Commit 33070084 authored by Douwe Maan's avatar Douwe Maan

Merge branch 'admin-group-member' into 'master'

Add specific ability for managing group members

To be used for https://dev.gitlab.org/gitlab/gitlab-ee/issues/290 (Internal issue)

See merge request !1059
parents 7a048cf4 0736f348
...@@ -18,4 +18,10 @@ class Groups::ApplicationController < ApplicationController ...@@ -18,4 +18,10 @@ class Groups::ApplicationController < ApplicationController
return render_404 return render_404
end end
end end
def authorize_admin_group_member!
unless can?(current_user, :admin_group_member, group)
return render_403
end
end
end end
...@@ -5,6 +5,7 @@ class Groups::GroupMembersController < Groups::ApplicationController ...@@ -5,6 +5,7 @@ class Groups::GroupMembersController < Groups::ApplicationController
# Authorize # Authorize
before_action :authorize_read_group! before_action :authorize_read_group!
before_action :authorize_admin_group!, except: [:index, :leave] before_action :authorize_admin_group!, except: [:index, :leave]
before_action :authorize_admin_group_member!, only: [:create, :resend_invite]
def index def index
@project = @group.projects.find(params[:project_id]) if params[:project_id] @project = @group.projects.find(params[:project_id]) if params[:project_id]
...@@ -28,6 +29,9 @@ class Groups::GroupMembersController < Groups::ApplicationController ...@@ -28,6 +29,9 @@ class Groups::GroupMembersController < Groups::ApplicationController
def update def update
@member = @group.group_members.find(params[:id]) @member = @group.group_members.find(params[:id])
return render_403 unless can?(current_user, :update_group_member, @member)
@member.update_attributes(member_params) @member.update_attributes(member_params)
end end
......
...@@ -233,7 +233,8 @@ class Ability ...@@ -233,7 +233,8 @@ class Ability
if group.has_owner?(user) || user.admin? if group.has_owner?(user) || user.admin?
rules.push(*[ rules.push(*[
:admin_group, :admin_group,
:admin_namespace :admin_namespace,
:admin_group_member
]) ])
end end
...@@ -295,7 +296,7 @@ class Ability ...@@ -295,7 +296,7 @@ class Ability
rules = [] rules = []
target_user = subject.user target_user = subject.user
group = subject.group group = subject.group
can_manage = group_abilities(user, group).include?(:admin_group) can_manage = group_abilities(user, group).include?(:admin_group_member)
if can_manage && (user != target_user) if can_manage && (user != target_user)
rules << :update_group_member rules << :update_group_member
......
...@@ -51,6 +51,7 @@ ...@@ -51,6 +51,7 @@
= paginate @projects, param_name: 'projects_page', theme: 'gitlab' = paginate @projects, param_name: 'projects_page', theme: 'gitlab'
.col-md-6 .col-md-6
- if can?(current_user, :admin_group_member, @group)
.panel.panel-default .panel.panel-default
.panel-heading .panel-heading
Add user(s) to the group: Add user(s) to the group:
...@@ -86,6 +87,7 @@ ...@@ -86,6 +87,7 @@
(invited) (invited)
%span.pull-right.light %span.pull-right.light
= member.human_access = member.human_access
- if can?(current_user, :destroy_group_member, member)
= link_to group_group_member_path(@group, member), data: { confirm: remove_user_from_group_message(@group, member) }, method: :delete, remote: true, class: "btn-xs btn btn-remove", title: 'Remove user from group' do = link_to group_group_member_path(@group, member), data: { confirm: remove_user_from_group_message(@group, member) }, method: :delete, remote: true, class: "btn-xs btn btn-remove", title: 'Remove user from group' do
%i.fa.fa-minus.fa-inverse %i.fa.fa-minus.fa-inverse
.panel-footer .panel-footer
......
...@@ -24,7 +24,7 @@ ...@@ -24,7 +24,7 @@
= link_to member.created_by.name, user_path(member.created_by) = link_to member.created_by.name, user_path(member.created_by)
= time_ago_with_tooltip(member.created_at) = time_ago_with_tooltip(member.created_at)
- if show_controls && can?(current_user, :admin_group, @group) - if show_controls && can?(current_user, :admin_group_member, member)
= link_to resend_invite_group_group_member_path(@group, member), method: :post, class: "btn-xs btn", title: 'Resend invite' do = link_to resend_invite_group_group_member_path(@group, member), method: :post, class: "btn-xs btn", title: 'Resend invite' do
Resend invite Resend invite
......
...@@ -17,7 +17,7 @@ ...@@ -17,7 +17,7 @@
= search_field_tag :search, params[:search], { placeholder: 'Find existing member by name', class: 'form-control search-text-input' } = search_field_tag :search, params[:search], { placeholder: 'Find existing member by name', class: 'form-control search-text-input' }
= button_tag 'Search', class: 'btn' = button_tag 'Search', class: 'btn'
- if current_user && current_user.can?(:admin_group, @group) - if current_user && current_user.can?(:admin_group_member, @group)
.pull-right .pull-right
= button_tag class: 'btn btn-new js-toggle-button', type: 'button' do = button_tag class: 'btn btn-new js-toggle-button', type: 'button' do
Add members Add members
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment