Return membership lock feature for groups

app/controllers/projects/project_members_controller.rb

 class Projects::ProjectMembersController < Projects::ApplicationController
   # Authorize
   before_filter :authorize_admin_project!, except: :leave
+  before_filter :check_membership_lock, only: [:create, :update, :destroy]
 
   layout "project_settings"
 
@@ -103,4 +104,10 @@ class Projects::ProjectMembersController < Projects::ApplicationController
     AuditEventService.new(current_user, @project, options).
       for_member(member).security_event
   end
+
+  def check_membership_lock
+    if @project.group && @project.group.membership_lock
+      return access_denied!
+    end
+  end
 end

app/services/audit_event_service.rb

@@ -36,6 +36,8 @@ class AuditEventService
           target_details: user_name,
         }
       end
+
+    self
   end
 
   def security_event

app/views/projects/project_members/_project_member.html.haml

@@ -12,7 +12,7 @@
       %label.label.label-danger
         %strong Blocked
 
-  - if current_user_can_admin_project
+  - if current_user_can_admin_project && !membership_locked?
     - unless @project.personal? && user == current_user
       .pull-right
         %strong= member.human_access

app/views/projects/project_members/_shared_group_members.html.haml

@@ -8,9 +8,11 @@
       group, members with
       %strong #{group_links.human_access}
       role (#{shared_group_users_count})
-      .pull-right
-        = link_to members_group_path(shared_group), class: 'btn btn-small' do
-          %i.icon-edit
+      - if current_user.can?(:manage_group, shared_group)
+        .panel-head-actions
+          = link_to group_group_members_path(shared_group), class: 'btn btn-sm' do
+            %i.fa.fa-pencil-square-o
+            Edit group members
     %ul.well-list
       - shared_group.group_members.order('access_level DESC').limit(20).each do |member|
         = render 'groups/group_members/group_member', member: member, show_controls: false, show_roles: false

app/views/projects/project_members/index.html.haml

@@ -5,6 +5,10 @@
   Read more about project permissions
   %strong= link_to "here", help_page_path("permissions", "permissions"), class: "vlink"
 
+  - if membership_locked?
+    %span.pull-right.text-warning
+      Adding new users is disabled at group level
+
 %hr
 
 .clearfix.js-toggle-container
@@ -13,7 +17,7 @@
       = search_field_tag :search, params[:search], { placeholder: 'Find existing member by name', class: 'form-control search-text-input input-mn-300' }
     = button_tag 'Search', class: 'btn'
 
-  - if can?(current_user, :admin_project_member, @project)
+  - if !membership_locked? && can?(current_user, :admin_project_member, @project)
     %span.pull-right
       = button_tag class: 'btn btn-new btn-grouped js-toggle-button', type: 'button' do
         Add members
@@ -28,6 +32,8 @@
 
 - if @group
   = render "group_members", members: @group_members
+- if @project_group_links.any?
+  = render "shared_group_members"
 
 :coffeescript
   $('form.member-search-form').on 'submit', (event) ->

features/steps/groups_management.rb

@@ -29,7 +29,7 @@ class Spinach::Features::GroupsManagement < Spinach::FeatureSteps
   end
 
   step 'I can control user membership' do
-    page.should have_link 'New project member'
+    page.should have_button 'Add members'
     page.should have_link 'Import members'
     page.should have_selector '#project_member_access_level', text: 'Master'
   end
@@ -53,12 +53,12 @@ class Spinach::Features::GroupsManagement < Spinach::FeatureSteps
     @project = Project.find_by(name: "Open")
     click_link 'Projects'
 
-    link = "/#{@project.path_with_namespace}/team"
+    link = "/#{@project.path_with_namespace}/project_members"
     find(:xpath, "//a[@href=\"#{link}\"]").click
   end
 
   step 'I cannot control user membership from project page' do
-    page.should_not have_link 'New project member'
+    page.should_not have_button 'Add members'
     page.should_not have_link 'Import members'
     page.should have_selector '#project_member_access_level', text: 'Master'
   end