Commit 0e9f0a1c authored by Marin Jankovski's avatar Marin Jankovski

Limit to only additions and block at project team level.

parent 4ec4bd29
...@@ -2,7 +2,7 @@ v 7.6.0 ...@@ -2,7 +2,7 @@ v 7.6.0
- Added Audit events related to membership changes for groups and projects - Added Audit events related to membership changes for groups and projects
- Added option to attempt a rebase before merging merge request - Added option to attempt a rebase before merging merge request
- Dont show LDAP groups settings if LDAP disabled - Dont show LDAP groups settings if LDAP disabled
- Added member lock for groups to disallow membership changes on project level - Added member lock for groups to disallow membership additions on project level
v 7.5.3 v 7.5.3
- Only set up Sidetiq from a Sidekiq server process (fixes Redis::InheritedError) - Only set up Sidetiq from a Sidekiq server process (fixes Redis::InheritedError)
......
...@@ -12,7 +12,6 @@ class ProjectTeam ...@@ -12,7 +12,6 @@ class ProjectTeam
# @team << [@users, :master] # @team << [@users, :master]
# #
def <<(args) def <<(args)
return false if group_member_lock
users = args.first users = args.first
if users.respond_to?(:each) if users.respond_to?(:each)
...@@ -53,6 +52,7 @@ class ProjectTeam ...@@ -53,6 +52,7 @@ class ProjectTeam
end end
def add_users_ids(user_ids, access) def add_users_ids(user_ids, access)
return false if group_member_lock
ProjectMember.add_users_into_projects( ProjectMember.add_users_into_projects(
[project.id], [project.id],
user_ids, user_ids,
......
- user = member.user - user = member.user
%li{id: dom_id(user), class: "team_member_row access-#{member.human_access.downcase}"} %li{id: dom_id(user), class: "team_member_row access-#{member.human_access.downcase}"}
- unless membership_locked?
.pull-right .pull-right
- if current_user_can_admin_project - if current_user_can_admin_project
- unless @project.personal? && user == current_user - unless @project.personal? && user == current_user
...@@ -14,5 +13,3 @@ ...@@ -14,5 +13,3 @@
%p %p
%strong= user.name %strong= user.name
%span.cgray= user.username %span.cgray= user.username
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
%strong= link_to "here", help_page_path("permissions", "permissions"), class: "vlink" %strong= link_to "here", help_page_path("permissions", "permissions"), class: "vlink"
- if membership_locked? - if membership_locked?
%span.pull-right %span.pull-right
Managing user access is disabled at group level Adding new users is disabled at group level
= render "team", members: @project_members = render "team", members: @project_members
- if @group - if @group
......
...@@ -74,11 +74,10 @@ gitlab_rails['gitlab_default_can_create_group'] = false ...@@ -74,11 +74,10 @@ gitlab_rails['gitlab_default_can_create_group'] = false
In GitLab Enterprise Edition it is possible to lock membership in project to the level of members in group. In GitLab Enterprise Edition it is possible to lock membership in project to the level of members in group.
This allows group owner to lock down any new project membership to any of the projects within the group allowing tighter control over This allows group owner to lock down any new project membership to any of the projects within the group allowing tighter control over project membership.
project membership.
To enable this feature, navigate to group settings page, select `Member lock` and `Save group`. To enable this feature, navigate to group settings page, select `Member lock` and `Save group`.
![Checkbox for membership lock](groups/membership_lock.png) ![Checkbox for membership lock](groups/membership_lock.png)
This will disable the option for all users who previously had permissions to operate project memberships. No new users can be added, removed or their access level changed. Furthermore, any request to change project permission level for users through API will not be possible. This will disable the option for all users who previously had permissions to operate project memberships so no new users can be added. Furthermore, any request to add new user to project through API will not be possible.
...@@ -60,6 +60,6 @@ class Spinach::Features::GroupsManagement < Spinach::FeatureSteps ...@@ -60,6 +60,6 @@ class Spinach::Features::GroupsManagement < Spinach::FeatureSteps
step 'I cannot control user membership from project page' do step 'I cannot control user membership from project page' do
page.should_not have_link 'New project member' page.should_not have_link 'New project member'
page.should_not have_link 'Import members' page.should_not have_link 'Import members'
page.should_not have_selector '#project_member_access_level', text: 'Master' page.should have_selector '#project_member_access_level', text: 'Master'
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment