Refactor abilities. Added ProjectUpdate context. Fixed few bugs with namespaces
This commit is contained in:
parent
a1ffc673b9
commit
eb1004f789
18 changed files with 127 additions and 53 deletions
21
app/contexts/project_update_context.rb
Normal file
21
app/contexts/project_update_context.rb
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
class ProjectUpdateContext < BaseContext
|
||||||
|
def execute(role = :default)
|
||||||
|
namespace_id = params[:project].delete(:namespace_id)
|
||||||
|
|
||||||
|
if namespace_id.present?
|
||||||
|
if namespace_id == Namespace.global_id
|
||||||
|
if project.namespace.present?
|
||||||
|
# Transfer to global namespace from anyone
|
||||||
|
project.transfer(nil)
|
||||||
|
end
|
||||||
|
elsif namespace_id.to_i != project.namespace_id
|
||||||
|
# Transfer to someone namespace
|
||||||
|
namespace = Namespace.find(namespace_id)
|
||||||
|
project.transfer(namespace)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
project.update_attributes(params[:project], as: role)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
|
@ -24,13 +24,9 @@ class Admin::ProjectsController < AdminController
|
||||||
end
|
end
|
||||||
|
|
||||||
def update
|
def update
|
||||||
owner_id = params[:project].delete(:owner_id)
|
status = ProjectUpdateContext.new(project, current_user, params).execute(:admin)
|
||||||
|
|
||||||
if owner_id
|
if status
|
||||||
@project.owner = User.find(owner_id)
|
|
||||||
end
|
|
||||||
|
|
||||||
if @project.update_attributes(params[:project], as: :admin)
|
|
||||||
redirect_to [:admin, @project], notice: 'Project was successfully updated.'
|
redirect_to [:admin, @project], notice: 'Project was successfully updated.'
|
||||||
else
|
else
|
||||||
render action: "edit"
|
render action: "edit"
|
||||||
|
|
|
@ -2,6 +2,7 @@ class ApplicationController < ActionController::Base
|
||||||
before_filter :authenticate_user!
|
before_filter :authenticate_user!
|
||||||
before_filter :reject_blocked!
|
before_filter :reject_blocked!
|
||||||
before_filter :set_current_user_for_observers
|
before_filter :set_current_user_for_observers
|
||||||
|
before_filter :add_abilities
|
||||||
before_filter :dev_tools if Rails.env == 'development'
|
before_filter :dev_tools if Rails.env == 'development'
|
||||||
|
|
||||||
protect_from_forgery
|
protect_from_forgery
|
||||||
|
@ -65,11 +66,17 @@ class ApplicationController < ActionController::Base
|
||||||
def project
|
def project
|
||||||
id = params[:project_id] || params[:id]
|
id = params[:project_id] || params[:id]
|
||||||
|
|
||||||
@project ||= current_user.projects.find_with_namespace(id)
|
@project = Project.find_with_namespace(id)
|
||||||
@project || render_404
|
|
||||||
|
if @project and can?(current_user, :read_project, @project)
|
||||||
|
@project
|
||||||
|
else
|
||||||
|
@project = nil
|
||||||
|
render_404
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def add_project_abilities
|
def add_abilities
|
||||||
abilities << Ability
|
abilities << Ability
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,7 @@ class DashboardController < ApplicationController
|
||||||
before_filter :event_filter, only: :index
|
before_filter :event_filter, only: :index
|
||||||
|
|
||||||
def index
|
def index
|
||||||
@groups = Group.where(id: current_user.projects.pluck(:namespace_id))
|
@groups = current_user.accessed_groups
|
||||||
@projects = @projects.page(params[:page]).per(30)
|
@projects = @projects.page(params[:page]).per(30)
|
||||||
@events = Event.in_projects(current_user.project_ids)
|
@events = Event.in_projects(current_user.project_ids)
|
||||||
@events = @event_filter.apply_filter(@events)
|
@events = @event_filter.apply_filter(@events)
|
||||||
|
|
|
@ -4,7 +4,6 @@ class GroupsController < ApplicationController
|
||||||
|
|
||||||
before_filter :group
|
before_filter :group
|
||||||
before_filter :projects
|
before_filter :projects
|
||||||
before_filter :add_project_abilities
|
|
||||||
|
|
||||||
def show
|
def show
|
||||||
@events = Event.in_projects(project_ids).limit(20).offset(params[:offset] || 0)
|
@events = Event.in_projects(project_ids).limit(20).offset(params[:offset] || 0)
|
||||||
|
@ -45,7 +44,7 @@ class GroupsController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def people
|
def people
|
||||||
@users = group.users.all
|
@users = group.users
|
||||||
end
|
end
|
||||||
|
|
||||||
protected
|
protected
|
||||||
|
@ -55,7 +54,11 @@ class GroupsController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def projects
|
def projects
|
||||||
@projects ||= current_user.projects_sorted_by_activity.where(namespace_id: @group.id)
|
@projects ||= if can?(current_user, :manage_group, @group)
|
||||||
|
@group.projects.all
|
||||||
|
else
|
||||||
|
current_user.projects_sorted_by_activity.where(namespace_id: @group.id)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def project_ids
|
def project_ids
|
||||||
|
|
|
@ -1,5 +1,3 @@
|
||||||
class ProjectResourceController < ApplicationController
|
class ProjectResourceController < ApplicationController
|
||||||
before_filter :project
|
before_filter :project
|
||||||
# Authorize
|
|
||||||
before_filter :add_project_abilities
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -34,20 +34,10 @@ class ProjectsController < ProjectResourceController
|
||||||
end
|
end
|
||||||
|
|
||||||
def update
|
def update
|
||||||
if params[:project].has_key?(:namespace_id)
|
status = ProjectUpdateContext.new(project, current_user, params).execute
|
||||||
namespace_id = params[:project].delete(:namespace_id)
|
|
||||||
if namespace_id == Namespace.global_id and project.namespace.present?
|
|
||||||
# Transfer to global namespace from anyone
|
|
||||||
project.transfer(nil)
|
|
||||||
elsif namespace_id.present? and namespace_id.to_i != project.namespace_id
|
|
||||||
# Transfer to someone namespace
|
|
||||||
namespace = Namespace.find(namespace_id)
|
|
||||||
project.transfer(namespace)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
if project.update_attributes(params[:project])
|
if status
|
||||||
flash[:notice] = 'Project was successfully updated.'
|
flash[:notice] = 'Project was successfully updated.'
|
||||||
format.html { redirect_to edit_project_path(project), notice: 'Project was successfully updated.' }
|
format.html { redirect_to edit_project_path(project), notice: 'Project was successfully updated.' }
|
||||||
format.js
|
format.js
|
||||||
|
|
|
@ -15,7 +15,37 @@ class Ability
|
||||||
def project_abilities(user, project)
|
def project_abilities(user, project)
|
||||||
rules = []
|
rules = []
|
||||||
|
|
||||||
rules << [
|
# Rules based on role in project
|
||||||
|
if project.master_access_for?(user)
|
||||||
|
# TODO: replace with master rules.
|
||||||
|
# Only allow project administration for owners
|
||||||
|
rules << project_admin_rules
|
||||||
|
|
||||||
|
elsif project.dev_access_for?(user)
|
||||||
|
rules << project_dev_rules
|
||||||
|
|
||||||
|
elsif project.report_access_for?(user)
|
||||||
|
rules << project_report_rules
|
||||||
|
|
||||||
|
elsif project.guest_access_for?(user)
|
||||||
|
rules << project_guest_rules
|
||||||
|
end
|
||||||
|
|
||||||
|
# If user own project namespace (Ex. group owner or account owner)
|
||||||
|
if project.namespace && project.namespace.owner == user
|
||||||
|
rules << project_admin_rules
|
||||||
|
end
|
||||||
|
|
||||||
|
# If user was set as direct project owner
|
||||||
|
if project.owner == user
|
||||||
|
rules << project_admin_rules
|
||||||
|
end
|
||||||
|
|
||||||
|
rules.flatten
|
||||||
|
end
|
||||||
|
|
||||||
|
def project_guest_rules
|
||||||
|
[
|
||||||
:read_project,
|
:read_project,
|
||||||
:read_wiki,
|
:read_wiki,
|
||||||
:read_issue,
|
:read_issue,
|
||||||
|
@ -27,28 +57,30 @@ class Ability
|
||||||
:write_project,
|
:write_project,
|
||||||
:write_issue,
|
:write_issue,
|
||||||
:write_note
|
:write_note
|
||||||
] if project.guest_access_for?(user)
|
]
|
||||||
|
end
|
||||||
|
|
||||||
rules << [
|
def project_report_rules
|
||||||
|
project_guest_rules + [
|
||||||
:download_code,
|
:download_code,
|
||||||
:write_merge_request,
|
:write_merge_request,
|
||||||
:write_snippet
|
:write_snippet
|
||||||
] if project.report_access_for?(user)
|
]
|
||||||
|
end
|
||||||
|
|
||||||
rules << [
|
def project_dev_rules
|
||||||
|
project_report_rules + [
|
||||||
:write_wiki,
|
:write_wiki,
|
||||||
:push_code
|
:push_code
|
||||||
] if project.dev_access_for?(user)
|
]
|
||||||
|
end
|
||||||
|
|
||||||
rules << [
|
def project_master_rules
|
||||||
:push_code_to_protected_branches
|
project_dev_rules + [
|
||||||
] if project.master_access_for?(user)
|
:push_code_to_protected_branches,
|
||||||
|
|
||||||
rules << [
|
|
||||||
:modify_issue,
|
:modify_issue,
|
||||||
:modify_snippet,
|
:modify_snippet,
|
||||||
:modify_merge_request,
|
:modify_merge_request,
|
||||||
:admin_project,
|
|
||||||
:admin_issue,
|
:admin_issue,
|
||||||
:admin_milestone,
|
:admin_milestone,
|
||||||
:admin_snippet,
|
:admin_snippet,
|
||||||
|
@ -57,9 +89,13 @@ class Ability
|
||||||
:admin_note,
|
:admin_note,
|
||||||
:accept_mr,
|
:accept_mr,
|
||||||
:admin_wiki
|
:admin_wiki
|
||||||
] if project.master_access_for?(user) || project.owner == user
|
]
|
||||||
|
end
|
||||||
|
|
||||||
rules.flatten
|
def project_admin_rules
|
||||||
|
project_master_rules + [
|
||||||
|
:admin_project
|
||||||
|
]
|
||||||
end
|
end
|
||||||
|
|
||||||
def group_abilities user, group
|
def group_abilities user, group
|
||||||
|
|
|
@ -13,7 +13,9 @@
|
||||||
|
|
||||||
class Group < Namespace
|
class Group < Namespace
|
||||||
def users
|
def users
|
||||||
User.joins(:users_projects).where(users_projects: {project_id: project_ids}).uniq
|
users = User.joins(:users_projects).where(users_projects: {project_id: project_ids})
|
||||||
|
users = users << owner
|
||||||
|
users.uniq
|
||||||
end
|
end
|
||||||
|
|
||||||
def human_name
|
def human_name
|
||||||
|
|
|
@ -53,12 +53,14 @@ class Namespace < ActiveRecord::Base
|
||||||
end
|
end
|
||||||
|
|
||||||
def move_dir
|
def move_dir
|
||||||
old_path = File.join(Gitlab.config.git_base_path, path_was)
|
if path_changed?
|
||||||
new_path = File.join(Gitlab.config.git_base_path, path)
|
old_path = File.join(Gitlab.config.git_base_path, path_was)
|
||||||
if File.exists?(new_path)
|
new_path = File.join(Gitlab.config.git_base_path, path)
|
||||||
raise "Already exists"
|
if File.exists?(new_path)
|
||||||
|
raise "Already exists"
|
||||||
|
end
|
||||||
|
system("mv #{old_path} #{new_path}")
|
||||||
end
|
end
|
||||||
system("mv #{old_path} #{new_path}")
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def rm_dir
|
def rm_dir
|
||||||
|
|
|
@ -29,7 +29,7 @@ class Project < ActiveRecord::Base
|
||||||
attr_accessible :name, :path, :description, :default_branch, :issues_enabled,
|
attr_accessible :name, :path, :description, :default_branch, :issues_enabled,
|
||||||
:wall_enabled, :merge_requests_enabled, :wiki_enabled, as: [:default, :admin]
|
:wall_enabled, :merge_requests_enabled, :wiki_enabled, as: [:default, :admin]
|
||||||
|
|
||||||
attr_accessible :namespace_id, as: :admin
|
attr_accessible :namespace_id, :owner_id, as: :admin
|
||||||
|
|
||||||
attr_accessor :error_code
|
attr_accessor :error_code
|
||||||
|
|
||||||
|
|
|
@ -123,4 +123,11 @@ class User < ActiveRecord::Base
|
||||||
self.password = self.password_confirmation = Devise.friendly_token.first(8)
|
self.password = self.password_confirmation = Devise.friendly_token.first(8)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def accessed_groups
|
||||||
|
@accessed_groups ||= begin
|
||||||
|
groups = Group.where(id: self.projects.pluck(:namespace_id)).all
|
||||||
|
groups + self.groups
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -22,7 +22,7 @@
|
||||||
- unless project.new_record?
|
- unless project.new_record?
|
||||||
.clearfix
|
.clearfix
|
||||||
= f.label :namespace_id
|
= f.label :namespace_id
|
||||||
.input= f.select :namespace_id, namespaces_options, {}, {class: 'chosen'}
|
.input= f.select :namespace_id, namespaces_options(@project.namespace_id), {}, {class: 'chosen'}
|
||||||
|
|
||||||
.clearfix
|
.clearfix
|
||||||
= f.label :owner_id
|
= f.label :owner_id
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
%h1 403
|
%h1.http_status_code 403
|
||||||
%h3.page_title Access Denied
|
%h3.page_title Access Denied
|
||||||
%hr
|
%hr
|
||||||
%p You are not allowed to access this page.
|
%p You are not allowed to access this page.
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
- if @events.any?
|
- if @events.any?
|
||||||
.content_list= render @events
|
.content_list= render @events
|
||||||
- else
|
- else
|
||||||
%h4.nothing_here_message Projects activity will be displayed here
|
%p.nothing_here_message Projects activity will be displayed here
|
||||||
.loading.hide
|
.loading.hide
|
||||||
.side
|
.side
|
||||||
= render "projects", projects: @projects
|
= render "projects", projects: @projects
|
||||||
|
|
11
db/fixtures/development/010_groups.rb
Normal file
11
db/fixtures/development/010_groups.rb
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
Group.seed(:id, [
|
||||||
|
{ id: 100, name: "Gitlab", path: 'gitlab', owner_id: 1},
|
||||||
|
{ id: 101, name: "Rails", path: 'rails', owner_id: 1 },
|
||||||
|
{ id: 102, name: "KDE", path: 'kde', owner_id: 1 }
|
||||||
|
])
|
||||||
|
|
||||||
|
Project.seed(:id, [
|
||||||
|
{ id: 10, name: "kdebase", path: "kdebase", owner_id: 1, namespace_id: 102 },
|
||||||
|
{ id: 11, name: "kdelibs", path: "kdelibs", owner_id: 1, namespace_id: 102 },
|
||||||
|
{ id: 12, name: "amarok", path: "amarok", owner_id: 1, namespace_id: 102 }
|
||||||
|
])
|
|
@ -24,7 +24,7 @@ describe Group do
|
||||||
it { should validate_presence_of :owner }
|
it { should validate_presence_of :owner }
|
||||||
|
|
||||||
describe :users do
|
describe :users do
|
||||||
it { group.users.should == [] }
|
it { group.users.should == [group.owner] }
|
||||||
end
|
end
|
||||||
|
|
||||||
describe :human_name do
|
describe :human_name do
|
||||||
|
|
|
@ -55,9 +55,10 @@ describe Namespace do
|
||||||
describe :move_dir do
|
describe :move_dir do
|
||||||
before do
|
before do
|
||||||
@namespace = create :namespace
|
@namespace = create :namespace
|
||||||
|
@namespace.stub(path_changed?: true)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should raise error when called directly" do
|
it "should raise error when dirtory exists" do
|
||||||
expect { @namespace.move_dir }.to raise_error("Already exists")
|
expect { @namespace.move_dir }.to raise_error("Already exists")
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue