Commit eb1004f7 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Refactor abilities. Added ProjectUpdate context. Fixed few bugs with namespaces

parent a1ffc673
class ProjectUpdateContext < BaseContext
def execute(role = :default)
namespace_id = params[:project].delete(:namespace_id)
if namespace_id.present?
if namespace_id == Namespace.global_id
if project.namespace.present?
# Transfer to global namespace from anyone
project.transfer(nil)
end
elsif namespace_id.to_i != project.namespace_id
# Transfer to someone namespace
namespace = Namespace.find(namespace_id)
project.transfer(namespace)
end
end
project.update_attributes(params[:project], as: role)
end
end
...@@ -24,13 +24,9 @@ class Admin::ProjectsController < AdminController ...@@ -24,13 +24,9 @@ class Admin::ProjectsController < AdminController
end end
def update def update
owner_id = params[:project].delete(:owner_id) status = ProjectUpdateContext.new(project, current_user, params).execute(:admin)
if owner_id if status
@project.owner = User.find(owner_id)
end
if @project.update_attributes(params[:project], as: :admin)
redirect_to [:admin, @project], notice: 'Project was successfully updated.' redirect_to [:admin, @project], notice: 'Project was successfully updated.'
else else
render action: "edit" render action: "edit"
......
...@@ -2,6 +2,7 @@ class ApplicationController < ActionController::Base ...@@ -2,6 +2,7 @@ class ApplicationController < ActionController::Base
before_filter :authenticate_user! before_filter :authenticate_user!
before_filter :reject_blocked! before_filter :reject_blocked!
before_filter :set_current_user_for_observers before_filter :set_current_user_for_observers
before_filter :add_abilities
before_filter :dev_tools if Rails.env == 'development' before_filter :dev_tools if Rails.env == 'development'
protect_from_forgery protect_from_forgery
...@@ -65,11 +66,17 @@ class ApplicationController < ActionController::Base ...@@ -65,11 +66,17 @@ class ApplicationController < ActionController::Base
def project def project
id = params[:project_id] || params[:id] id = params[:project_id] || params[:id]
@project ||= current_user.projects.find_with_namespace(id) @project = Project.find_with_namespace(id)
@project || render_404
if @project and can?(current_user, :read_project, @project)
@project
else
@project = nil
render_404
end
end end
def add_project_abilities def add_abilities
abilities << Ability abilities << Ability
end end
......
...@@ -5,7 +5,7 @@ class DashboardController < ApplicationController ...@@ -5,7 +5,7 @@ class DashboardController < ApplicationController
before_filter :event_filter, only: :index before_filter :event_filter, only: :index
def index def index
@groups = Group.where(id: current_user.projects.pluck(:namespace_id)) @groups = current_user.accessed_groups
@projects = @projects.page(params[:page]).per(30) @projects = @projects.page(params[:page]).per(30)
@events = Event.in_projects(current_user.project_ids) @events = Event.in_projects(current_user.project_ids)
@events = @event_filter.apply_filter(@events) @events = @event_filter.apply_filter(@events)
......
...@@ -4,7 +4,6 @@ class GroupsController < ApplicationController ...@@ -4,7 +4,6 @@ class GroupsController < ApplicationController
before_filter :group before_filter :group
before_filter :projects before_filter :projects
before_filter :add_project_abilities
def show def show
@events = Event.in_projects(project_ids).limit(20).offset(params[:offset] || 0) @events = Event.in_projects(project_ids).limit(20).offset(params[:offset] || 0)
...@@ -45,7 +44,7 @@ class GroupsController < ApplicationController ...@@ -45,7 +44,7 @@ class GroupsController < ApplicationController
end end
def people def people
@users = group.users.all @users = group.users
end end
protected protected
...@@ -55,7 +54,11 @@ class GroupsController < ApplicationController ...@@ -55,7 +54,11 @@ class GroupsController < ApplicationController
end end
def projects def projects
@projects ||= current_user.projects_sorted_by_activity.where(namespace_id: @group.id) @projects ||= if can?(current_user, :manage_group, @group)
@group.projects.all
else
current_user.projects_sorted_by_activity.where(namespace_id: @group.id)
end
end end
def project_ids def project_ids
......
class ProjectResourceController < ApplicationController class ProjectResourceController < ApplicationController
before_filter :project before_filter :project
# Authorize
before_filter :add_project_abilities
end end
...@@ -34,20 +34,10 @@ class ProjectsController < ProjectResourceController ...@@ -34,20 +34,10 @@ class ProjectsController < ProjectResourceController
end end
def update def update
if params[:project].has_key?(:namespace_id) status = ProjectUpdateContext.new(project, current_user, params).execute
namespace_id = params[:project].delete(:namespace_id)
if namespace_id == Namespace.global_id and project.namespace.present?
# Transfer to global namespace from anyone
project.transfer(nil)
elsif namespace_id.present? and namespace_id.to_i != project.namespace_id
# Transfer to someone namespace
namespace = Namespace.find(namespace_id)
project.transfer(namespace)
end
end
respond_to do |format| respond_to do |format|
if project.update_attributes(params[:project]) if status
flash[:notice] = 'Project was successfully updated.' flash[:notice] = 'Project was successfully updated.'
format.html { redirect_to edit_project_path(project), notice: 'Project was successfully updated.' } format.html { redirect_to edit_project_path(project), notice: 'Project was successfully updated.' }
format.js format.js
......
...@@ -15,7 +15,37 @@ class Ability ...@@ -15,7 +15,37 @@ class Ability
def project_abilities(user, project) def project_abilities(user, project)
rules = [] rules = []
rules << [ # Rules based on role in project
if project.master_access_for?(user)
# TODO: replace with master rules.
# Only allow project administration for owners
rules << project_admin_rules
elsif project.dev_access_for?(user)
rules << project_dev_rules
elsif project.report_access_for?(user)
rules << project_report_rules
elsif project.guest_access_for?(user)
rules << project_guest_rules
end
# If user own project namespace (Ex. group owner or account owner)
if project.namespace && project.namespace.owner == user
rules << project_admin_rules
end
# If user was set as direct project owner
if project.owner == user
rules << project_admin_rules
end
rules.flatten
end
def project_guest_rules
[
:read_project, :read_project,
:read_wiki, :read_wiki,
:read_issue, :read_issue,
...@@ -27,28 +57,30 @@ class Ability ...@@ -27,28 +57,30 @@ class Ability
:write_project, :write_project,
:write_issue, :write_issue,
:write_note :write_note
] if project.guest_access_for?(user) ]
end
rules << [ def project_report_rules
project_guest_rules + [
:download_code, :download_code,
:write_merge_request, :write_merge_request,
:write_snippet :write_snippet
] if project.report_access_for?(user) ]
end
rules << [ def project_dev_rules
project_report_rules + [
:write_wiki, :write_wiki,
:push_code :push_code
] if project.dev_access_for?(user) ]
end
rules << [
:push_code_to_protected_branches
] if project.master_access_for?(user)
rules << [ def project_master_rules
project_dev_rules + [
:push_code_to_protected_branches,
:modify_issue, :modify_issue,
:modify_snippet, :modify_snippet,
:modify_merge_request, :modify_merge_request,
:admin_project,
:admin_issue, :admin_issue,
:admin_milestone, :admin_milestone,
:admin_snippet, :admin_snippet,
...@@ -57,9 +89,13 @@ class Ability ...@@ -57,9 +89,13 @@ class Ability
:admin_note, :admin_note,
:accept_mr, :accept_mr,
:admin_wiki :admin_wiki
] if project.master_access_for?(user) || project.owner == user ]
end
rules.flatten def project_admin_rules
project_master_rules + [
:admin_project
]
end end
def group_abilities user, group def group_abilities user, group
......
...@@ -13,7 +13,9 @@ ...@@ -13,7 +13,9 @@
class Group < Namespace class Group < Namespace
def users def users
User.joins(:users_projects).where(users_projects: {project_id: project_ids}).uniq users = User.joins(:users_projects).where(users_projects: {project_id: project_ids})
users = users << owner
users.uniq
end end
def human_name def human_name
......
...@@ -53,6 +53,7 @@ class Namespace < ActiveRecord::Base ...@@ -53,6 +53,7 @@ class Namespace < ActiveRecord::Base
end end
def move_dir def move_dir
if path_changed?
old_path = File.join(Gitlab.config.git_base_path, path_was) old_path = File.join(Gitlab.config.git_base_path, path_was)
new_path = File.join(Gitlab.config.git_base_path, path) new_path = File.join(Gitlab.config.git_base_path, path)
if File.exists?(new_path) if File.exists?(new_path)
...@@ -60,6 +61,7 @@ class Namespace < ActiveRecord::Base ...@@ -60,6 +61,7 @@ class Namespace < ActiveRecord::Base
end end
system("mv #{old_path} #{new_path}") system("mv #{old_path} #{new_path}")
end end
end
def rm_dir def rm_dir
dir_path = File.join(Gitlab.config.git_base_path, path) dir_path = File.join(Gitlab.config.git_base_path, path)
......
...@@ -29,7 +29,7 @@ class Project < ActiveRecord::Base ...@@ -29,7 +29,7 @@ class Project < ActiveRecord::Base
attr_accessible :name, :path, :description, :default_branch, :issues_enabled, attr_accessible :name, :path, :description, :default_branch, :issues_enabled,
:wall_enabled, :merge_requests_enabled, :wiki_enabled, as: [:default, :admin] :wall_enabled, :merge_requests_enabled, :wiki_enabled, as: [:default, :admin]
attr_accessible :namespace_id, as: :admin attr_accessible :namespace_id, :owner_id, as: :admin
attr_accessor :error_code attr_accessor :error_code
......
...@@ -123,4 +123,11 @@ class User < ActiveRecord::Base ...@@ -123,4 +123,11 @@ class User < ActiveRecord::Base
self.password = self.password_confirmation = Devise.friendly_token.first(8) self.password = self.password_confirmation = Devise.friendly_token.first(8)
end end
end end
def accessed_groups
@accessed_groups ||= begin
groups = Group.where(id: self.projects.pluck(:namespace_id)).all
groups + self.groups
end
end
end end
...@@ -22,7 +22,7 @@ ...@@ -22,7 +22,7 @@
- unless project.new_record? - unless project.new_record?
.clearfix .clearfix
= f.label :namespace_id = f.label :namespace_id
.input= f.select :namespace_id, namespaces_options, {}, {class: 'chosen'} .input= f.select :namespace_id, namespaces_options(@project.namespace_id), {}, {class: 'chosen'}
.clearfix .clearfix
= f.label :owner_id = f.label :owner_id
......
%h1 403 %h1.http_status_code 403
%h3.page_title Access Denied %h3.page_title Access Denied
%hr %hr
%p You are not allowed to access this page. %p You are not allowed to access this page.
......
...@@ -10,7 +10,7 @@ ...@@ -10,7 +10,7 @@
- if @events.any? - if @events.any?
.content_list= render @events .content_list= render @events
- else - else
%h4.nothing_here_message Projects activity will be displayed here %p.nothing_here_message Projects activity will be displayed here
.loading.hide .loading.hide
.side .side
= render "projects", projects: @projects = render "projects", projects: @projects
......
Group.seed(:id, [
{ id: 100, name: "Gitlab", path: 'gitlab', owner_id: 1},
{ id: 101, name: "Rails", path: 'rails', owner_id: 1 },
{ id: 102, name: "KDE", path: 'kde', owner_id: 1 }
])
Project.seed(:id, [
{ id: 10, name: "kdebase", path: "kdebase", owner_id: 1, namespace_id: 102 },
{ id: 11, name: "kdelibs", path: "kdelibs", owner_id: 1, namespace_id: 102 },
{ id: 12, name: "amarok", path: "amarok", owner_id: 1, namespace_id: 102 }
])
...@@ -24,7 +24,7 @@ describe Group do ...@@ -24,7 +24,7 @@ describe Group do
it { should validate_presence_of :owner } it { should validate_presence_of :owner }
describe :users do describe :users do
it { group.users.should == [] } it { group.users.should == [group.owner] }
end end
describe :human_name do describe :human_name do
......
...@@ -55,9 +55,10 @@ describe Namespace do ...@@ -55,9 +55,10 @@ describe Namespace do
describe :move_dir do describe :move_dir do
before do before do
@namespace = create :namespace @namespace = create :namespace
@namespace.stub(path_changed?: true)
end end
it "should raise error when called directly" do it "should raise error when dirtory exists" do
expect { @namespace.move_dir }.to raise_error("Already exists") expect { @namespace.move_dir }.to raise_error("Already exists")
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment