Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kazuhiko Shiozaki
gitlab-ce
Commits
8c40aab1
Commit
8c40aab1
authored
Feb 22, 2012
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Abilities extended. Resources security improved
parent
af82b677
Changes
16
Show whitespace changes
Inline
Side-by-side
Showing
16 changed files
with
51 additions
and
52 deletions
+51
-52
app/controllers/application_controller.rb
app/controllers/application_controller.rb
+4
-0
app/controllers/commits_controller.rb
app/controllers/commits_controller.rb
+1
-0
app/controllers/issues_controller.rb
app/controllers/issues_controller.rb
+2
-3
app/controllers/merge_requests_controller.rb
app/controllers/merge_requests_controller.rb
+2
-3
app/controllers/refs_controller.rb
app/controllers/refs_controller.rb
+1
-0
app/controllers/repositories_controller.rb
app/controllers/repositories_controller.rb
+1
-0
app/controllers/snippets_controller.rb
app/controllers/snippets_controller.rb
+6
-7
app/controllers/wikis_controller.rb
app/controllers/wikis_controller.rb
+6
-15
app/models/ability.rb
app/models/ability.rb
+11
-5
app/models/project.rb
app/models/project.rb
+1
-1
app/views/help/permissions.html.haml
app/views/help/permissions.html.haml
+4
-1
app/views/issues/_show.html.haml
app/views/issues/_show.html.haml
+1
-2
app/views/layouts/_project_menu.html.haml
app/views/layouts/_project_menu.html.haml
+3
-2
app/views/merge_requests/show.html.haml
app/views/merge_requests/show.html.haml
+1
-2
app/views/widgets/_project_member.html.haml
app/views/widgets/_project_member.html.haml
+4
-8
app/views/wikis/show.html.haml
app/views/wikis/show.html.haml
+3
-3
No files found.
app/controllers/application_controller.rb
View file @
8c40aab1
...
@@ -48,6 +48,10 @@ class ApplicationController < ActionController::Base
...
@@ -48,6 +48,10 @@ class ApplicationController < ActionController::Base
return
render_404
unless
can?
(
current_user
,
action
,
project
)
return
render_404
unless
can?
(
current_user
,
action
,
project
)
end
end
def
authorize_code_access!
return
render_404
unless
can?
(
current_user
,
:download_code
,
project
)
end
def
access_denied!
def
access_denied!
render_404
render_404
end
end
...
...
app/controllers/commits_controller.rb
View file @
8c40aab1
...
@@ -7,6 +7,7 @@ class CommitsController < ApplicationController
...
@@ -7,6 +7,7 @@ class CommitsController < ApplicationController
# Authorize
# Authorize
before_filter
:add_project_abilities
before_filter
:add_project_abilities
before_filter
:authorize_read_project!
before_filter
:authorize_read_project!
before_filter
:authorize_code_access!
before_filter
:require_non_empty_project
before_filter
:require_non_empty_project
before_filter
:load_refs
,
:only
=>
:index
# load @branch, @tag & @ref
before_filter
:load_refs
,
:only
=>
:index
# load @branch, @tag & @ref
before_filter
:render_full_content
before_filter
:render_full_content
...
...
app/controllers/issues_controller.rb
View file @
8c40aab1
...
@@ -126,12 +126,11 @@ class IssuesController < ApplicationController
...
@@ -126,12 +126,11 @@ class IssuesController < ApplicationController
end
end
def
authorize_modify_issue!
def
authorize_modify_issue!
can?
(
current_user
,
:modify_issue
,
@issue
)
||
return
render_404
unless
can?
(
current_user
,
:modify_issue
,
@issue
)
@issue
.
assignee
==
current_user
end
end
def
authorize_admin_issue!
def
authorize_admin_issue!
can?
(
current_user
,
:admin_issue
,
@issue
)
return
render_404
unless
can?
(
current_user
,
:admin_issue
,
@issue
)
end
end
def
module_enabled
def
module_enabled
...
...
app/controllers/merge_requests_controller.rb
View file @
8c40aab1
...
@@ -112,12 +112,11 @@ class MergeRequestsController < ApplicationController
...
@@ -112,12 +112,11 @@ class MergeRequestsController < ApplicationController
end
end
def
authorize_modify_merge_request!
def
authorize_modify_merge_request!
can?
(
current_user
,
:modify_merge_request
,
@merge_request
)
||
return
render_404
unless
can?
(
current_user
,
:modify_merge_request
,
@merge_request
)
@merge_request
.
assignee
==
current_user
end
end
def
authorize_admin_merge_request!
def
authorize_admin_merge_request!
can?
(
current_user
,
:admin_merge_request
,
@merge_request
)
return
render_404
unless
can?
(
current_user
,
:admin_merge_request
,
@merge_request
)
end
end
def
module_enabled
def
module_enabled
...
...
app/controllers/refs_controller.rb
View file @
8c40aab1
...
@@ -4,6 +4,7 @@ class RefsController < ApplicationController
...
@@ -4,6 +4,7 @@ class RefsController < ApplicationController
# Authorize
# Authorize
before_filter
:add_project_abilities
before_filter
:add_project_abilities
before_filter
:authorize_read_project!
before_filter
:authorize_read_project!
before_filter
:authorize_code_access!
before_filter
:require_non_empty_project
before_filter
:require_non_empty_project
before_filter
:ref
before_filter
:ref
...
...
app/controllers/repositories_controller.rb
View file @
8c40aab1
...
@@ -4,6 +4,7 @@ class RepositoriesController < ApplicationController
...
@@ -4,6 +4,7 @@ class RepositoriesController < ApplicationController
# Authorize
# Authorize
before_filter
:add_project_abilities
before_filter
:add_project_abilities
before_filter
:authorize_read_project!
before_filter
:authorize_read_project!
before_filter
:authorize_code_access!
before_filter
:require_non_empty_project
before_filter
:require_non_empty_project
before_filter
:render_full_content
before_filter
:render_full_content
...
...
app/controllers/snippets_controller.rb
View file @
8c40aab1
class
SnippetsController
<
ApplicationController
class
SnippetsController
<
ApplicationController
before_filter
:authenticate_user!
before_filter
:authenticate_user!
before_filter
:project
before_filter
:project
before_filter
:snippet
,
:only
=>
[
:show
,
:edit
,
:destroy
,
:update
]
layout
"project"
layout
"project"
# Authorize
# Authorize
...
@@ -41,11 +42,9 @@ class SnippetsController < ApplicationController
...
@@ -41,11 +42,9 @@ class SnippetsController < ApplicationController
end
end
def
edit
def
edit
@snippet
=
@project
.
snippets
.
find
(
params
[
:id
])
end
end
def
update
def
update
@snippet
=
@project
.
snippets
.
find
(
params
[
:id
])
@snippet
.
update_attributes
(
params
[
:snippet
])
@snippet
.
update_attributes
(
params
[
:snippet
])
if
@snippet
.
valid?
if
@snippet
.
valid?
...
@@ -56,15 +55,12 @@ class SnippetsController < ApplicationController
...
@@ -56,15 +55,12 @@ class SnippetsController < ApplicationController
end
end
def
show
def
show
@snippet
=
@project
.
snippets
.
find
(
params
[
:id
])
@notes
=
@snippet
.
notes
@notes
=
@snippet
.
notes
@note
=
@project
.
notes
.
new
(
:noteable
=>
@snippet
)
@note
=
@project
.
notes
.
new
(
:noteable
=>
@snippet
)
render_full_content
render_full_content
end
end
def
destroy
def
destroy
@snippet
=
@project
.
snippets
.
find
(
params
[
:id
])
return
access_denied!
unless
can?
(
current_user
,
:admin_snippet
,
@snippet
)
return
access_denied!
unless
can?
(
current_user
,
:admin_snippet
,
@snippet
)
@snippet
.
destroy
@snippet
.
destroy
...
@@ -73,12 +69,15 @@ class SnippetsController < ApplicationController
...
@@ -73,12 +69,15 @@ class SnippetsController < ApplicationController
end
end
protected
protected
def
snippet
@snippet
||=
@project
.
snippets
.
find
(
params
[
:id
])
end
def
authorize_modify_snippet!
def
authorize_modify_snippet!
can?
(
current_user
,
:modify_snippet
,
@snippet
)
return
render_404
unless
can?
(
current_user
,
:modify_snippet
,
@snippet
)
end
end
def
authorize_admin_snippet!
def
authorize_admin_snippet!
can?
(
current_user
,
:admin_snippet
,
@snippet
)
return
render_404
unless
can?
(
current_user
,
:admin_snippet
,
@snippet
)
end
end
end
end
app/controllers/wikis_controller.rb
View file @
8c40aab1
...
@@ -2,7 +2,7 @@ class WikisController < ApplicationController
...
@@ -2,7 +2,7 @@ class WikisController < ApplicationController
before_filter
:project
before_filter
:project
before_filter
:add_project_abilities
before_filter
:add_project_abilities
before_filter
:authorize_read_wiki!
before_filter
:authorize_read_wiki!
before_filter
:authorize_write_wiki!
,
:
except
=>
[
:show
,
:destro
y
]
before_filter
:authorize_write_wiki!
,
:
only
=>
[
:edit
,
:create
,
:histor
y
]
before_filter
:authorize_admin_wiki!
,
:only
=>
:destroy
before_filter
:authorize_admin_wiki!
,
:only
=>
:destroy
layout
"project"
layout
"project"
...
@@ -12,6 +12,11 @@ class WikisController < ApplicationController
...
@@ -12,6 +12,11 @@ class WikisController < ApplicationController
else
else
@wiki
=
@project
.
wikis
.
where
(
:slug
=>
params
[
:id
]).
order
(
"created_at"
).
last
@wiki
=
@project
.
wikis
.
where
(
:slug
=>
params
[
:id
]).
order
(
"created_at"
).
last
end
end
unless
@wiki
return
render_404
unless
can?
(
current_user
,
:write_wiki
,
@project
)
end
respond_to
do
|
format
|
respond_to
do
|
format
|
if
@wiki
if
@wiki
format
.
html
format
.
html
...
@@ -51,18 +56,4 @@ class WikisController < ApplicationController
...
@@ -51,18 +56,4 @@ class WikisController < ApplicationController
format
.
html
{
redirect_to
project_wiki_path
(
@project
,
:index
),
notice:
"Page was successfully deleted"
}
format
.
html
{
redirect_to
project_wiki_path
(
@project
,
:index
),
notice:
"Page was successfully deleted"
}
end
end
end
end
protected
def
authorize_read_wiki!
can?
(
current_user
,
:read_wiki
,
@project
)
end
def
authorize_write_wiki!
can?
(
current_user
,
:write_wiki
,
@project
)
end
def
authorize_admin_wiki!
can?
(
current_user
,
:admin_wiki
,
@project
)
end
end
end
app/models/ability.rb
View file @
8c40aab1
...
@@ -5,7 +5,7 @@ class Ability
...
@@ -5,7 +5,7 @@ class Ability
when
"Issue"
then
issue_abilities
(
object
,
subject
)
when
"Issue"
then
issue_abilities
(
object
,
subject
)
when
"Note"
then
note_abilities
(
object
,
subject
)
when
"Note"
then
note_abilities
(
object
,
subject
)
when
"Snippet"
then
snippet_abilities
(
object
,
subject
)
when
"Snippet"
then
snippet_abilities
(
object
,
subject
)
when
"
Wiki"
then
wiki
_abilities
(
object
,
subject
)
when
"
MergeRequest"
then
merge_request
_abilities
(
object
,
subject
)
else
[]
else
[]
end
end
end
end
...
@@ -23,13 +23,13 @@ class Ability
...
@@ -23,13 +23,13 @@ class Ability
:read_note
,
:read_note
,
:write_project
,
:write_project
,
:write_issue
,
:write_issue
,
:write_snippet
,
:write_merge_request
,
:write_note
:write_note
]
if
project
.
guest_access_for?
(
user
)
]
if
project
.
guest_access_for?
(
user
)
rules
<<
[
rules
<<
[
:download_code
,
:download_code
,
:write_merge_request
,
:write_snippet
]
if
project
.
report_access_for?
(
user
)
]
if
project
.
report_access_for?
(
user
)
rules
<<
[
rules
<<
[
...
@@ -39,7 +39,7 @@ class Ability
...
@@ -39,7 +39,7 @@ class Ability
rules
<<
[
rules
<<
[
:modify_issue
,
:modify_issue
,
:modify_snippet
,
:modify_snippet
,
:modify_
wiki
,
:modify_
merge_request
,
:admin_project
,
:admin_project
,
:admin_issue
,
:admin_issue
,
:admin_snippet
,
:admin_snippet
,
...
@@ -47,7 +47,7 @@ class Ability
...
@@ -47,7 +47,7 @@ class Ability
:admin_merge_request
,
:admin_merge_request
,
:admin_note
,
:admin_note
,
:admin_wiki
:admin_wiki
]
if
project
.
master_access_for?
(
user
)
]
if
project
.
master_access_for?
(
user
)
||
project
.
owner
==
user
rules
.
flatten
rules
.
flatten
...
@@ -63,6 +63,12 @@ class Ability
...
@@ -63,6 +63,12 @@ class Ability
:"modify_
#{
name
}
"
,
:"modify_
#{
name
}
"
,
:"admin_
#{
name
}
"
:"admin_
#{
name
}
"
]
]
elsif
subject
.
respond_to?
(
:assignee
)
&&
subject
.
assignee
==
user
[
:"read_
#{
name
}
"
,
:"write_
#{
name
}
"
,
:"modify_
#{
name
}
"
,
]
else
else
subject
.
respond_to?
(
:project
)
?
subject
.
respond_to?
(
:project
)
?
project_abilities
(
user
,
subject
.
project
)
:
[]
project_abilities
(
user
,
subject
.
project
)
:
[]
...
...
app/models/project.rb
View file @
8c40aab1
...
@@ -188,7 +188,7 @@ class Project < ActiveRecord::Base
...
@@ -188,7 +188,7 @@ class Project < ActiveRecord::Base
elsif
access
.
include?
(
:write
)
elsif
access
.
include?
(
:write
)
{
:project_access
=>
UsersProject
::
DEVELOPER
}
{
:project_access
=>
UsersProject
::
DEVELOPER
}
else
else
{
:project_access
=>
UsersProject
::
GUEST
}
{
:project_access
=>
UsersProject
::
REPORTER
}
end
end
opts
=
{
:user
=>
user
}
opts
=
{
:user
=>
user
}
opts
.
merge!
(
access
)
opts
.
merge!
(
access
)
...
...
app/views/help/permissions.html.haml
View file @
8c40aab1
...
@@ -4,15 +4,17 @@
...
@@ -4,15 +4,17 @@
%h4
Guest
%h4
Guest
%ul
%ul
%li
Create new issue
%li
Create new issue
%li
Create new merge request
%li
Leave comments
%li
Write on project wall
%li
Write on project wall
%h4
Reporter
%h4
Reporter
%ul
%ul
%li
Pull project code
%li
Pull project code
%li
Download project
%li
Create new issue
%li
Create new issue
%li
Create new merge request
%li
Create new merge request
%li
Write on project wall
%li
Write on project wall
%li
Create a code snippets
%h4
Developer
%h4
Developer
...
@@ -25,6 +27,7 @@
...
@@ -25,6 +27,7 @@
%li
Create new issue
%li
Create new issue
%li
Create new merge request
%li
Create new merge request
%li
Write on project wall
%li
Write on project wall
%li
Write a wiki
%h4
Master
%h4
Master
%ul
%ul
...
...
app/views/issues/_show.html.haml
View file @
8c40aab1
%li
.wll
{
:id
=>
dom_id
(
issue
),
:class
=>
"issue #{issue.critical ? "
critical
" : ""}"
,
:url
=>
project_issue_path
(
issue
.
project
,
issue
)
}
%li
.wll
{
:id
=>
dom_id
(
issue
),
:class
=>
"issue #{issue.critical ? "
critical
" : ""}"
,
:url
=>
project_issue_path
(
issue
.
project
,
issue
)
}
.right
.right
-
if
can?
current_user
,
:
write
_issue
,
issue
-
if
can?
current_user
,
:
modify
_issue
,
issue
-
if
issue
.
closed
-
if
issue
.
closed
=
link_to
'Reopen'
,
project_issue_path
(
issue
.
project
,
issue
,
:issue
=>
{
:closed
=>
false
},
:status_only
=>
true
),
:method
=>
:put
,
:class
=>
"btn small"
,
:remote
=>
true
=
link_to
'Reopen'
,
project_issue_path
(
issue
.
project
,
issue
,
:issue
=>
{
:closed
=>
false
},
:status_only
=>
true
),
:method
=>
:put
,
:class
=>
"btn small"
,
:remote
=>
true
-
else
-
else
=
link_to
'Resolve'
,
project_issue_path
(
issue
.
project
,
issue
,
:issue
=>
{
:closed
=>
true
},
:status_only
=>
true
),
:method
=>
:put
,
:class
=>
"success btn small"
,
:remote
=>
true
=
link_to
'Resolve'
,
project_issue_path
(
issue
.
project
,
issue
,
:issue
=>
{
:closed
=>
true
},
:status_only
=>
true
),
:method
=>
:put
,
:class
=>
"success btn small"
,
:remote
=>
true
-
if
can?
current_user
,
:write_issue
,
issue
=
link_to
'Edit'
,
edit_project_issue_path
(
issue
.
project
,
issue
),
:class
=>
"btn small edit-issue-link"
,
:remote
=>
true
=
link_to
'Edit'
,
edit_project_issue_path
(
issue
.
project
,
issue
),
:class
=>
"btn small edit-issue-link"
,
:remote
=>
true
-#- if can?(current_user, :admin_issue, @project) || issue.author == current_user
-#- if can?(current_user, :admin_issue, @project) || issue.author == current_user
= link_to 'Remove', [issue.project, issue], :confirm => 'Are you sure?', :method => :delete, :remote => true, :class => "danger btn small delete-issue", :id => "destroy_issue_#{issue.id}"
= link_to 'Remove', [issue.project, issue], :confirm => 'Are you sure?', :method => :delete, :remote => true, :class => "danger btn small delete-issue", :id => "destroy_issue_#{issue.id}"
...
...
app/views/layouts/_project_menu.html.haml
View file @
8c40aab1
...
@@ -4,6 +4,7 @@
...
@@ -4,6 +4,7 @@
Project
Project
-
if
@project
.
repo_exists?
-
if
@project
.
repo_exists?
-
if
can?
current_user
,
:download_code
,
@project
=
link_to
"Files"
,
tree_project_ref_path
(
@project
,
@project
.
root_ref
),
:class
=>
tree_tab_class
=
link_to
"Files"
,
tree_project_ref_path
(
@project
,
@project
.
root_ref
),
:class
=>
tree_tab_class
=
link_to
"Commits"
,
project_commits_path
(
@project
),
:class
=>
commit_tab_class
=
link_to
"Commits"
,
project_commits_path
(
@project
),
:class
=>
commit_tab_class
...
...
app/views/merge_requests/show.html.haml
View file @
8c40aab1
...
@@ -10,12 +10,11 @@
...
@@ -10,12 +10,11 @@
=
@merge_request
.
created_at
.
stamp
(
"Aug 21, 2011"
)
=
@merge_request
.
created_at
.
stamp
(
"Aug 21, 2011"
)
%span
.right
%span
.right
-
if
can?
(
current_user
,
:
admin_project
,
@project
)
||
@merge_request
.
author
==
current_user
-
if
can?
