doc/workflow/groups.md
+++ b/doc/workflow/groups.md
@@ -74,11 +74,10 @@ gitlab_rails['gitlab_default_can_create_group'] = false

 In GitLab Enterprise Edition it is possible to lock membership in project to the level of members in group.

-This allows group owner to lock down any new project membership to any of the projects within the group allowing tighter control over
-project membership.
+This allows group owner to lock down any new project membership to any of the projects within the group allowing tighter control over project membership.

 To enable this feature, navigate to group settings page, select `Member lock` and `Save group`.

 ![Checkbox for membership lock](groups/membership_lock.png)

-This will disable the option for all users who previously had permissions to operate project memberships. No new users can be added, removed or their access level changed. Furthermore, any request to change project permission level for users through API will not be possible.
+This will disable the option for all users who previously had permissions to operate project memberships so no new users can be added. Furthermore, any request to add new user to project through API will not be possible.
--- a/features/steps/groups_management.rb
+++ b/features/steps/groups_management.rb
@@ -60,6 +60,6 @@ class Spinach::Features::GroupsManagement < Spinach::FeatureSteps
  step 'I cannot control user membership from project page' do
    page.should_not have_link 'New project member'
    page.should_not have_link 'Import members'
-    page.should_not have_selector '#project_member_access_level', text: 'Master'
+    page.should have_selector '#project_member_access_level', text: 'Master'
  end
 end