4 roles permission system
This commit is contained in:
Dmitriy Zaporozhets
parent
dac7c44ab3
commit
1c62ec09b0
18 changed files with 66 additions and 111 deletions
|
|
@ -28,7 +28,7 @@ class ProjectsController < ApplicationController
|
|||
|
||||
Project.transaction do
|
||||
@project.save!
|
||||
@project.users_projects.create!(:repo_access => Repository::REPO_RW , :project_access => Project::PROJECT_RWA, :user => current_user)
|
||||
@project.users_projects.create!(:project_access => UsersProject::MASTER, :user => current_user)
|
||||
|
||||
# when project saved no team member exist so
|
||||
# project repository should be updated after first user add
|
||||
|
|
|
|||
|
|
@ -1,11 +1,6 @@
|
|||
require "grit"
|
||||
|
||||
class Project < ActiveRecord::Base
|
||||
PROJECT_N = 0
|
||||
PROJECT_R = 1
|
||||
PROJECT_RW = 2
|
||||
PROJECT_RWA = 3
|
||||
|
||||
belongs_to :owner, :class_name => "User"
|
||||
|
||||
has_many :merge_requests, :dependent => :destroy
|
||||
|
|
@ -61,12 +56,7 @@ class Project < ActiveRecord::Base
|
|||
end
|
||||
|
||||
def self.access_options
|
||||
{
|
||||
"Denied" => PROJECT_N,
|
||||
"Read" => PROJECT_R,
|
||||
"Report" => PROJECT_RW,
|
||||
"Admin" => PROJECT_RWA
|
||||
}
|
||||
UsersProject.access_roles
|
||||
end
|
||||
|
||||
def repository
|
||||
|
|
@ -193,11 +183,11 @@ class Project < ActiveRecord::Base
|
|||
# Should be rewrited for new access rights
|
||||
def add_access(user, *access)
|
||||
access = if access.include?(:admin)
|
||||
{ :project_access => PROJECT_RWA }
|
||||
{ :project_access => UsersProject::MASTER }
|
||||
elsif access.include?(:write)
|
||||
{ :project_access => PROJECT_RW }
|
||||
{ :project_access => UsersProject::DEVELOPER }
|
||||
else
|
||||
{ :project_access => PROJECT_R }
|
||||
{ :project_access => UsersProject::GUEST }
|
||||
end
|
||||
opts = { :user => user }
|
||||
opts.merge!(access)
|
||||
|
|
@ -210,48 +200,48 @@ class Project < ActiveRecord::Base
|
|||
|
||||
def repository_readers
|
||||
keys = Key.joins({:user => :users_projects}).
|
||||
where("users_projects.project_id = ? AND users_projects.repo_access = ?", id, Repository::REPO_R)
|
||||
where("users_projects.project_id = ? AND users_projects.project_access = ?", id, UsersProject::REPORTER)
|
||||
keys.map(&:identifier) + deploy_keys.map(&:identifier)
|
||||
end
|
||||
|
||||
def repository_writers
|
||||
keys = Key.joins({:user => :users_projects}).
|
||||
where("users_projects.project_id = ? AND users_projects.repo_access = ?", id, Repository::REPO_RW)
|
||||
where("users_projects.project_id = ? AND users_projects.project_access = ?", id, UsersProject::DEVELOPER)
|
||||
keys.map(&:identifier)
|
||||
end
|
||||
|
||||
def repository_masters
|
||||
keys = Key.joins({:user => :users_projects}).
|
||||
where("users_projects.project_id = ? AND users_projects.repo_access = ?", id, Repository::REPO_MASTER)
|
||||
where("users_projects.project_id = ? AND users_projects.project_access = ?", id, UsersProject::MASTER)
|
||||
keys.map(&:identifier)
|
||||
end
|
||||
|
||||
def readers
|
||||
@readers ||= users_projects.includes(:user).where(:project_access => [PROJECT_R, PROJECT_RW, PROJECT_RWA]).map(&:user)
|
||||
@readers ||= users_projects.includes(:user).map(&:user)
|
||||
end
|
||||
|
||||
def writers
|
||||
@writers ||= users_projects.includes(:user).where(:project_access => [PROJECT_RW, PROJECT_RWA]).map(&:user)
|
||||
@writers ||= users_projects.includes(:user).map(&:user)
|
||||
end
|
||||
|
||||
def admins
|
||||
@admins ||= users_projects.includes(:user).where(:project_access => PROJECT_RWA).map(&:user)
|
||||
@admins ||= users_projects.includes(:user).where(:project_access => UsersProject::MASTER).map(&:user)
|
||||
end
|
||||
|
||||
def allow_read_for?(user)
|
||||
!users_projects.where(:user_id => user.id, :project_access => [PROJECT_R, PROJECT_RW, PROJECT_RWA]).empty?
|
||||
!users_projects.where(:user_id => user.id).empty?
|
||||
end
|
||||
|
||||
def allow_write_for?(user)
|
||||
!users_projects.where(:user_id => user.id, :project_access => [PROJECT_RW, PROJECT_RWA]).empty?
|
||||
!users_projects.where(:user_id => user.id).empty?
|
||||
end
|
||||
|
||||
def allow_admin_for?(user)
|
||||
!users_projects.where(:user_id => user.id, :project_access => [PROJECT_RWA]).empty? || owner_id == user.id
|
||||
!users_projects.where(:user_id => user.id, :project_access => [UsersProject::MASTER]).empty? || owner_id == user.id
|
||||
end
|
||||
|
||||
def allow_pull_for?(user)
|
||||
!users_projects.where(:user_id => user.id, :repo_access => [Repository::REPO_R, Repository::REPO_RW, Repository::REPO_MASTER]).empty?
|
||||
!users_projects.where(:user_id => user.id, :project_access => [UsersProject::REPORTER, UsersProject::DEVELOPER, UsersProject::MASTER]).empty?
|
||||
end
|
||||
|
||||
def root_ref
|
||||
|
|
|
|||
|
|
@ -1,11 +1,6 @@
|
|||
require File.join(Rails.root, "lib", "gitlabhq", "git_host")
|
||||
|
||||
class Repository
|
||||
REPO_N = 0
|
||||
REPO_R = 1
|
||||
REPO_RW = 2
|
||||
REPO_MASTER = 3
|
||||
|
||||
attr_accessor :project
|
||||
|
||||
def self.default_ref
|
||||
|
|
@ -13,12 +8,7 @@ class Repository
|
|||
end
|
||||
|
||||
def self.access_options
|
||||
{
|
||||
"Denied" => REPO_N,
|
||||
"Pull" => REPO_R,
|
||||
"Pull & Push" => REPO_RW,
|
||||
"Master" => REPO_MASTER
|
||||
}
|
||||
{}
|
||||
end
|
||||
|
||||
def initialize(project)
|
||||
|
|
|
|||
|
|
@ -1,7 +1,8 @@
|
|||
class UsersProject < ActiveRecord::Base
|
||||
REPORTER = 21
|
||||
DEVELOPER = 22
|
||||
MASTER = 33
|
||||
GUEST = 10
|
||||
REPORTER = 20
|
||||
DEVELOPER = 30
|
||||
MASTER = 40
|
||||
|
||||
belongs_to :user
|
||||
belongs_to :project
|
||||
|
|
@ -21,7 +22,6 @@ class UsersProject < ActiveRecord::Base
|
|||
UsersProject.transaction do
|
||||
user_ids.each do |user_id|
|
||||
users_project = UsersProject.new(
|
||||
:repo_access => repo_access,
|
||||
:project_access => project_access,
|
||||
:user_id => user_id
|
||||
)
|
||||
|
|
@ -35,7 +35,6 @@ class UsersProject < ActiveRecord::Base
|
|||
UsersProject.transaction do
|
||||
project_ids.each do |project_id|
|
||||
users_project = UsersProject.new(
|
||||
:repo_access => repo_access,
|
||||
:project_access => project_access,
|
||||
)
|
||||
users_project.project_id = project_id
|
||||
|
|