(
current_user
,
:
modify_merge_request
,
@merge_request
)
-
if
@merge_request
.
closed
-
if
@merge_request
.
closed
=
link_to
'Reopen'
,
project_merge_request_path
(
@project
,
@merge_request
,
:merge_request
=>
{
:closed
=>
false
},
:status_only
=>
true
),
:method
=>
:put
,
:class
=>
"btn"
=
link_to
'Reopen'
,
project_merge_request_path
(
@project
,
@merge_request
,
:merge_request
=>
{
:closed
=>
false
},
:status_only
=>
true
),
:method
=>
:put
,
:class
=>
"btn"
-
else
-
else
=
link_to
'Close'
,
project_merge_request_path
(
@project
,
@merge_request
,
:merge_request
=>
{
:closed
=>
true
},
:status_only
=>
true
),
:method
=>
:put
,
:class
=>
"btn"
,
:title
=>
"Close merge request"
=
link_to
'Close'
,
project_merge_request_path
(
@project
,
@merge_request
,
:merge_request
=>
{
:closed
=>
true
},
:status_only
=>
true
),
:method
=>
:put
,
:class
=>
"btn"
,
:title
=>
"Close merge request"
-
if
can?
(
current_user
,
:admin_project
,
@project
)
||
@merge_request
.
author
==
current_user
=
link_to
edit_project_merge_request_path
(
@project
,
@merge_request
),
:class
=>
"btn small"
do
=
link_to
edit_project_merge_request_path
(
@project
,
@merge_request
),
:class
=>
"btn small"
do
Edit
Edit
...
...
app/views/widgets/_project_member.html.haml
View file @
8c40aab1
...
@@ -11,23 +11,19 @@
...
@@ -11,23 +11,19 @@
%p
%p
-
if
@project
.
issues_enabled
-
if
@project
.
issues_enabled
%span
%span
Assigned
i
ssues:
Assigned
I
ssues:
=
current_user
.
assigned_issues
.
opened
.
count
=
current_user
.
assigned_issues
.
opened
.
count
%br
%br
-
if
@project
.
merge_requests_enabled
-
if
@project
.
merge_requests_enabled
%span
%span
Assigned merge request:
Assigned Requests:
=
current_user
.
assigned_merge_requests
.
opened
.
count
%br
%span
Your merge requests:
=
current_user
.
assigned_merge_requests
.
opened
.
count
=
current_user
.
assigned_merge_requests
.
opened
.
count
%br
%br
%br
%br
-
if
@project
.
merge_requests_enabled
-
if
@project
.
merge_requests_enabled
&&
can?
(
current_user
,
:write_merge_request
,
@project
)
=
link_to
new_project_merge_request_path
(
@project
),
:title
=>
"New Merge Request"
,
:class
=>
"btn small padded"
do
=
link_to
new_project_merge_request_path
(
@project
),
:title
=>
"New Merge Request"
,
:class
=>
"btn small padded"
do
Merge Request
Merge Request
-
if
@project
.
issues_enabled
-
if
@project
.
issues_enabled
&&
can?
(
current_user
,
:write_issue
,
@project
)
=
link_to
new_project_issue_path
(
@project
),
:title
=>
"New Issue"
,
:class
=>
"btn small"
do
=
link_to
new_project_issue_path
(
@project
),
:title
=>
"New Issue"
,
:class
=>
"btn small"
do
Issue
Issue
...
...
app/views/wikis/show.html.haml
View file @
8c40aab1
...
@@ -11,6 +11,6 @@
...
@@ -11,6 +11,6 @@
=
markdown_to_html
@wiki
.
content
=
markdown_to_html
@wiki
.
content
%p
.time
Last edited by
#{
@wiki
.
user
.
name
}
, in
#{
time_ago_in_words
@wiki
.
created_at
}
%p
.time
Last edited by
#{
@wiki
.
user
.
name
}
, in
#{
time_ago_in_words
@wiki
.
created_at
}
-
if
can?
current_user
,
:
write
_wiki
,
@project
-
if
can?
current_user
,
:
admin
_wiki
,
@project
=
link_to
project_wiki_path
(
@project
,
@wiki
),
:confirm
=>
"Are you sure you want to delete this page?"
,
:method
=>
:delete
do
=
link_to
project_wiki_path
(
@project
,
@wiki
),
:confirm
=>
"Are you sure you want to delete this page?"
,
:method
=>
:delete
do
Delete this page
Delete this page
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment