Commit cacac147 authored by Vinnie Okada's avatar Vinnie Okada

Move restricted visibility settings to the UI

Add checkboxes to the application settings page for restricted
visibility levels, and remove those settings from gitlab.yml.
parent 3cf4359b
...@@ -11,6 +11,7 @@ v 7.9.0 (unreleased) ...@@ -11,6 +11,7 @@ v 7.9.0 (unreleased)
- Improve error messages for file edit failures - Improve error messages for file edit failures
- Improve UI for commits, issues and merge request lists - Improve UI for commits, issues and merge request lists
- Fix commit comments on first line of diff not rendering in Merge Request Discussion view. - Fix commit comments on first line of diff not rendering in Merge Request Discussion view.
- Move restricted visibility settings from gitlab.yml into the web UI.
- Improve trigger merge request hook when source project branch has been updated (Kirill Zaitsev) - Improve trigger merge request hook when source project branch has been updated (Kirill Zaitsev)
- Save web edit in new branch - Save web edit in new branch
- Fix ordering of imported but unchanged projects (Marco Wessel) - Fix ordering of imported but unchanged projects (Marco Wessel)
......
...@@ -97,3 +97,8 @@ label { ...@@ -97,3 +97,8 @@ label {
.wiki-content { .wiki-content {
margin-top: 35px; margin-top: 35px;
} }
.btn-group .btn.active {
text-shadow: 0 0 0.2em #D9534F, 0 0 0.2em #D9534F, 0 0 0.2em #D9534F;
background-color: #5487bf;
}
...@@ -20,6 +20,13 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController ...@@ -20,6 +20,13 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
end end
def application_setting_params def application_setting_params
restricted_levels = params[:application_setting][:restricted_visibility_levels]
unless restricted_levels.nil?
restricted_levels.map! do |level|
level.to_i
end
end
params.require(:application_setting).permit( params.require(:application_setting).permit(
:default_projects_limit, :default_projects_limit,
:default_branch_protection, :default_branch_protection,
...@@ -28,7 +35,8 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController ...@@ -28,7 +35,8 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
:gravatar_enabled, :gravatar_enabled,
:twitter_sharing_enabled, :twitter_sharing_enabled,
:sign_in_text, :sign_in_text,
:home_page_url :home_page_url,
restricted_visibility_levels: []
) )
end end
end end
...@@ -18,4 +18,20 @@ module ApplicationSettingsHelper ...@@ -18,4 +18,20 @@ module ApplicationSettingsHelper
def extra_sign_in_text def extra_sign_in_text
current_application_settings.sign_in_text current_application_settings.sign_in_text
end end
# Return a group of checkboxes that use Bootstrap's button plugin for a
# toggle button effect.
def restricted_level_checkboxes(help_block_id)
Gitlab::VisibilityLevel.options.map do |name, level|
checked = restricted_visibility_levels(true).include?(level)
css_class = 'btn btn-primary'
css_class += ' active' if checked
checkbox_name = 'application_setting[restricted_visibility_levels][]'
label_tag(checkbox_name, class: css_class) do
check_box_tag(checkbox_name, level, checked, autocomplete: 'off',
'aria-describedby' => help_block_id) + name
end
end
end
end end
...@@ -60,7 +60,8 @@ module VisibilityLevelHelper ...@@ -60,7 +60,8 @@ module VisibilityLevelHelper
Project.visibility_levels.key(level) Project.visibility_levels.key(level)
end end
def restricted_visibility_levels def restricted_visibility_levels(show_all = false)
current_user.is_admin? ? [] : gitlab_config.restricted_visibility_levels return [] if current_user.is_admin? && !show_all
current_application_settings.restricted_visibility_levels
end end
end end
...@@ -4,23 +4,36 @@ ...@@ -4,23 +4,36 @@
# #
# id :integer not null, primary key # id :integer not null, primary key
# default_projects_limit :integer # default_projects_limit :integer
# default_branch_protection :integer
# signup_enabled :boolean # signup_enabled :boolean
# signin_enabled :boolean # signin_enabled :boolean
# gravatar_enabled :boolean # gravatar_enabled :boolean
# twitter_sharing_enabled :boolean
# sign_in_text :text # sign_in_text :text
# created_at :datetime # created_at :datetime
# updated_at :datetime # updated_at :datetime
# home_page_url :string(255) # home_page_url :string(255)
# default_branch_protection :integer default(2) # default_branch_protection :integer default(2)
# twitter_sharing_enabled :boolean default(TRUE) # twitter_sharing_enabled :boolean default(TRUE)
# restricted_visibility_levels :text
# #
class ApplicationSetting < ActiveRecord::Base class ApplicationSetting < ActiveRecord::Base
serialize :restricted_visibility_levels
validates :home_page_url, validates :home_page_url,
allow_blank: true, allow_blank: true,
format: { with: URI::regexp(%w(http https)), message: "should be a valid url" }, format: { with: URI::regexp(%w(http https)), message: "should be a valid url" },
if: :home_page_url_column_exist if: :home_page_url_column_exist
validates_each :restricted_visibility_levels do |record, attr, value|
value.each do |level|
unless Gitlab::VisibilityLevel.options.has_value?(level)
record.errors.add(attr, "'#{level}' is not a valid visibility level")
end
end
end
def self.current def self.current
ApplicationSetting.last ApplicationSetting.last
end end
...@@ -34,6 +47,7 @@ class ApplicationSetting < ActiveRecord::Base ...@@ -34,6 +47,7 @@ class ApplicationSetting < ActiveRecord::Base
twitter_sharing_enabled: Settings.gitlab['twitter_sharing_enabled'], twitter_sharing_enabled: Settings.gitlab['twitter_sharing_enabled'],
gravatar_enabled: Settings.gravatar['enabled'], gravatar_enabled: Settings.gravatar['enabled'],
sign_in_text: Settings.extra['sign_in_text'], sign_in_text: Settings.extra['sign_in_text'],
restricted_visibility_levels: Settings.gitlab['restricted_visibility_levels']
) )
end end
......
...@@ -34,6 +34,8 @@ require 'file_size_validator' ...@@ -34,6 +34,8 @@ require 'file_size_validator'
class Project < ActiveRecord::Base class Project < ActiveRecord::Base
include Sortable include Sortable
include Gitlab::CurrentSettings
extend Gitlab::CurrentSettings
include Gitlab::ShellAdapter include Gitlab::ShellAdapter
include Gitlab::VisibilityLevel include Gitlab::VisibilityLevel
include Gitlab::ConfigHelper include Gitlab::ConfigHelper
...@@ -132,8 +134,8 @@ class Project < ActiveRecord::Base ...@@ -132,8 +134,8 @@ class Project < ActiveRecord::Base
validates :issues_enabled, :merge_requests_enabled, validates :issues_enabled, :merge_requests_enabled,
:wiki_enabled, inclusion: { in: [true, false] } :wiki_enabled, inclusion: { in: [true, false] }
validates :visibility_level, validates :visibility_level,
exclusion: { in: gitlab_config.restricted_visibility_levels }, exclusion: { in: current_application_settings.restricted_visibility_levels },
if: -> { gitlab_config.restricted_visibility_levels.any? } if: -> { current_application_settings.restricted_visibility_levels.any? }
validates :issues_tracker_id, length: { maximum: 255 }, allow_blank: true validates :issues_tracker_id, length: { maximum: 255 }, allow_blank: true
validates :namespace, presence: true validates :namespace, presence: true
validates_uniqueness_of :name, scope: :namespace_id validates_uniqueness_of :name, scope: :namespace_id
......
...@@ -31,10 +31,6 @@ class BaseService ...@@ -31,10 +31,6 @@ class BaseService
SystemHooksService.new SystemHooksService.new
end end
def current_application_settings
ApplicationSetting.current
end
private private
def error(message, http_status = nil) def error(message, http_status = nil)
......
class UpdateSnippetService < BaseService
attr_accessor :snippet
def initialize(project = nil, user, snippet, params = {})
super(project, user, params)
@snippet = snippet
end
def execute
# check that user is allowed to set specified visibility_level
new_visibility = params[:visibility_level]
if new_visibility && new_visibility != snippet.visibility_level
unless can?(current_user, :change_visibility_level, snippet) &&
Gitlab::VisibilityLevel.allowed_for?(current_user, new_visibility)
deny_visibility_level(snippet, new_visibility_level)
return snippet
end
end
snippet.update_attributes(params)
end
end
...@@ -34,6 +34,14 @@ ...@@ -34,6 +34,14 @@
= f.label :default_branch_protection, class: 'control-label col-sm-2' = f.label :default_branch_protection, class: 'control-label col-sm-2'
.col-sm-10 .col-sm-10
= f.select :default_branch_protection, options_for_select(Gitlab::Access.protection_options, @application_setting.default_branch_protection), {}, class: 'form-control' = f.select :default_branch_protection, options_for_select(Gitlab::Access.protection_options, @application_setting.default_branch_protection), {}, class: 'form-control'
.form-group
= f.label :restricted_visibility_levels, class: 'control-label col-sm-2'
.col-sm-10
- data_attrs = { toggle: 'buttons' }
.btn-group{ data: data_attrs }
- restricted_level_checkboxes('restricted-visibility-help').each do |level|
= level
%span.help-block#restricted-visibility-help Selected levels cannot be used by non-admin users for projects or snippets
.form-group .form-group
= f.label :home_page_url, class: 'control-label col-sm-2' = f.label :home_page_url, class: 'control-label col-sm-2'
.col-sm-10 .col-sm-10
......
...@@ -56,10 +56,6 @@ production: &base ...@@ -56,10 +56,6 @@ production: &base
## COLOR = 5 ## COLOR = 5
# default_theme: 2 # default: 2 # default_theme: 2 # default: 2
# Restrict setting visibility levels for non-admin users.
# The default is to allow all levels.
# restricted_visibility_levels: [ "public" ]
## Automatic issue closing ## Automatic issue closing
# If a commit message matches this regular expression, all issues referenced from the matched text will be closed. # If a commit message matches this regular expression, all issues referenced from the matched text will be closed.
# This happens when the commit is pushed or merged into the default branch of a project. # This happens when the commit is pushed or merged into the default branch of a project.
......
class AddRestrictedVisibilityLevelsToApplicationSettings < ActiveRecord::Migration
def change
add_column :application_settings, :restricted_visibility_levels, :text
end
end
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20150225065047) do ActiveRecord::Schema.define(version: 20150301014758) do
# These are extensions that must be enabled in order to support this database # These are extensions that must be enabled in order to support this database
enable_extension "plpgsql" enable_extension "plpgsql"
...@@ -27,6 +27,7 @@ ActiveRecord::Schema.define(version: 20150225065047) do ...@@ -27,6 +27,7 @@ ActiveRecord::Schema.define(version: 20150225065047) do
t.string "home_page_url" t.string "home_page_url"
t.integer "default_branch_protection", default: 2 t.integer "default_branch_protection", default: 2
t.boolean "twitter_sharing_enabled", default: true t.boolean "twitter_sharing_enabled", default: true
t.text "restricted_visibility_levels"
end end
create_table "broadcast_messages", force: true do |t| create_table "broadcast_messages", force: true do |t|
......
...@@ -5,8 +5,7 @@ module Gitlab ...@@ -5,8 +5,7 @@ module Gitlab
RequestStore.store[key] ||= begin RequestStore.store[key] ||= begin
if ActiveRecord::Base.connected? && ActiveRecord::Base.connection.table_exists?('application_settings') if ActiveRecord::Base.connected? && ActiveRecord::Base.connection.table_exists?('application_settings')
RequestStore.store[:current_application_settings] = ApplicationSetting.current || ApplicationSetting.create_from_defaults
(ApplicationSetting.current || ApplicationSetting.create_from_defaults)
else else
fake_application_settings fake_application_settings
end end
...@@ -21,6 +20,7 @@ module Gitlab ...@@ -21,6 +20,7 @@ module Gitlab
signin_enabled: Settings.gitlab['signin_enabled'], signin_enabled: Settings.gitlab['signin_enabled'],
gravatar_enabled: Settings.gravatar['enabled'], gravatar_enabled: Settings.gravatar['enabled'],
sign_in_text: Settings.extra['sign_in_text'], sign_in_text: Settings.extra['sign_in_text'],
restricted_visibility_levels: Settings.gitlab['restricted_visibility_levels']
) )
end end
end end
......
...@@ -5,6 +5,8 @@ ...@@ -5,6 +5,8 @@
# #
module Gitlab module Gitlab
module VisibilityLevel module VisibilityLevel
extend CurrentSettings
PRIVATE = 0 unless const_defined?(:PRIVATE) PRIVATE = 0 unless const_defined?(:PRIVATE)
INTERNAL = 10 unless const_defined?(:INTERNAL) INTERNAL = 10 unless const_defined?(:INTERNAL)
PUBLIC = 20 unless const_defined?(:PUBLIC) PUBLIC = 20 unless const_defined?(:PUBLIC)
...@@ -23,21 +25,21 @@ module Gitlab ...@@ -23,21 +25,21 @@ module Gitlab
end end
def allowed_for?(user, level) def allowed_for?(user, level)
user.is_admin? || allowed_level?(level) user.is_admin? || allowed_level?(level.to_i)
end end
# Level can be a string `"public"` or a value `20`, first check if valid, # Return true if the specified level is allowed for the current user.
# then check if the corresponding string appears in the config # Level should be a numeric value, e.g. `20`.
def allowed_level?(level) def allowed_level?(level)
if options.has_key?(level.to_s) valid_level?(level) && non_restricted_level?(level)
non_restricted_level?(level)
elsif options.has_value?(level.to_i)
non_restricted_level?(options.key(level.to_i).downcase)
end
end end
def non_restricted_level?(level) def non_restricted_level?(level)
! Gitlab.config.gitlab.restricted_visibility_levels.include?(level) ! current_application_settings.restricted_visibility_levels.include?(level)
end
def valid_level?(level)
options.has_value?(level)
end end
end end
......
...@@ -4,6 +4,7 @@ ...@@ -4,6 +4,7 @@
# #
# id :integer not null, primary key # id :integer not null, primary key
# default_projects_limit :integer # default_projects_limit :integer
# default_branch_protection :integer
# signup_enabled :boolean # signup_enabled :boolean
# signin_enabled :boolean # signin_enabled :boolean
# gravatar_enabled :boolean # gravatar_enabled :boolean
...@@ -13,6 +14,7 @@ ...@@ -13,6 +14,7 @@
# home_page_url :string(255) # home_page_url :string(255)
# default_branch_protection :integer default(2) # default_branch_protection :integer default(2)
# twitter_sharing_enabled :boolean default(TRUE) # twitter_sharing_enabled :boolean default(TRUE)
# restricted_visibility_levels :text
# #
require 'spec_helper' require 'spec_helper'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment