allow/deny user to create group/team
This commit is contained in:
parent
585a53c415
commit
00e4a479d3
|
@ -6,6 +6,7 @@ class GroupsController < ApplicationController
|
||||||
|
|
||||||
# Authorize
|
# Authorize
|
||||||
before_filter :authorize_read_group!, except: [:new, :create]
|
before_filter :authorize_read_group!, except: [:new, :create]
|
||||||
|
before_filter :authorize_create_group!, only: [:new, :create]
|
||||||
|
|
||||||
# Load group projects
|
# Load group projects
|
||||||
before_filter :projects, except: [:new, :create]
|
before_filter :projects, except: [:new, :create]
|
||||||
|
@ -103,4 +104,8 @@ class GroupsController < ApplicationController
|
||||||
return render_404
|
return render_404
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def authorize_create_group!
|
||||||
|
can?(current_user, :create_group, nil)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,16 +1,25 @@
|
||||||
class Ability
|
class Ability
|
||||||
class << self
|
class << self
|
||||||
def allowed(object, subject)
|
def allowed(user, subject)
|
||||||
|
return [] unless user.kind_of?(User)
|
||||||
|
|
||||||
case subject.class.name
|
case subject.class.name
|
||||||
when "Project" then project_abilities(object, subject)
|
when "Project" then project_abilities(user, subject)
|
||||||
when "Issue" then issue_abilities(object, subject)
|
when "Issue" then issue_abilities(user, subject)
|
||||||
when "Note" then note_abilities(object, subject)
|
when "Note" then note_abilities(user, subject)
|
||||||
when "Snippet" then snippet_abilities(object, subject)
|
when "Snippet" then snippet_abilities(user, subject)
|
||||||
when "MergeRequest" then merge_request_abilities(object, subject)
|
when "MergeRequest" then merge_request_abilities(user, subject)
|
||||||
when "Group", "Namespace" then group_abilities(object, subject)
|
when "Group", "Namespace" then group_abilities(user, subject)
|
||||||
when "UserTeam" then user_team_abilities(object, subject)
|
when "UserTeam" then user_team_abilities(user, subject)
|
||||||
else []
|
else []
|
||||||
|
end.concat(global_abilities(user))
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def global_abilities(user)
|
||||||
|
rules = []
|
||||||
|
rules << :create_group if user.can_create_group
|
||||||
|
rules << :create_team if user.can_create_team
|
||||||
|
rules
|
||||||
end
|
end
|
||||||
|
|
||||||
def project_abilities(user, project)
|
def project_abilities(user, project)
|
||||||
|
|
|
@ -232,7 +232,7 @@ class User < ActiveRecord::Base
|
||||||
end
|
end
|
||||||
|
|
||||||
def can_create_group?
|
def can_create_group?
|
||||||
can_create_project?
|
can?(:create_group, nil)
|
||||||
end
|
end
|
||||||
|
|
||||||
def abilities
|
def abilities
|
||||||
|
|
|
@ -46,6 +46,14 @@
|
||||||
= f.label :projects_limit
|
= f.label :projects_limit
|
||||||
.input= f.number_field :projects_limit
|
.input= f.number_field :projects_limit
|
||||||
|
|
||||||
|
.clearfix
|
||||||
|
= f.label :can_create_group
|
||||||
|
.input= f.check_box :can_create_group
|
||||||
|
|
||||||
|
.clearfix
|
||||||
|
= f.label :can_create_team
|
||||||
|
.input= f.check_box :can_create_team
|
||||||
|
|
||||||
.clearfix
|
.clearfix
|
||||||
= f.label :admin do
|
= f.label :admin do
|
||||||
%strong.cred Administrator
|
%strong.cred Administrator
|
||||||
|
|
Loading…
Reference in a new issue