Commit 3e6cbcdd authored by Kamil Trzcinski's avatar Kamil Trzcinski Committed by James Edwards-Jones

Fix pages abilities

parent 492627c9
class Projects::PagesController < Projects::ApplicationController class Projects::PagesController < Projects::ApplicationController
layout 'project_settings' layout 'project_settings'
before_action :authorize_update_pages! before_action :authorize_read_pages!, only: [:show]
before_action :authorize_update_pages!, except: [:show]
def show def show
@domains = @project.pages_domains.order(:domain) @domains = @project.pages_domains.order(:domain)
......
...@@ -110,6 +110,8 @@ class ProjectPolicy < BasePolicy ...@@ -110,6 +110,8 @@ class ProjectPolicy < BasePolicy
can! :admin_pipeline can! :admin_pipeline
can! :admin_environment can! :admin_environment
can! :admin_deployment can! :admin_deployment
can! :admin_pages
can! :read_pages
can! :update_pages can! :update_pages
end end
......
...@@ -7,3 +7,5 @@ ...@@ -7,3 +7,5 @@
Removing the pages will prevent from exposing them to outside world. Removing the pages will prevent from exposing them to outside world.
.form-actions .form-actions
= link_to 'Remove pages', namespace_project_pages_path(@project.namespace, @project), data: { confirm: 'Are you sure?'}, method: :delete, class: "btn btn-remove" = link_to 'Remove pages', namespace_project_pages_path(@project.namespace, @project), data: { confirm: 'Are you sure?'}, method: :delete, class: "btn btn-remove"
- else
.nothing-here-block Only the project owner can remove pages
- if @domains.any? - if can?(current_user, :update_pages, @project) && @domains.any?
.panel.panel-default .panel.panel-default
.panel-heading .panel-heading
Domains (#{@domains.count}) Domains (#{@domains.count})
......
.panel.panel-default - if can?(current_user, :update_pages, @project)
.panel.panel-default
.panel-heading .panel-heading
Domains Domains
.nothing-here-block .nothing-here-block
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
%h3.page_title %h3.page_title
Pages Pages
- if Gitlab.config.pages.external_http || Gitlab.config.pages.external_https - if can?(current_user, :update_pages, @project) && (Gitlab.config.pages.external_http || Gitlab.config.pages.external_https)
= link_to new_namespace_project_pages_domain_path(@project.namespace, @project), class: 'btn btn-new pull-right', title: 'New Domain' do = link_to new_namespace_project_pages_domain_path(@project.namespace, @project), class: 'btn btn-new pull-right', title: 'New Domain' do
%i.fa.fa-plus %i.fa.fa-plus
New Domain New Domain
......
...@@ -62,11 +62,14 @@ The following table depicts the various user permission levels in a project. ...@@ -62,11 +62,14 @@ The following table depicts the various user permission levels in a project.
| Manage runners | | | | ✓ | ✓ | | Manage runners | | | | ✓ | ✓ |
| Manage build triggers | | | | ✓ | ✓ | | Manage build triggers | | | | ✓ | ✓ |
| Manage variables | | | | ✓ | ✓ | | Manage variables | | | | ✓ | ✓ |
| Manage pages | | | | ✓ | ✓ |
| Manage pages domains and certificates | | | | ✓ | ✓ |
| Switch visibility level | | | | | ✓ | | Switch visibility level | | | | | ✓ |
| Transfer project to another namespace | | | | | ✓ | | Transfer project to another namespace | | | | | ✓ |
| Remove project | | | | | ✓ | | Remove project | | | | | ✓ |
| Force push to protected branches [^3] | | | | | | | Force push to protected branches [^3] | | | | | |
| Remove protected branches [^3] | | | | | | | Remove protected branches [^3] | | | | | |
| Remove pages | | | | | ✓ |
## Group ## Group
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment