diff options
| author | Ruben Davila <rdavila84@gmail.com> | 2017-09-07 21:35:45 +0300 |
|---|---|---|
| committer | Ruben Davila <rdavila84@gmail.com> | 2017-09-07 21:47:58 +0300 |
| commit | 62bb6235c229a869052180f9709c4801116f02cc (patch) | |
| tree | a28626180edfe5f8abef6e5e2e44a2128c636f49 /app/controllers/groups_controller.rb | |
| parent | bc955cfc8e75e17897ab25717176209fefbba915 (diff) | |
Make Members with Owner and Master roles always able to create subgroups
Diffstat (limited to 'app/controllers/groups_controller.rb')
| -rw-r--r-- | app/controllers/groups_controller.rb | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 994e736d66e..3769a2cde33 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -10,7 +10,7 @@ class GroupsController < Groups::ApplicationController # Authorize before_action :authorize_admin_group!, only: [:edit, :update, :destroy, :projects] - before_action :authorize_create_group!, only: [:new, :create] + before_action :authorize_create_group!, only: [:new] before_action :group_projects, only: [:projects, :activity, :issues, :merge_requests] before_action :group_merge_requests, only: [:merge_requests] @@ -25,14 +25,7 @@ class GroupsController < Groups::ApplicationController end def new - @group = Group.new - - if params[:parent_id].present? - parent = Group.find_by(id: params[:parent_id]) - if can?(current_user, :create_subgroup, parent) - @group.parent = parent - end - end + @group = Group.new(params.permit(:parent_id)) end def create @@ -128,9 +121,14 @@ class GroupsController < Groups::ApplicationController end def authorize_create_group! - unless can?(current_user, :create_group) - return render_404 - end + allowed = if params[:parent_id].present? + parent = Group.find_by(id: params[:parent_id]) + can?(current_user, :create_subgroup, parent) + else + can?(current_user, :create_group) + end + + render_404 unless allowed end def determine_layout |