@ -47,6 +46,7 @@ class UsersProject < ActiveRecord::Base
|
|||
|
||||
def self.access_roles
|
||||
{
|
||||
"Guest" => GUEST,
|
||||
"Reporter" => REPORTER,
|
||||
"Developer" => DEVELOPER,
|
||||
"Master" => MASTER
|
||||
|
|
@ -54,7 +54,7 @@ class UsersProject < ActiveRecord::Base
|
|||
end
|
||||
|
||||
def role_access
|
||||
"#{project_access}#{repo_access}"
|
||||
project_access
|
||||
end
|
||||
|
||||
def update_repository
|
||||
|
|
@ -68,7 +68,7 @@ class UsersProject < ActiveRecord::Base
|
|||
end
|
||||
|
||||
def repo_access_human
|
||||
Repository.access_options.key(self.repo_access)
|
||||
""
|
||||
end
|
||||
end
|
||||
# == Schema Information
|
||||
|
|
|
|||
|
|
@ -53,7 +53,6 @@
|
|||
%td
|
||||
= link_to tm.user_name, admin_users_path(tm.user)
|
||||
%td= select_tag :tm_project_access, options_for_select(Project.access_options, tm.project_access), :class => "medium project-access-select", :disabled => :disabled
|
||||
%td= select_tag :tm_repo_access, options_for_select(Repository.access_options, tm.repo_access), :class => "medium repo-access-select", :disabled => :disabled
|
||||
%td= link_to 'Edit Access', edit_admin_team_member_path(tm), :class => "btn small"
|
||||
%td= link_to 'Remove from team', admin_team_member_path(tm), :confirm => 'Are you sure?', :method => :delete, :class => "btn danger small"
|
||||
|
||||
|
|
@ -68,7 +67,6 @@
|
|||
%tr
|
||||
%td= select_tag :user_ids, options_from_collection_for_select(@users , :id, :name), :multiple => true
|
||||
%td= select_tag :project_access, options_for_select(Project.access_options), :class => "project-access-select"
|
||||
%td= select_tag :repo_access, options_for_select(Repository.access_options), :class => "repo-access-select"
|
||||
|
||||
.actions
|
||||
= submit_tag 'Add', :class => "btn primary"
|
||||
|
|
|
|||
|
|
@ -10,10 +10,6 @@
|
|||
.input
|
||||
= f.select :project_access, options_for_select(Project.access_options, @admin_team_member.project_access), {}, :class => "project-access-select"
|
||||
|
||||
.clearfix
|
||||
%label Repository Access:
|
||||
.input
|
||||
= f.select :repo_access, options_for_select(Repository.access_options, @admin_team_member.repo_access), {}, :class => "repo-access-select"
|
||||
%br
|
||||
.actions
|
||||
= f.submit 'Save', :class => "btn primary"
|
||||
|
|
|
|||
|
|
@ -61,7 +61,6 @@
|
|||
%tr
|
||||
%td= link_to project.name, admin_project_path(project)
|
||||
%td= select_tag :tm_project_access, options_for_select(Project.access_options, tm.project_access), :class => "medium project-access-select", :disabled => :disabled
|
||||
%td= select_tag :tm_repo_access, options_for_select(Repository.access_options, tm.repo_access), :class => "medium repo-access-select", :disabled => :disabled
|
||||
%td= link_to 'Edit Access', edit_admin_team_member_path(tm), :class => "btn small"
|
||||
%td= link_to 'Remove from team', admin_team_member_path(tm), :confirm => 'Are you sure?', :method => :delete, :class => "btn small danger"
|
||||
|
||||
|
|
@ -76,7 +75,6 @@
|
|||
%tr
|
||||
%td= select_tag :project_ids, options_from_collection_for_select(@projects , :id, :name), :multiple => true
|
||||
%td= select_tag :project_access, options_for_select(Project.access_options), :class => "project-access-select"
|
||||
%td= select_tag :repo_access, options_for_select(Repository.access_options), :class => "repo-access-select"
|
||||
|
||||
.actions
|
||||
= submit_tag 'Add', :class => "btn primary"
|
||||
|
|
|
|||
|
|
@ -1,6 +1,12 @@
|
|||
%h3 Permissions
|
||||
%hr
|
||||
|
||||
%h4 Reporter
|
||||
%ul
|
||||
%li Create new issue
|
||||
%li Create new merge request
|
||||
%li Write on project wall
|
||||
|
||||
%h4 Reporter
|
||||
%ul
|
||||
%li Pull project code
|
||||
|
|
|
|||
|
|
@ -14,18 +14,9 @@
|
|||
|
||||
.clearfix
|
||||
= f.label :project_access, "Project Access"
|
||||
.input= f.select :_project_access, options_for_select(UsersProject.access_roles, @team_member.role_access), {}, :class => "project-access-select"
|
||||
|
||||
.input= f.select :project_access, options_for_select(Project.access_options, @team_member.project_access), {}, :class => "project-access-select"
|
||||
|
||||
|
||||
-#.clearfix
|
||||
-#= f.label :project_access, "Project Access"
|
||||
-#.input= f.select :project_access, options_for_select(Project.access_options, @team_member.project_access), {}, :class => "project-access-select"
|
||||
|
||||
-#.clearfix
|
||||
-#= f.label :repo_access, "Repository Access"
|
||||
-#.input= f.select :repo_access, options_for_select(Repository.access_options, @team_member.repo_access), {}, :class => "repo-access-select"
|
||||
|
||||
.actions
|
||||
= f.submit 'Save', :class => "btn primary"
|
||||
= link_to "Cancel", team_project_path(@project), :class => "btn"
|
||||
|
|
@ -37,6 +28,6 @@
|
|||
|
||||
:javascript
|
||||
$('select#team_member_user_id').chosen();
|
||||
$('select#team_member__project_access').chosen();
|
||||
$('select#team_member_project_access').chosen();
|
||||
//$('select#team_member_repo_access').chosen();
|
||||
//$('select#team_member_project_access').chosen();
|
||||
|
|
|
|||
|
|
@ -11,9 +11,6 @@
|
|||
|
||||
.span3
|
||||
= form_for(member, :as => :team_member, :url => project_team_member_path(@project, member)) do |f|
|
||||
= f.select :_project_access, options_for_select(UsersProject.access_roles, member.role_access), {}, :class => "medium project-access-select", :disabled => !allow_admin
|
||||
-#.span3
|
||||
-#= form_for(member, :as => :team_member, :url => project_team_member_path(@project, member)) do |f|
|
||||
-#= f.select :repo_access, options_for_select(Repository.access_options, member.repo_access), {}, :class => "medium repo-access-select", :disabled => !allow_admin
|
||||
= f.select :project_access, options_for_select(UsersProject.access_roles, member.project_access), {}, :class => "medium project-access-select", :disabled => !allow_admin
|
||||
- if @project.owner == user
|
||||
%span.label Project Owner
|
||||
|
|
|
|||
|
|
@ -28,13 +28,6 @@
|
|||
= form_for(@team_member, :as => :team_member, :url => project_team_member_path(@project, @team_member)) do |f|
|
||||
= f.select :project_access, options_for_select(Project.access_options, @team_member.project_access), {}, :class => "project-access-select", :disabled => !allow_admin
|
||||
|
||||
%tr
|
||||
%td Repository Access
|
||||
%td
|
||||
= form_for(@team_member, :as => :team_member, :url => project_team_member_path(@project, @team_member)) do |f|
|
||||
= f.select :repo_access, options_for_select(Repository.access_options, @team_member.repo_access), {}, :class => "repo-access-select", :disabled => !allow_admin
|
||||
|
||||
|
||||
- unless user.skype.empty?
|
||||
%tr
|
||||
%td Skype:
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@
|
|||
|
||||
.span3
|
||||
%span.label= member.project_access_human
|
||||
%span.label= member.repo_access_human
|
||||
|
||||
- if can? current_user, :write_project, @project
|
||||
- if @project.issues_enabled && @project.merge_requests_enabled
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue