diff options
author | Douwe Maan <douwe@gitlab.com> | 2015-07-25 15:08:36 +0300 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2015-07-25 15:08:36 +0300 |
commit | fffbc3693123c8d6e40b4378d5a69c4646c322ac (patch) | |
tree | f3e8bc8a769d4025edb3b4e371bc477ff6f5c909 /app | |
parent | 71a8c780fff67a4d29c19cb43dc6d002d72ecbc1 (diff) | |
parent | b9b2d08638131be9861cb8d7e4f645a9013dd03f (diff) |
Merge branch 'rs-issue-2092' into 'master'
Dynamically check `:admin_*` ability in two more spots.
Closes #2092
Depends on !1037
See merge request !1042
Diffstat (limited to 'app')
-rw-r--r-- | app/models/concerns/issuable.rb | 10 | ||||
-rw-r--r-- | app/services/issuable_base_service.rb | 6 | ||||
-rw-r--r-- | app/services/issues/base_service.rb | 4 | ||||
-rw-r--r-- | app/services/merge_requests/base_service.rb | 6 | ||||
-rw-r--r-- | app/views/shared/issuable/_context.html.haml | 4 | ||||
-rw-r--r-- | app/views/shared/issuable/_form.html.haml | 2 |
6 files changed, 27 insertions, 5 deletions
diff --git a/app/models/concerns/issuable.rb b/app/models/concerns/issuable.rb index 97846b06d72..c21e7fd0e3b 100644 --- a/app/models/concerns/issuable.rb +++ b/app/models/concerns/issuable.rb @@ -159,6 +159,16 @@ module Issuable end end + # Convert this Issuable class name to a format usable by Ability definitions + # + # Examples: + # + # issuable.class # => MergeRequest + # issuable.to_ability_name # => "merge_request" + def to_ability_name + self.class.to_s.underscore + end + private def filter_superceded_votes(votes, notes) diff --git a/app/services/issuable_base_service.rb b/app/services/issuable_base_service.rb index f1ef5ca84fe..15b3825f96a 100644 --- a/app/services/issuable_base_service.rb +++ b/app/services/issuable_base_service.rb @@ -27,8 +27,10 @@ class IssuableBaseService < BaseService old_branch, new_branch) end - def filter_params - unless can?(current_user, :admin_issue, project) + def filter_params(issuable_ability_name = :issue) + ability = :"admin_#{issuable_ability_name}" + + unless can?(current_user, ability, project) params.delete(:milestone_id) params.delete(:label_ids) params.delete(:assignee_id) diff --git a/app/services/issues/base_service.rb b/app/services/issues/base_service.rb index c3ca04a4343..770f32de944 100644 --- a/app/services/issues/base_service.rb +++ b/app/services/issues/base_service.rb @@ -10,6 +10,10 @@ module Issues private + def filter_params + super(:issue) + end + def execute_hooks(issue, action = 'open') issue_data = hook_data(issue, action) issue.project.execute_hooks(issue_data, :issue_hooks) diff --git a/app/services/merge_requests/base_service.rb b/app/services/merge_requests/base_service.rb index e455fe95791..7b306a8a531 100644 --- a/app/services/merge_requests/base_service.rb +++ b/app/services/merge_requests/base_service.rb @@ -20,5 +20,11 @@ module MergeRequests merge_request.project.execute_services(merge_data, :merge_request_hooks) end end + + private + + def filter_params + super(:merge_request) + end end end diff --git a/app/views/shared/issuable/_context.html.haml b/app/views/shared/issuable/_context.html.haml index d1bd5ef968d..19e8c31975b 100644 --- a/app/views/shared/issuable/_context.html.haml +++ b/app/views/shared/issuable/_context.html.haml @@ -8,7 +8,7 @@ - else none .issuable-context-selectbox - - if can?(current_user, :"admin_#{issuable.class.to_s.underscore}", @project) + - if can?(current_user, :"admin_#{issuable.to_ability_name}", @project) = users_select_tag("#{issuable.class.table_name.singularize}[assignee_id]", placeholder: 'Select assignee', class: 'custom-form-control js-select2 js-assignee', selected: issuable.assignee_id, project: @target_project, null_user: true) %div.prepend-top-20.clearfix @@ -24,7 +24,7 @@ - else none .issuable-context-selectbox - - if can?(current_user, :"admin_#{issuable.class.to_s.underscore}", @project) + - if can?(current_user, :"admin_#{issuable.to_ability_name}", @project) = f.select(:milestone_id, milestone_options(issuable), { include_blank: 'Select milestone' }, {class: 'select2 select2-compact js-select2 js-milestone'}) = hidden_field_tag :issuable_context = f.submit class: 'btn hide' diff --git a/app/views/shared/issuable/_form.html.haml b/app/views/shared/issuable/_form.html.haml index e434e1b6b98..8cc0b517cd2 100644 --- a/app/views/shared/issuable/_form.html.haml +++ b/app/views/shared/issuable/_form.html.haml @@ -38,7 +38,7 @@ .clearfix .error-alert %hr -- if can?(current_user, :admin_issue, @project) +- if can?(current_user, :"admin_#{issuable.to_ability_name}", @project) .form-group .issue-assignee = f.label :assignee_id, class: 'control-label' do |