Commit 00e4a479 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

allow/deny user to create group/team

parent 585a53c4
......@@ -6,6 +6,7 @@ class GroupsController < ApplicationController
# Authorize
before_filter :authorize_read_group!, except: [:new, :create]
before_filter :authorize_create_group!, only: [:new, :create]
# Load group projects
before_filter :projects, except: [:new, :create]
......@@ -103,4 +104,8 @@ class GroupsController < ApplicationController
return render_404
end
end
def authorize_create_group!
can?(current_user, :create_group, nil)
end
end
class Ability
class << self
def allowed(object, subject)
def allowed(user, subject)
return [] unless user.kind_of?(User)
case subject.class.name
when "Project" then project_abilities(object, subject)
when "Issue" then issue_abilities(object, subject)
when "Note" then note_abilities(object, subject)
when "Snippet" then snippet_abilities(object, subject)
when "MergeRequest" then merge_request_abilities(object, subject)
when "Group", "Namespace" then group_abilities(object, subject)
when "UserTeam" then user_team_abilities(object, subject)
when "Project" then project_abilities(user, subject)
when "Issue" then issue_abilities(user, subject)
when "Note" then note_abilities(user, subject)
when "Snippet" then snippet_abilities(user, subject)
when "MergeRequest" then merge_request_abilities(user, subject)
when "Group", "Namespace" then group_abilities(user, subject)
when "UserTeam" then user_team_abilities(user, subject)
else []
end
end.concat(global_abilities(user))
end
def global_abilities(user)
rules = []
rules << :create_group if user.can_create_group
rules << :create_team if user.can_create_team
rules
end
def project_abilities(user, project)
......
......@@ -232,7 +232,7 @@ class User < ActiveRecord::Base
end
def can_create_group?
can_create_project?
can?(:create_group, nil)
end
def abilities
......
......@@ -46,6 +46,14 @@
= f.label :projects_limit
.input= f.number_field :projects_limit
.clearfix
= f.label :can_create_group
.input= f.check_box :can_create_group
.clearfix
= f.label :can_create_team
.input= f.check_box :can_create_team
.clearfix
= f.label :admin do
%strong.cred Administrator
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment