Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
ccc9bed8
Commit
ccc9bed8
authored
Dec 15, 2011
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Abilities refactoring
parent
7a9fc480
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
83 additions
and
8 deletions
+83
-8
app/controllers/issues_controller.rb
app/controllers/issues_controller.rb
+20
-1
app/controllers/merge_requests_controller.rb
app/controllers/merge_requests_controller.rb
+21
-2
app/controllers/notes_controller.rb
app/controllers/notes_controller.rb
+2
-0
app/controllers/snippets_controller.rb
app/controllers/snippets_controller.rb
+21
-1
app/controllers/team_members_controller.rb
app/controllers/team_members_controller.rb
+1
-1
app/models/ability.rb
app/models/ability.rb
+6
-3
app/models/project.rb
app/models/project.rb
+12
-0
No files found.
app/controllers/issues_controller.rb
View file @
ccc9bed8
...
@@ -6,8 +6,18 @@ class IssuesController < ApplicationController
...
@@ -6,8 +6,18 @@ class IssuesController < ApplicationController
# Authorize
# Authorize
before_filter
:add_project_abilities
before_filter
:add_project_abilities
# Allow read any issue
before_filter
:authorize_read_issue!
before_filter
:authorize_read_issue!
before_filter
:authorize_write_issue!
,
:only
=>
[
:new
,
:create
,
:close
,
:edit
,
:update
,
:sort
]
# Allow write(create) issue
before_filter
:authorize_write_issue!
,
:only
=>
[
:new
,
:create
]
# Allow modify issue
before_filter
:authorize_modify_issue!
,
:only
=>
[
:close
,
:edit
,
:update
,
:sort
]
# Allow destroy issue
before_filter
:authorize_admin_issue!
,
:only
=>
[
:destroy
]
respond_to
:js
,
:html
respond_to
:js
,
:html
...
@@ -115,4 +125,13 @@ class IssuesController < ApplicationController
...
@@ -115,4 +125,13 @@ class IssuesController < ApplicationController
def
issue
def
issue
@issue
||=
@project
.
issues
.
find
(
params
[
:id
])
@issue
||=
@project
.
issues
.
find
(
params
[
:id
])
end
end
def
authorize_modify_issue!
can?
(
current_user
,
:modify_issue
,
@issue
)
||
@issue
.
assignee
==
current_user
end
def
authorize_admin_issue!
can?
(
current_user
,
:admin_issue
,
@issue
)
end
end
end
app/controllers/merge_requests_controller.rb
View file @
ccc9bed8
...
@@ -6,8 +6,18 @@ class MergeRequestsController < ApplicationController
...
@@ -6,8 +6,18 @@ class MergeRequestsController < ApplicationController
# Authorize
# Authorize
before_filter
:add_project_abilities
before_filter
:add_project_abilities
before_filter
:authorize_read_project!
before_filter
:authorize_write_project!
,
:only
=>
[
:new
,
:create
,
:edit
,
:update
]
# Allow read any merge_request
before_filter
:authorize_read_merge_request!
# Allow write(create) merge_request
before_filter
:authorize_write_merge_request!
,
:only
=>
[
:new
,
:create
]
# Allow modify merge_request
before_filter
:authorize_modify_merge_request!
,
:only
=>
[
:close
,
:edit
,
:update
,
:sort
]
# Allow destroy merge_request
before_filter
:authorize_admin_merge_request!
,
:only
=>
[
:destroy
]
def
index
def
index
@merge_requests
=
@project
.
merge_requests
@merge_requests
=
@project
.
merge_requests
...
@@ -85,4 +95,13 @@ class MergeRequestsController < ApplicationController
...
@@ -85,4 +95,13 @@ class MergeRequestsController < ApplicationController
def
merge_request
def
merge_request
@merge_request
||=
@project
.
merge_requests
.
find
(
params
[
:id
])
@merge_request
||=
@project
.
merge_requests
.
find
(
params
[
:id
])
end
end
def
authorize_modify_merge_request!
can?
(
current_user
,
:modify_merge_request
,
@merge_request
)
||
@merge_request
.
assignee
==
current_user
end
def
authorize_admin_merge_request!
can?
(
current_user
,
:admin_merge_request
,
@merge_request
)
end
end
end
app/controllers/notes_controller.rb
View file @
ccc9bed8
...
@@ -3,6 +3,8 @@ class NotesController < ApplicationController
...
@@ -3,6 +3,8 @@ class NotesController < ApplicationController
# Authorize
# Authorize
before_filter
:add_project_abilities
before_filter
:add_project_abilities
before_filter
:authorize_read_note!
before_filter
:authorize_write_note!
,
:only
=>
[
:create
]
before_filter
:authorize_write_note!
,
:only
=>
[
:create
]
respond_to
:js
respond_to
:js
...
...
app/controllers/snippets_controller.rb
View file @
ccc9bed8
...
@@ -5,8 +5,18 @@ class SnippetsController < ApplicationController
...
@@ -5,8 +5,18 @@ class SnippetsController < ApplicationController
# Authorize
# Authorize
before_filter
:add_project_abilities
before_filter
:add_project_abilities
# Allow read any snippet
before_filter
:authorize_read_snippet!
before_filter
:authorize_read_snippet!
before_filter
:authorize_write_snippet!
,
:only
=>
[
:new
,
:create
,
:close
,
:edit
,
:update
,
:sort
]
# Allow write(create) snippet
before_filter
:authorize_write_snippet!
,
:only
=>
[
:new
,
:create
]
# Allow modify snippet
before_filter
:authorize_modify_snippet!
,
:only
=>
[
:edit
,
:update
]
# Allow destroy snippet
before_filter
:authorize_admin_snippet!
,
:only
=>
[
:destroy
]
respond_to
:html
respond_to
:html
...
@@ -60,4 +70,14 @@ class SnippetsController < ApplicationController
...
@@ -60,4 +70,14 @@ class SnippetsController < ApplicationController
redirect_to
project_snippets_path
(
@project
)
redirect_to
project_snippets_path
(
@project
)
end
end
protected
def
authorize_modify_snippet!
can?
(
current_user
,
:modify_snippet
,
@snippet
)
end
def
authorize_admin_snippet!
can?
(
current_user
,
:admin_snippet
,
@snippet
)
end
end
end
app/controllers/team_members_controller.rb
View file @
ccc9bed8
...
@@ -5,7 +5,7 @@ class TeamMembersController < ApplicationController
...
@@ -5,7 +5,7 @@ class TeamMembersController < ApplicationController
# Authorize
# Authorize
before_filter
:add_project_abilities
before_filter
:add_project_abilities
before_filter
:authorize_read_project!
before_filter
:authorize_read_project!
before_filter
:authorize_admin_project!
,
:
only
=>
[
:new
,
:create
,
:destroy
,
:update
]
before_filter
:authorize_admin_project!
,
:
except
=>
[
:show
]
def
show
def
show
@team_member
=
project
.
users_projects
.
find
(
params
[
:id
])
@team_member
=
project
.
users_projects
.
find
(
params
[
:id
])
...
...
app/models/ability.rb
View file @
ccc9bed8
...
@@ -19,7 +19,7 @@ class Ability
...
@@ -19,7 +19,7 @@ class Ability
:read_team_member
,
:read_team_member
,
:read_merge_request
,
:read_merge_request
,
:read_note
:read_note
]
if
project
.
readers
.
include
?
(
user
)
]
if
project
.
allow_read_for
?
(
user
)
rules
<<
[
rules
<<
[
:write_project
,
:write_project
,
...
@@ -27,16 +27,18 @@ class Ability
...
@@ -27,16 +27,18 @@ class Ability
:write_snippet
,
:write_snippet
,
:write_merge_request
,
:write_merge_request
,
:write_note
:write_note
]
if
project
.
writers
.
include
?
(
user
)
]
if
project
.
allow_write_for
?
(
user
)
rules
<<
[
rules
<<
[
:modify_issue
,
:modify_snippet
,
:admin_project
,
:admin_project
,
:admin_issue
,
:admin_issue
,
:admin_snippet
,
:admin_snippet
,
:admin_team_member
,
:admin_team_member
,
:admin_merge_request
,
:admin_merge_request
,
:admin_note
:admin_note
]
if
project
.
a
dmins
.
include
?
(
user
)
]
if
project
.
a
llow_admin_for
?
(
user
)
rules
.
flatten
rules
.
flatten
end
end
...
@@ -48,6 +50,7 @@ class Ability
...
@@ -48,6 +50,7 @@ class Ability
[
[
:"read_
#{
name
}
"
,
:"read_
#{
name
}
"
,
:"write_
#{
name
}
"
,
:"write_
#{
name
}
"
,
:"modify_
#{
name
}
"
,
:"admin_
#{
name
}
"
:"admin_
#{
name
}
"
]
]
else
else
...
...
app/models/project.rb
View file @
ccc9bed8
...
@@ -161,6 +161,18 @@ class Project < ActiveRecord::Base
...
@@ -161,6 +161,18 @@ class Project < ActiveRecord::Base
@admins
||=
users_projects
.
includes
(
:user
).
where
(
:project_access
=>
PROJECT_RWA
).
map
(
&
:user
)
@admins
||=
users_projects
.
includes
(
:user
).
where
(
:project_access
=>
PROJECT_RWA
).
map
(
&
:user
)
end
end
def
allow_read_for?
(
user
)
!
users_projects
.
where
(
:user_id
=>
user
.
id
,
:project_access
=>
[
PROJECT_R
,
PROJECT_RW
,
PROJECT_RWA
]).
empty?
end
def
allow_write_for?
(
user
)
!
users_projects
.
where
(
:user_id
=>
user
.
id
,
:project_access
=>
[
PROJECT_RW
,
PROJECT_RWA
]).
empty?
end
def
allow_admin_for?
(
user
)
!
users_projects
.
where
(
:user_id
=>
user
.
id
,
:project_access
=>
[
PROJECT_RWA
]).
empty?
||
owner_id
==
user
.
id
end
def
root_ref
def
root_ref
default_branch
||
"master"
default_branch
||
"master"
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment