Refactor abilities. Added ProjectUpdate context. Fixed few bugs with namespaces

2012-11-29 07:29:11 +03:00 · 2012-11-29 07:29:11 +03:00 · eb1004f789
commit eb1004f789
parent a1ffc673b9
18 changed files with 127 additions and 53 deletions
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@ -15,7 +15,37 @@ class Ability
    def project_abilities(user, project)
      rules = []

-      rules << [
+      # Rules based on role in project
+      if project.master_access_for?(user)
+        # TODO: replace with master rules.
+        # Only allow project administration for owners
+        rules << project_admin_rules
+
+      elsif project.dev_access_for?(user)
+        rules << project_dev_rules
+
+      elsif project.report_access_for?(user)
+        rules << project_report_rules
+
+      elsif project.guest_access_for?(user)
+        rules << project_guest_rules
+      end
+
+      # If user own project namespace (Ex. group owner or account owner)
+      if project.namespace && project.namespace.owner == user
+        rules << project_admin_rules
+      end
+
+      # If user was set as direct project owner
+      if project.owner == user
+        rules << project_admin_rules
+      end
+
+      rules.flatten
+    end
+
+    def project_guest_rules
+      [
        :read_project,
        :read_wiki,
        :read_issue,
@ -27,28 +57,30 @@ class Ability
        :write_project,
        :write_issue,
        :write_note
-      ] if project.guest_access_for?(user)
+      ]
+    end

-      rules << [
+    def project_report_rules
+      project_guest_rules + [
        :download_code,
        :write_merge_request,
        :write_snippet
-      ] if project.report_access_for?(user)
+      ]
+    end

-      rules << [
+    def project_dev_rules
+      project_report_rules + [
        :write_wiki,
        :push_code
-      ] if project.dev_access_for?(user)
+      ]
+    end

-      rules << [
-        :push_code_to_protected_branches
-      ] if project.master_access_for?(user)
-
-      rules << [
+    def project_master_rules
+      project_dev_rules + [
+        :push_code_to_protected_branches,
        :modify_issue,
        :modify_snippet,
        :modify_merge_request,
-        :admin_project,
        :admin_issue,
        :admin_milestone,
        :admin_snippet,
@ -57,9 +89,13 @@ class Ability
        :admin_note,
        :accept_mr,
        :admin_wiki
-      ] if project.master_access_for?(user) || project.owner == user
+      ]
+    end

-      rules.flatten
+    def project_admin_rules
+      project_master_rules + [
+        :admin_project
+      ]
    end

    def group_abilities user, group