diff options
author | Jason Hollingsworth <jhworth.developer@gmail.com> | 2014-02-14 00:45:51 +0400 |
---|---|---|
committer | Jason Hollingsworth <jhworth.developer@gmail.com> | 2014-02-20 19:26:38 +0400 |
commit | 2f69213e3f32e2e4222f6335e790e2c778069014 (patch) | |
tree | 3734a9d41d2445a1557ed2f79c6cfa3de7dec215 /app/models | |
parent | 138e2a50b7d839bd37c21b2849df422f9dfef6bb (diff) |
Allow access to groups with public projects.
Fixed Group avatars to only display when user has read
permissions to at least one project in the group.
Diffstat (limited to 'app/models')
-rw-r--r-- | app/models/ability.rb | 16 | ||||
-rw-r--r-- | app/models/group.rb | 6 | ||||
-rw-r--r-- | app/models/namespace.rb | 8 | ||||
-rw-r--r-- | app/models/project.rb | 14 |
4 files changed, 40 insertions, 4 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb index ba0ce527f64..89f8f320da9 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -43,7 +43,19 @@ class Ability :download_code ] else - [] + group = if subject.kind_of?(Group) + subject + elsif subject.respond_to?(:group) + subject.group + else + nil + end + + if group && group.has_projects_accessible_to?(nil) + [:read_group] + else + [] + end end end @@ -172,7 +184,7 @@ class Ability def group_abilities user, group rules = [] - if group.users.include?(user) || user.admin? + if user.admin? || group.users.include?(user) || group.has_projects_accessible_to?(user) rules << :read_group end diff --git a/app/models/group.rb b/app/models/group.rb index 8de0c78c158..0d4d5f4e836 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -25,6 +25,12 @@ class Group < Namespace validates :avatar, file_size: { maximum: 100.kilobytes.to_i } mount_uploader :avatar, AttachmentUploader + + def self.accessible_to(user) + accessible_ids = Project.accessible_to(user).pluck(:namespace_id) + accessible_ids += user.groups.pluck(:id) if user + where(id: accessible_ids) + end def human_name name diff --git a/app/models/namespace.rb b/app/models/namespace.rb index 0bc5e1862eb..468c93bd426 100644 --- a/app/models/namespace.rb +++ b/app/models/namespace.rb @@ -47,6 +47,14 @@ class Namespace < ActiveRecord::Base def self.global_id 'GLN' end + + def projects_accessible_to(user) + projects.accessible_to(user) + end + + def has_projects_accessible_to?(user) + projects_accessible_to(user).present? + end def to_param path diff --git a/app/models/project.rb b/app/models/project.rb index d9da2c377c8..316575c94f5 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -114,8 +114,6 @@ class Project < ActiveRecord::Base scope :sorted_by_activity, -> { reorder("projects.last_activity_at DESC") } scope :personal, ->(user) { where(namespace_id: user.namespace_id) } scope :joined, ->(user) { where("namespace_id != ?", user.namespace_id) } - scope :public_only, -> { where(visibility_level: PUBLIC) } - scope :public_or_internal_only, ->(user) { where("visibility_level IN (:levels)", levels: user ? [ INTERNAL, PUBLIC ] : [ PUBLIC ]) } scope :non_archived, -> { where(archived: false) } @@ -125,6 +123,18 @@ class Project < ActiveRecord::Base def abandoned where('projects.last_activity_at < ?', 6.months.ago) end + + def publicish(user) + visibility_levels = [Project::PUBLIC] + visibility_levels += [Project::INTERNAL] if user + where(visibility_level: visibility_levels) + end + + def accessible_to(user) + accessible_ids = publicish(user).pluck(:id) + accessible_ids += user.authorized_projects.pluck(:id) if user + where(id: accessible_ids) + end def with_push includes(:events).where('events.action = ?', Event::PUSHED) |