Move permission to create subgroup into GroupPolicy

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

6 files changed, 8 insertions, 28 deletions

diff --git a/app/models/user.rb b/app/models/user.rb
index bed2f0cae53..cbd741f96ed 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -570,10 +570,6 @@ class User < ActiveRecord::Base
     can?(:create_group)
   end
 
-  def can_create_subgroup?(group)
-    can?(:create_group) && can?(:admin_group, group)
-  end
-
   def can_select_namespace?
     several_namespaces? || admin
   end
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb
index 4cc21696eb6..556ea3a8c72 100644
--- a/app/policies/group_policy.rb
+++ b/app/policies/group_policy.rb
@@ -28,6 +28,7 @@ class GroupPolicy < BasePolicy
       can! :admin_namespace
       can! :admin_group_member
       can! :change_visibility_level
+      can! :create_subgroup if @user.can_create_group
     end
 
     if globally_viewable && @subject.request_access_enabled && !member
diff --git a/app/views/groups/subgroups.html.haml b/app/views/groups/subgroups.html.haml
index 3342ba118ef..8f0724c0677 100644
--- a/app/views/groups/subgroups.html.haml
+++ b/app/views/groups/subgroups.html.haml
@@ -9,7 +9,7 @@
     .nav-controls
       = form_tag request.path, method: :get do |f|
         = search_field_tag :filter_groups, params[:filter_groups], placeholder: 'Filter by name', class: 'form-control', spellcheck: false
-      - if current_user.can_create_subgroup? @group
+      - if can?(current_user, :create_subgroup, @group)
         = link_to new_group_path(parent_id: @group.id), class: 'btn btn-new pull-right' do
           New Subgroup
 
diff --git a/changelogs/unreleased/siemens-gitlab-ce-fix-subgroup-hide-button.yml b/changelogs/unreleased/siemens-gitlab-ce-fix-subgroup-hide-button.yml
new file mode 100644
index 00000000000..338944cdbbb
--- /dev/null
+++ b/changelogs/unreleased/siemens-gitlab-ce-fix-subgroup-hide-button.yml
@@ -0,0 +1,4 @@
+---
+title: Hide new subgroup button if user has no permission to create one
+merge_request:
+author:
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 575b43c3d88..a9e37be1157 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -464,28 +464,6 @@ describe User, models: true do
     it { expect(@user2.several_namespaces?).to be_truthy }
   end
 
-  describe 'subgroups' do
-    let(:group) { create :group }
-
-    it 'allows if owner' do
-      user = create :user
-      group.add_user(user, GroupMember::OWNER)
-      expect(user.can_create_subgroup?(group)).to be_truthy
-    end
-
-    it 'disallows if missing right' do
-      user = create(:user, can_create_group: false)
-      group.add_user(user, GroupMember::MASTER)
-      expect(user.can_create_subgroup?(group)).to be_falsey
-    end
-
-    it 'disallows if developer' do
-      user = create :user
-      group.add_user(user, GroupMember::DEVELOPER)
-      expect(user.can_create_subgroup?(group)).to be_falsey
-    end
-  end
-
   describe 'namespaced' do
     before do
       @user = create :user
diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb
index 5c34ff04152..2077c14ff7a 100644
--- a/spec/policies/group_policy_spec.rb
+++ b/spec/policies/group_policy_spec.rb
@@ -22,7 +22,8 @@ describe GroupPolicy, models: true do
       :admin_group,
       :admin_namespace,
       :admin_group_member,
-      :change_visibility_level
+      :change_visibility_level,
+      :create_subgroup
     ]
   end