From 00e4a479d3732a528745513e4150fe28fee178e2 Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Fri, 25 Jan 2013 11:30:49 +0200 Subject: [PATCH] allow/deny user to create group/team --- app/controllers/groups_controller.rb | 5 +++++ app/models/ability.rb | 27 ++++++++++++++++++--------- app/models/user.rb | 2 +- app/views/admin/users/_form.html.haml | 8 ++++++++ 4 files changed, 32 insertions(+), 10 deletions(-) diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index f95db1af..72df170f 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -6,6 +6,7 @@ class GroupsController < ApplicationController # Authorize before_filter :authorize_read_group!, except: [:new, :create] + before_filter :authorize_create_group!, only: [:new, :create] # Load group projects before_filter :projects, except: [:new, :create] @@ -103,4 +104,8 @@ class GroupsController < ApplicationController return render_404 end end + + def authorize_create_group! + can?(current_user, :create_group, nil) + end end diff --git a/app/models/ability.rb b/app/models/ability.rb index 63d72016..6d087a95 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -1,16 +1,25 @@ class Ability class << self - def allowed(object, subject) + def allowed(user, subject) + return [] unless user.kind_of?(User) + case subject.class.name - when "Project" then project_abilities(object, subject) - when "Issue" then issue_abilities(object, subject) - when "Note" then note_abilities(object, subject) - when "Snippet" then snippet_abilities(object, subject) - when "MergeRequest" then merge_request_abilities(object, subject) - when "Group", "Namespace" then group_abilities(object, subject) - when "UserTeam" then user_team_abilities(object, subject) + when "Project" then project_abilities(user, subject) + when "Issue" then issue_abilities(user, subject) + when "Note" then note_abilities(user, subject) + when "Snippet" then snippet_abilities(user, subject) + when "MergeRequest" then merge_request_abilities(user, subject) + when "Group", "Namespace" then group_abilities(user, subject) + when "UserTeam" then user_team_abilities(user, subject) else [] - end + end.concat(global_abilities(user)) + end + + def global_abilities(user) + rules = [] + rules << :create_group if user.can_create_group + rules << :create_team if user.can_create_team + rules end def project_abilities(user, project) diff --git a/app/models/user.rb b/app/models/user.rb index b61d2cb0..469436e9 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -232,7 +232,7 @@ class User < ActiveRecord::Base end def can_create_group? - can_create_project? + can?(:create_group, nil) end def abilities diff --git a/app/views/admin/users/_form.html.haml b/app/views/admin/users/_form.html.haml index 45195152..465568ad 100644 --- a/app/views/admin/users/_form.html.haml +++ b/app/views/admin/users/_form.html.haml @@ -46,6 +46,14 @@ = f.label :projects_limit .input= f.number_field :projects_limit + .clearfix + = f.label :can_create_group + .input= f.check_box :can_create_group + + .clearfix + = f.label :can_create_team + .input= f.check_box :can_create_team + .clearfix = f.label :admin do %strong.cred Administrator