Allow a user to be an "Auditor"

An auditor user is intended to be user with read-only access to all projects and groups. Access to the admin area and any project settings pages are disallowed This commit lays the initial groundwork for this concept - adding an `auditor` column to the `users` table, as well as a few supplements.

Allow a user to be an "Auditor"
An auditor user is intended to be user with read-only access to all projects and groups. Access to the admin area and any project settings pages are disallowed This commit lays the initial groundwork for this concept - adding an `auditor` column to the `users` table, as well as a few supplements.
b9c36d6c · Timothy Andrew · 49f7a449 · b9c36d6c · b9c36d6c · b9c36d6c
Commit b9c36d6c authored Jan 20, 2017 by Timothy Andrew
4 changed files
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -123,6 +123,7 @@ class User < ActiveRecord::Base
  validate :unique_email, if: ->(user) { user.email_changed? }
  validate :owns_notification_email, if: ->(user) { user.notification_email_changed? }
  validate :owns_public_email, if: ->(user) { user.public_email_changed? }
+  validate :cannot_be_admin_and_auditor
  validates :avatar, file_size: { maximum: 200.kilobytes.to_i }
  before_validation :generate_password, on: :create
@@ -453,6 +454,12 @@ class User < ActiveRecord::Base
    end
  end
+  def cannot_be_admin_and_auditor
+    if admin? && auditor?
+      errors.add(:admin, "user cannot also be an Auditor.")
+    end
+  end
  # Returns the groups a user has access to
  def authorized_groups
    union = Gitlab::SQL::Union.

--- a/db/migrate/20170120123345_add_column_auditor_to_users.rb
+++ b/db/migrate/20170120123345_add_column_auditor_to_users.rb
+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+class AddColumnAuditorToUsers < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+  DOWNTIME = false
+  disable_ddl_transaction!
+  def change
+    add_column_with_default :users, :auditor, :boolean, default: false, allow_null: false
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -1452,6 +1452,7 @@ ActiveRecord::Schema.define(version: 20170204181513) do
    t.string "incoming_email_token"
    t.string "organization"
    t.boolean "authorized_projects_populated"
+    t.boolean "auditor", default: false, null: false
  end
  add_index "users", ["admin"], name: "index_users_on_admin", using: :btree

--- a/spec/factories/users.rb
+++ b/spec/factories/users.rb
@@ -14,6 +14,10 @@ FactoryGirl.define do
      admin true
    end
+    trait :auditor do
+      auditor true
+    end
    trait :external do
      external true
    end