diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2012-11-29 08:29:11 +0400 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2012-11-29 14:39:03 +0400 |
| commit | eb1004f7890d25a86beb0ca0a7eca802d9fce665 (patch) | |
| tree | 94cb713c0628542e646aad323be4d88fb1c356e3 | |
| parent | a1ffc673b95f4d0e2316d461f1364fa1ee08e9d2 (diff) | |
Refactor abilities. Added ProjectUpdate context. Fixed few bugs with namespaces
| -rw-r--r-- | app/contexts/project_update_context.rb | 21 | ||||
| -rw-r--r-- | app/controllers/admin/projects_controller.rb | 8 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 13 | ||||
| -rw-r--r-- | app/controllers/dashboard_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/groups_controller.rb | 9 | ||||
| -rw-r--r-- | app/controllers/project_resource_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/projects_controller.rb | 14 | ||||
| -rw-r--r-- | app/models/ability.rb | 64 | ||||
| -rw-r--r-- | app/models/group.rb | 4 | ||||
| -rw-r--r-- | app/models/namespace.rb | 12 | ||||
| -rw-r--r-- | app/models/project.rb | 2 | ||||
| -rw-r--r-- | app/models/user.rb | 7 | ||||
| -rw-r--r-- | app/views/admin/projects/_form.html.haml | 2 | ||||
| -rw-r--r-- | app/views/errors/access_denied.html.haml | 2 | ||||
| -rw-r--r-- | app/views/groups/show.html.haml | 2 | ||||
| -rw-r--r-- | db/fixtures/development/010_groups.rb | 11 | ||||
| -rw-r--r-- | spec/models/group_spec.rb | 2 | ||||
| -rw-r--r-- | spec/models/namespace_spec.rb | 3 |
18 files changed, 127 insertions, 53 deletions
diff --git a/app/contexts/project_update_context.rb b/app/contexts/project_update_context.rb new file mode 100644 index 00000000000..e28d43d0e81 --- /dev/null +++ b/app/contexts/project_update_context.rb @@ -0,0 +1,21 @@ +class ProjectUpdateContext < BaseContext + def execute(role = :default) + namespace_id = params[:project].delete(:namespace_id) + + if namespace_id.present? + if namespace_id == Namespace.global_id + if project.namespace.present? + # Transfer to global namespace from anyone + project.transfer(nil) + end + elsif namespace_id.to_i != project.namespace_id + # Transfer to someone namespace + namespace = Namespace.find(namespace_id) + project.transfer(namespace) + end + end + + project.update_attributes(params[:project], as: role) + end +end + diff --git a/app/controllers/admin/projects_controller.rb b/app/controllers/admin/projects_controller.rb index c3a419afd0f..e61f94f8cf3 100644 --- a/app/controllers/admin/projects_controller.rb +++ b/app/controllers/admin/projects_controller.rb @@ -24,13 +24,9 @@ class Admin::ProjectsController < AdminController end def update - owner_id = params[:project].delete(:owner_id) + status = ProjectUpdateContext.new(project, current_user, params).execute(:admin) - if owner_id - @project.owner = User.find(owner_id) - end - - if @project.update_attributes(params[:project], as: :admin) + if status redirect_to [:admin, @project], notice: 'Project was successfully updated.' else render action: "edit" diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 2be9a54da52..66f2e87de3e 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -2,6 +2,7 @@ class ApplicationController < ActionController::Base before_filter :authenticate_user! before_filter :reject_blocked! before_filter :set_current_user_for_observers + before_filter :add_abilities before_filter :dev_tools if Rails.env == 'development' protect_from_forgery @@ -65,11 +66,17 @@ class ApplicationController < ActionController::Base def project id = params[:project_id] || params[:id] - @project ||= current_user.projects.find_with_namespace(id) - @project || render_404 + @project = Project.find_with_namespace(id) + + if @project and can?(current_user, :read_project, @project) + @project + else + @project = nil + render_404 + end end - def add_project_abilities + def add_abilities abilities << Ability end diff --git a/app/controllers/dashboard_controller.rb b/app/controllers/dashboard_controller.rb index 4f874a9654a..e01b586a394 100644 --- a/app/controllers/dashboard_controller.rb +++ b/app/controllers/dashboard_controller.rb @@ -5,7 +5,7 @@ class DashboardController < ApplicationController before_filter :event_filter, only: :index def index - @groups = Group.where(id: current_user.projects.pluck(:namespace_id)) + @groups = current_user.accessed_groups @projects = @projects.page(params[:page]).per(30) @events = Event.in_projects(current_user.project_ids) @events = @event_filter.apply_filter(@events) diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index c969f41ebda..6fd5de8abf9 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -4,7 +4,6 @@ class GroupsController < ApplicationController before_filter :group before_filter :projects - before_filter :add_project_abilities def show @events = Event.in_projects(project_ids).limit(20).offset(params[:offset] || 0) @@ -45,7 +44,7 @@ class GroupsController < ApplicationController end def people - @users = group.users.all + @users = group.users end protected @@ -55,7 +54,11 @@ class GroupsController < ApplicationController end def projects - @projects ||= current_user.projects_sorted_by_activity.where(namespace_id: @group.id) + @projects ||= if can?(current_user, :manage_group, @group) + @group.projects.all + else + current_user.projects_sorted_by_activity.where(namespace_id: @group.id) + end end def project_ids diff --git a/app/controllers/project_resource_controller.rb b/app/controllers/project_resource_controller.rb index d297bba635f..81bc3a91bd1 100644 --- a/app/controllers/project_resource_controller.rb +++ b/app/controllers/project_resource_controller.rb @@ -1,5 +1,3 @@ class ProjectResourceController < ApplicationController before_filter :project - # Authorize - before_filter :add_project_abilities end diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index ed340691821..a6e7f1f93fb 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -34,20 +34,10 @@ class ProjectsController < ProjectResourceController end def update - if params[:project].has_key?(:namespace_id) - namespace_id = params[:project].delete(:namespace_id) - if namespace_id == Namespace.global_id and project.namespace.present? - # Transfer to global namespace from anyone - project.transfer(nil) - elsif namespace_id.present? and namespace_id.to_i != project.namespace_id - # Transfer to someone namespace - namespace = Namespace.find(namespace_id) - project.transfer(namespace) - end - end + status = ProjectUpdateContext.new(project, current_user, params).execute respond_to do |format| - if project.update_attributes(params[:project]) + if status flash[:notice] = 'Project was successfully updated.' format.html { redirect_to edit_project_path(project), notice: 'Project was successfully updated.' } format.js diff --git a/app/models/ability.rb b/app/models/ability.rb index e55e7709372..96d3ac6dd51 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -15,7 +15,37 @@ class Ability def project_abilities(user, project) rules = [] - rules << [ + # Rules based on role in project + if project.master_access_for?(user) + # TODO: replace with master rules. + # Only allow project administration for owners + rules << project_admin_rules + + elsif project.dev_access_for?(user) + rules << project_dev_rules + + elsif project.report_access_for?(user) + rules << project_report_rules + + elsif project.guest_access_for?(user) + rules << project_guest_rules + end + + # If user own project namespace (Ex. group owner or account owner) + if project.namespace && project.namespace.owner == user + rules << project_admin_rules + end + + # If user was set as direct project owner + if project.owner == user + rules << project_admin_rules + end + + rules.flatten + end + + def project_guest_rules + [ :read_project, :read_wiki, :read_issue, @@ -27,28 +57,30 @@ class Ability :write_project, :write_issue, :write_note - ] if project.guest_access_for?(user) + ] + end - rules << [ + def project_report_rules + project_guest_rules + [ :download_code, :write_merge_request, :write_snippet - ] if project.report_access_for?(user) + ] + end - rules << [ + def project_dev_rules + project_report_rules + [ :write_wiki, :push_code - ] if project.dev_access_for?(user) - - rules << [ - :push_code_to_protected_branches - ] if project.master_access_for?(user) + ] + end - rules << [ + def project_master_rules + project_dev_rules + [ + :push_code_to_protected_branches, :modify_issue, :modify_snippet, :modify_merge_request, - :admin_project, :admin_issue, :admin_milestone, :admin_snippet, @@ -57,9 +89,13 @@ class Ability :admin_note, :accept_mr, :admin_wiki - ] if project.master_access_for?(user) || project.owner == user + ] + end - rules.flatten + def project_admin_rules + project_master_rules + [ + :admin_project + ] end def group_abilities user, group diff --git a/app/models/group.rb b/app/models/group.rb index 66267c56957..b668f5560ab 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -13,7 +13,9 @@ class Group < Namespace def users - User.joins(:users_projects).where(users_projects: {project_id: project_ids}).uniq + users = User.joins(:users_projects).where(users_projects: {project_id: project_ids}) + users = users << owner + users.uniq end def human_name diff --git a/app/models/namespace.rb b/app/models/namespace.rb index 5762bfc57cb..e1c24de949a 100644 --- a/app/models/namespace.rb +++ b/app/models/namespace.rb @@ -53,12 +53,14 @@ class Namespace < ActiveRecord::Base end def move_dir - old_path = File.join(Gitlab.config.git_base_path, path_was) - new_path = File.join(Gitlab.config.git_base_path, path) - if File.exists?(new_path) - raise "Already exists" + if path_changed? + old_path = File.join(Gitlab.config.git_base_path, path_was) + new_path = File.join(Gitlab.config.git_base_path, path) + if File.exists?(new_path) + raise "Already exists" + end + system("mv #{old_path} #{new_path}") end - system("mv #{old_path} #{new_path}") end def rm_dir diff --git a/app/models/project.rb b/app/models/project.rb index 0c74c0bd878..8df662db9a0 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -29,7 +29,7 @@ class Project < ActiveRecord::Base attr_accessible :name, :path, :description, :default_branch, :issues_enabled, :wall_enabled, :merge_requests_enabled, :wiki_enabled, as: [:default, :admin] - attr_accessible :namespace_id, as: :admin + attr_accessible :namespace_id, :owner_id, as: :admin attr_accessor :error_code diff --git a/app/models/user.rb b/app/models/user.rb index 43163404e85..d43e3cbb6b6 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -123,4 +123,11 @@ class User < ActiveRecord::Base self.password = self.password_confirmation = Devise.friendly_token.first(8) end end + + def accessed_groups + @accessed_groups ||= begin + groups = Group.where(id: self.projects.pluck(:namespace_id)).all + groups + self.groups + end + end end diff --git a/app/views/admin/projects/_form.html.haml b/app/views/admin/projects/_form.html.haml index eb12c61f71a..110ff04a5bd 100644 --- a/app/views/admin/projects/_form.html.haml +++ b/app/views/admin/projects/_form.html.haml @@ -22,7 +22,7 @@ - unless project.new_record? .clearfix = f.label :namespace_id - .input= f.select :namespace_id, namespaces_options, {}, {class: 'chosen'} + .input= f.select :namespace_id, namespaces_options(@project.namespace_id), {}, {class: 'chosen'} .clearfix = f.label :owner_id diff --git a/app/views/errors/access_denied.html.haml b/app/views/errors/access_denied.html.haml index a6e4f0b9498..f2d082cb77d 100644 --- a/app/views/errors/access_denied.html.haml +++ b/app/views/errors/access_denied.html.haml @@ -1,4 +1,4 @@ -%h1 403 +%h1.http_status_code 403 %h3.page_title Access Denied %hr %p You are not allowed to access this page. diff --git a/app/views/groups/show.html.haml b/app/views/groups/show.html.haml index 72d7ad9a592..0c2eb150f42 100644 --- a/app/views/groups/show.html.haml +++ b/app/views/groups/show.html.haml @@ -10,7 +10,7 @@ - if @events.any? .content_list= render @events - else - %h4.nothing_here_message Projects activity will be displayed here + %p.nothing_here_message Projects activity will be displayed here .loading.hide .side = render "projects", projects: @projects diff --git a/db/fixtures/development/010_groups.rb b/db/fixtures/development/010_groups.rb new file mode 100644 index 00000000000..09371b00751 --- /dev/null +++ b/db/fixtures/development/010_groups.rb @@ -0,0 +1,11 @@ +Group.seed(:id, [ + { id: 100, name: "Gitlab", path: 'gitlab', owner_id: 1}, + { id: 101, name: "Rails", path: 'rails', owner_id: 1 }, + { id: 102, name: "KDE", path: 'kde', owner_id: 1 } +]) + +Project.seed(:id, [ + { id: 10, name: "kdebase", path: "kdebase", owner_id: 1, namespace_id: 102 }, + { id: 11, name: "kdelibs", path: "kdelibs", owner_id: 1, namespace_id: 102 }, + { id: 12, name: "amarok", path: "amarok", owner_id: 1, namespace_id: 102 } +]) diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 884726266cb..108bc303540 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -24,7 +24,7 @@ describe Group do it { should validate_presence_of :owner } describe :users do - it { group.users.should == [] } + it { group.users.should == [group.owner] } end describe :human_name do diff --git a/spec/models/namespace_spec.rb b/spec/models/namespace_spec.rb index 1f1d66150fb..d0de4a7b7fb 100644 --- a/spec/models/namespace_spec.rb +++ b/spec/models/namespace_spec.rb @@ -55,9 +55,10 @@ describe Namespace do describe :move_dir do before do @namespace = create :namespace + @namespace.stub(path_changed?: true) end - it "should raise error when called directly" do + it "should raise error when dirtory exists" do expect { @namespace.move_dir }.to raise_error("Already exists") end |