Commit 573d367b authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Modify permissions for project and group

* Hooks and team pages allowed only for masters/owners
* Group page allowed for admin
* Corrent authentication for Projects controller
* Hide some project elements from visitor
parent 087d7e55
class Projects::HooksController < Projects::ApplicationController class Projects::HooksController < Projects::ApplicationController
# Authorize # Authorize
before_filter :authorize_read_project! before_filter :authorize_admin_project!
before_filter :authorize_admin_project!, only: [:new, :create, :destroy]
respond_to :html respond_to :html
......
...@@ -14,8 +14,6 @@ class Projects::SnippetsController < Projects::ApplicationController ...@@ -14,8 +14,6 @@ class Projects::SnippetsController < Projects::ApplicationController
# Allow destroy snippet # Allow destroy snippet
before_filter :authorize_admin_project_snippet!, only: [:destroy] before_filter :authorize_admin_project_snippet!, only: [:destroy]
layout 'projects'
respond_to :html respond_to :html
def index def index
......
class Projects::TeamMembersController < Projects::ApplicationController class Projects::TeamMembersController < Projects::ApplicationController
# Authorize # Authorize
before_filter :authorize_read_project! before_filter :authorize_admin_project!
before_filter :authorize_admin_project!, except: [:index, :show]
layout "project_settings" layout "project_settings"
......
class ProjectsController < Projects::ApplicationController class ProjectsController < ApplicationController
skip_before_filter :authenticate_user!, only: [:show] skip_before_filter :authenticate_user!, only: [:show]
skip_before_filter :project, only: [:new, :create] before_filter :project, except: [:new, :create]
skip_before_filter :repository, only: [:new, :create] before_filter :repository, except: [:new, :create]
# Authorize # Authorize
before_filter :authorize_read_project!, except: [:index, :new, :create] before_filter :authorize_read_project!, except: [:index, :new, :create]
......
...@@ -154,7 +154,7 @@ class Ability ...@@ -154,7 +154,7 @@ class Ability
def group_abilities user, group def group_abilities user, group
rules = [] rules = []
if group.users.include?(user) if group.users.include?(user) || user.admin?
rules << :read_group rules << :read_group
end end
......
...@@ -32,6 +32,10 @@ class Group < Namespace ...@@ -32,6 +32,10 @@ class Group < Namespace
end end
end end
def add_user(user, group_access)
self.users_groups.create(user_id: user.id, group_access: group_access)
end
def change_owner(user) def change_owner(user)
self.owner = user self.owner = user
membership = users_groups.where(user_id: user.id).first membership = users_groups.where(user_id: user.id).first
......
...@@ -19,37 +19,38 @@ ...@@ -19,37 +19,38 @@
%i.icon-download-alt %i.icon-download-alt
%span.only-wide Download %span.only-wide Download
.dropdown.pull-right - if current_user
%a.dropdown-toggle.btn{href: '#', "data-toggle" => "dropdown"} .dropdown.pull-right
%i.icon-plus-sign-alt %a.dropdown-toggle.btn{href: '#', "data-toggle" => "dropdown"}
%span.only-wide New %i.icon-plus-sign-alt
%b.caret %span.only-wide New
%ul.dropdown-menu %b.caret
- if @project.issues_enabled && can?(current_user, :write_issue, @project) %ul.dropdown-menu
%li - if @project.issues_enabled && can?(current_user, :write_issue, @project)
= link_to url_for_new_issue, title: "New Issue" do %li
Issue = link_to url_for_new_issue, title: "New Issue" do
- if @project.merge_requests_enabled && can?(current_user, :write_merge_request, @project) Issue
%li - if @project.merge_requests_enabled && can?(current_user, :write_merge_request, @project)
= link_to new_project_merge_request_path(@project), title: "New Merge Request" do %li
Merge Request = link_to new_project_merge_request_path(@project), title: "New Merge Request" do
- if @project.snippets_enabled && can?(current_user, :write_snippet, @project) Merge Request
%li - if @project.snippets_enabled && can?(current_user, :write_snippet, @project)
= link_to new_project_snippet_path(@project), title: "New Snippet" do %li
Snippet = link_to new_project_snippet_path(@project), title: "New Snippet" do
- if can? current_user, :push_code, @project Snippet
%li.divider - if can? current_user, :push_code, @project
%li %li.divider
= link_to new_project_branch_path(@project) do %li
%i.icon-code-fork = link_to new_project_branch_path(@project) do
Git branch %i.icon-code-fork
%li Git branch
= link_to new_project_tag_path(@project) do %li
%i.icon-tag = link_to new_project_tag_path(@project) do
Git tag %i.icon-tag
Git tag
- if can?(current_user, :admin_team_member, @project) - if can?(current_user, :admin_team_member, @project)
%li.divider %li.divider
%li %li
= link_to new_project_team_member_path(@project), title: "New project member" do = link_to new_project_team_member_path(@project), title: "New project member" do
Project member Project member
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment