Merge branch 'fix-restricted-visibility' into 'master'

Restricted visibility levels - bug fix and new feature This allows admin users to override restricted visibility settings when creating and updating projects and snippets, and moves the restricted visibility configuration from gitlab.yml to the web UI. See #1903. ## Move configuration location I added a new section to the application settings page for restricted visibility levels. Each level has a checkbox, styled with Bootstrap to look like a toggle button. A checked box means that the level is restricted. I added a glowing text shadow and changed the background color for checked buttons because the default styles made it hard to distinguish between checked and unchecked. This image shows the new section with the "Public" box checked: ![restricted_visibility_settings](https://dev.gitlab.org/Okada/gitlabhq/uploads/629562e4313f89b795e81c3bb0f95893/restricted_visibility_settings.png) ## Allow admins to override To allow admin users to override the restricted visibility levels, I had to remove the `visibility_level` validation from the `Project` class. The model doesn't know about the `current_user`, which should determine whether the restrictions can be overridden. We could use the creator in the validation, but that wouldn't work correctly for projects where a non-admin user is the creator and an admin tries to change the project to a restricted visibility level. The `Project::UpdateService` and `Project::CreateService` classes already had code to determine whether the current user is allowed to use a given visibility level; now all visibility level validation is done in those classes. Currently, when a non-admin tries to create or update a project using a restricted level, these classes silently set the visibility level to the global default (create) or the project's existing value (update). I changed this behavior to be more like an Active Model validation, where using a restricted level causes the entire request to be rejected. Project and personal snippets didn't have service classes, and restricted visibility levels weren't being enforced in the model or the controllers. The UI disabled radio buttons for restricted levels, but that wouldn't be difficult to circumvent. I created the `CreateSnippetService` and `UpdateSnippetService` classes to do the same restricted visibility check that the project classes do. And since I was dealing with snippet visibility levels, I updated the API endpoints for project snippets to allow users to set and update the visibility level. ## TODO * [x] Add more tests for restricted visibility functionality cc @sytse @dzaporozhets See merge request !1655
author: Dmitriy Zaporozhets <dzaporozhets@gitlab.com> 2015-03-16 20:49:46 +0300
committer: Dmitriy Zaporozhets <dzaporozhets@gitlab.com> 2015-03-16 20:49:46 +0300
commit: 648f38cd98eed41ddf56613194f2d91c0e5b1fbb (patch)
tree: 66109003a92f9cdbd9918ff7ffcb21aeea8987c5 /app/controllers
parent: 7b178bc7eba63681232bbfe8b8ac0725e0b0bdc1 (diff)
parent: ad0ca0499ac81c68e9e8011d2e194b16c759c1d6 (diff)
3 files changed, 25 insertions, 27 deletions
diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb
index 2b0c500e97a..8f7d5e8006f 100644
--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -20,6 +20,13 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
   end
 
   def application_setting_params
+    restricted_levels = params[:application_setting][:restricted_visibility_levels]
+    unless restricted_levels.nil?
+      restricted_levels.map! do |level|
+        level.to_i
+      end
+    end
+
     params.require(:application_setting).permit(
       :default_projects_limit,
       :default_branch_protection,
@@ -28,7 +35,8 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
       :gravatar_enabled,
       :twitter_sharing_enabled,
       :sign_in_text,
-      :home_page_url
+      :home_page_url,
+      restricted_visibility_levels: []
     )
   end
 end
diff --git a/app/controllers/projects/snippets_controller.rb b/app/controllers/projects/snippets_controller.rb
index 6c250e4ffed..ed268400373 100644
--- a/app/controllers/projects/snippets_controller.rb
+++ b/app/controllers/projects/snippets_controller.rb
@@ -28,26 +28,22 @@ class Projects::SnippetsController < Projects::ApplicationController
   end
 
   def create
-    @snippet = @project.snippets.build(snippet_params)
-    @snippet.author = current_user
-
-    if @snippet.save
-      redirect_to namespace_project_snippet_path(@project.namespace, @project,
-                                                 @snippet)
-    else
-      respond_with(@snippet)
-    end
+    @snippet = CreateSnippetService.new(@project, current_user,
+                                        snippet_params).execute
+    respond_with(@snippet,
+                 location: namespace_project_snippet_path(@project.namespace,
+                                                          @project, @snippet))
   end
 
   def edit
   end
 
   def update
-    if @snippet.update_attributes(snippet_params)
-      redirect_to namespace_project_snippet_path(@project.namespace, @project, @snippet)
-    else
-      respond_with(@snippet)
-    end
+    UpdateSnippetService.new(project, current_user, @snippet,
+                             snippet_params).execute
+    respond_with(@snippet,
+                 location: namespace_project_snippet_path(@project.namespace,
+                                                          @project, @snippet))
   end
 
   def show
diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb
index ae501362dc2..cd52556b203 100644
--- a/app/controllers/snippets_controller.rb
+++ b/app/controllers/snippets_controller.rb
@@ -42,25 +42,19 @@ class SnippetsController < ApplicationController
   end
 
   def create
-    @snippet = PersonalSnippet.new(snippet_params)
-    @snippet.author = current_user
+    @snippet = CreateSnippetService.new(nil, current_user,
+                                        snippet_params).execute
 
-    if @snippet.save
-      redirect_to snippet_path(@snippet)
-    else
-      respond_with @snippet
-    end
+    respond_with @snippet.becomes(Snippet)
   end
 
   def edit
   end
 
   def update
-    if @snippet.update_attributes(snippet_params)
-      redirect_to snippet_path(@snippet)
-    else
-      respond_with @snippet
-    end
+    UpdateSnippetService.new(nil, current_user, @snippet,
+                             snippet_params).execute
+    respond_with @snippet.becomes(Snippet)
   end
 
   def show
author	Dmitriy Zaporozhets <dzaporozhets@gitlab.com>	2015-03-16 20:49:46 +0300
committer	Dmitriy Zaporozhets <dzaporozhets@gitlab.com>	2015-03-16 20:49:46 +0300
commit	648f38cd98eed41ddf56613194f2d91c0e5b1fbb (patch)
tree	66109003a92f9cdbd9918ff7ffcb21aeea8987c5 /app/controllers
parent	7b178bc7eba63681232bbfe8b8ac0725e0b0bdc1 (diff)
parent	ad0ca0499ac81c68e9e8011d2e194b16c759c1d6 (diff)