allow/deny user to create group/team

2013-01-25 11:30:49 +02:00 · 2013-01-25 11:30:49 +02:00 · 00e4a479d3
parent 585a53c415
commit 00e4a479d3
4 changed files with 32 additions and 10 deletions
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@ -6,6 +6,7 @@ class GroupsController < ApplicationController

  # Authorize
  before_filter :authorize_read_group!, except: [:new, :create]
+  before_filter :authorize_create_group!, only: [:new, :create]

  # Load group projects
  before_filter :projects, except: [:new, :create]
@ -103,4 +104,8 @@ class GroupsController < ApplicationController
      return render_404
    end
  end
+
+  def authorize_create_group!
+    can?(current_user, :create_group, nil)
+  end
 end
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@ -1,16 +1,25 @@
 class Ability
  class << self
-    def allowed(object, subject)
+    def allowed(user, subject)
+      return [] unless user.kind_of?(User)
+
      case subject.class.name
-      when "Project" then project_abilities(object, subject)
-      when "Issue" then issue_abilities(object, subject)
-      when "Note" then note_abilities(object, subject)
-      when "Snippet" then snippet_abilities(object, subject)
-      when "MergeRequest" then merge_request_abilities(object, subject)
-      when "Group", "Namespace" then group_abilities(object, subject)
-      when "UserTeam" then user_team_abilities(object, subject)
+      when "Project" then project_abilities(user, subject)
+      when "Issue" then issue_abilities(user, subject)
+      when "Note" then note_abilities(user, subject)
+      when "Snippet" then snippet_abilities(user, subject)
+      when "MergeRequest" then merge_request_abilities(user, subject)
+      when "Group", "Namespace" then group_abilities(user, subject)
+      when "UserTeam" then user_team_abilities(user, subject)
      else []
-      end
+      end.concat(global_abilities(user))
+    end
+
+    def global_abilities(user)
+      rules = []
+      rules << :create_group if user.can_create_group
+      rules << :create_team if user.can_create_team
+      rules
    end

    def project_abilities(user, project)
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -232,7 +232,7 @@ class User < ActiveRecord::Base
  end

  def can_create_group?
-    can_create_project?
+    can?(:create_group, nil)
  end

  def abilities
--- a/app/views/admin/users/_form.html.haml
+++ b/app/views/admin/users/_form.html.haml
@ -46,6 +46,14 @@
            = f.label :projects_limit
            .input= f.number_field :projects_limit

+          .clearfix
+            = f.label :can_create_group
+            .input= f.check_box :can_create_group
+
+          .clearfix
+            = f.label :can_create_team
+            .input= f.check_box :can_create_team
+
          .clearfix
            = f.label :admin do
              %strong.cred Administrator