diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-06-26 16:39:17 +0000 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-06-26 16:39:17 +0000 |
| commit | 9f166a864959370d3e31931519506887b902cd11 (patch) | |
| tree | 62bc450c637f9c0861bfb5964ffcdaec4e4fd0b5 | |
| parent | 06ab7d89f9835205ee4d2dfd64aac671a7efa891 (diff) | |
| parent | 7ca017b5130705770074d455cbc827e487730bf1 (diff) | |
| download | gitlab-ce-9f166a864959370d3e31931519506887b902cd11.tar.gz | |
Merge branch 'rename-abilities' into 'master'
Rename abilities to correspond contoller/model action names
write_ was renamed to create_
modify_ was renamed to update_
So now in update action we have next code
```
def create
can?(current_user, :create_issue, @issue)
end
def update
can?(current_user, :update_issue, @issue)
end
```
See merge request !896
33 files changed, 101 insertions, 88 deletions
diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb index 69bd1f58449..bfafdeeb1fb 100644 --- a/app/controllers/projects/issues_controller.rb +++ b/app/controllers/projects/issues_controller.rb @@ -6,10 +6,10 @@ class Projects::IssuesController < Projects::ApplicationController before_action :authorize_read_issue! # Allow write(create) issue - before_action :authorize_write_issue!, only: [:new, :create] + before_action :authorize_create_issue!, only: [:new, :create] # Allow modify issue - before_action :authorize_modify_issue!, only: [:edit, :update] + before_action :authorize_update_issue!, only: [:edit, :update] # Allow issues bulk update before_action :authorize_admin_issues!, only: [:bulk_update] @@ -122,8 +122,8 @@ class Projects::IssuesController < Projects::ApplicationController end end - def authorize_modify_issue! - return render_404 unless can?(current_user, :modify_issue, @issue) + def authorize_update_issue! + return render_404 unless can?(current_user, :update_issue, @issue) end def authorize_admin_issues! diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb index a13688305b7..d1265198318 100644 --- a/app/controllers/projects/merge_requests_controller.rb +++ b/app/controllers/projects/merge_requests_controller.rb @@ -14,10 +14,10 @@ class Projects::MergeRequestsController < Projects::ApplicationController before_action :authorize_read_merge_request! # Allow write(create) merge_request - before_action :authorize_write_merge_request!, only: [:new, :create] + before_action :authorize_create_merge_request!, only: [:new, :create] # Allow modify merge_request - before_action :authorize_modify_merge_request!, only: [:close, :edit, :update, :sort] + before_action :authorize_update_merge_request!, only: [:close, :edit, :update, :sort] def index terms = params['issue_search'] @@ -218,8 +218,8 @@ class Projects::MergeRequestsController < Projects::ApplicationController @closes_issues ||= @merge_request.closes_issues end - def authorize_modify_merge_request! - return render_404 unless can?(current_user, :modify_merge_request, @merge_request) + def authorize_update_merge_request! + return render_404 unless can?(current_user, :update_merge_request, @merge_request) end def authorize_admin_merge_request! diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb index f3e521adb69..c4a87e9dbd8 100644 --- a/app/controllers/projects/notes_controller.rb +++ b/app/controllers/projects/notes_controller.rb @@ -1,7 +1,7 @@ class Projects::NotesController < Projects::ApplicationController # Authorize before_action :authorize_read_note! - before_action :authorize_write_note!, only: [:create] + before_action :authorize_create_note!, only: [:create] before_action :authorize_admin_note!, only: [:update, :destroy] before_action :find_current_user_notes, except: [:destroy, :delete_attachment] diff --git a/app/controllers/projects/snippets_controller.rb b/app/controllers/projects/snippets_controller.rb index 3d75abcc29d..64306637423 100644 --- a/app/controllers/projects/snippets_controller.rb +++ b/app/controllers/projects/snippets_controller.rb @@ -6,10 +6,10 @@ class Projects::SnippetsController < Projects::ApplicationController before_action :authorize_read_project_snippet! # Allow write(create) snippet - before_action :authorize_write_project_snippet!, only: [:new, :create] + before_action :authorize_create_project_snippet!, only: [:new, :create] # Allow modify snippet - before_action :authorize_modify_project_snippet!, only: [:edit, :update] + before_action :authorize_update_project_snippet!, only: [:edit, :update] # Allow destroy snippet before_action :authorize_admin_project_snippet!, only: [:destroy] @@ -75,8 +75,8 @@ class Projects::SnippetsController < Projects::ApplicationController @snippet ||= @project.snippets.find(params[:id]) end - def authorize_modify_project_snippet! - return render_404 unless can?(current_user, :modify_project_snippet, @snippet) + def authorize_update_project_snippet! + return render_404 unless can?(current_user, :update_project_snippet, @snippet) end def authorize_admin_project_snippet! diff --git a/app/controllers/projects/wikis_controller.rb b/app/controllers/projects/wikis_controller.rb index 36ef86e1909..50512cb6dc3 100644 --- a/app/controllers/projects/wikis_controller.rb +++ b/app/controllers/projects/wikis_controller.rb @@ -2,7 +2,7 @@ require 'project_wiki' class Projects::WikisController < Projects::ApplicationController before_action :authorize_read_wiki! - before_action :authorize_write_wiki!, only: [:edit, :create, :history] + before_action :authorize_create_wiki!, only: [:edit, :create, :history] before_action :authorize_admin_wiki!, only: :destroy before_action :load_project_wiki include WikiHelper @@ -28,7 +28,7 @@ class Projects::WikisController < Projects::ApplicationController ) end else - return render('empty') unless can?(current_user, :write_wiki, @project) + return render('empty') unless can?(current_user, :create_wiki, @project) @page = WikiPage.new(@project_wiki) @page.title = params[:id] @@ -43,7 +43,7 @@ class Projects::WikisController < Projects::ApplicationController def update @page = @project_wiki.find_page(params[:id]) - return render('empty') unless can?(current_user, :write_wiki, @project) + return render('empty') unless can?(current_user, :create_wiki, @project) if @page.update(content, format, message) redirect_to( diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb index cf672c5c093..8e7e45c781f 100644 --- a/app/controllers/snippets_controller.rb +++ b/app/controllers/snippets_controller.rb @@ -2,7 +2,7 @@ class SnippetsController < ApplicationController before_action :snippet, only: [:show, :edit, :destroy, :update, :raw] # Allow modify snippet - before_action :authorize_modify_snippet!, only: [:edit, :update] + before_action :authorize_update_snippet!, only: [:edit, :update] # Allow destroy snippet before_action :authorize_admin_snippet!, only: [:destroy] @@ -87,8 +87,8 @@ class SnippetsController < ApplicationController end end - def authorize_modify_snippet! - return render_404 unless can?(current_user, :modify_personal_snippet, @snippet) + def authorize_update_snippet! + return render_404 unless can?(current_user, :update_personal_snippet, @snippet) end def authorize_admin_snippet! diff --git a/app/models/ability.rb b/app/models/ability.rb index c90c99c5b5f..3ee3a7857ee 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -68,6 +68,7 @@ class Ability def project_abilities(user, project) rules = [] key = "/user/#{user.id}/project/#{project.id}" + RequestStore.store[key] ||= begin team = project.team @@ -144,9 +145,9 @@ class Ability :read_project_member, :read_merge_request, :read_note, - :write_project, - :write_issue, - :write_note + :create_project, + :create_issue, + :create_note ] end @@ -154,15 +155,15 @@ class Ability project_guest_rules + [ :download_code, :fork_project, - :write_project_snippet + :create_project_snippet ] end def project_dev_rules project_report_rules + [ - :write_merge_request, - :write_wiki, - :modify_issue, + :create_merge_request, + :create_wiki, + :update_issue, :admin_issue, :admin_label, :push_code @@ -171,10 +172,10 @@ class Ability def project_archived_rules [ - :write_merge_request, + :create_merge_request, :push_code, :push_code_to_protected_branches, - :modify_merge_request, + :update_merge_request, :admin_merge_request ] end @@ -182,9 +183,8 @@ class Ability def project_master_rules project_dev_rules + [ :push_code_to_protected_branches, - :modify_issue, - :modify_project_snippet, - :modify_merge_request, + :update_project_snippet, + :update_merge_request, :admin_milestone, :admin_project_snippet, :admin_project_member, @@ -244,30 +244,40 @@ class Ability rules.flatten end - [:issue, :note, :project_snippet, :personal_snippet, :merge_request].each do |name| + + [:issue, :merge_request].each do |name| define_method "#{name}_abilities" do |user, subject| - if subject.author == user || user.is_admin? - rules = [ + rules = [] + + if subject.author == user || (subject.respond_to?(:assignee) && subject.assignee == user) + rules += [ :"read_#{name}", - :"write_#{name}", - :"modify_#{name}", - :"admin_#{name}" + :"update_#{name}", ] - rules.push(:change_visibility_level) if subject.is_a?(Snippet) - rules - elsif subject.respond_to?(:assignee) && subject.assignee == user - [ + end + + rules += project_abilities(user, subject.project) + rules + end + end + + [:note, :project_snippet, :personal_snippet].each do |name| + define_method "#{name}_abilities" do |user, subject| + rules = [] + + if subject.author == user + rules += [ :"read_#{name}", - :"write_#{name}", - :"modify_#{name}", + :"update_#{name}", + :"admin_#{name}" ] - else - if subject.respond_to?(:project) && subject.project - project_abilities(user, subject.project) - else - [] - end end + + if subject.respond_to?(:project) && subject.project + rules += project_abilities(user, subject.project) + end + + rules end end @@ -276,13 +286,16 @@ class Ability target_user = subject.user group = subject.group can_manage = group_abilities(user, group).include?(:admin_group) + if can_manage && (user != target_user) - rules << :modify_group_member + rules << :update_group_member rules << :destroy_group_member end + if !group.last_owner?(user) && (can_manage || (user == target_user)) rules << :destroy_group_member end + rules end @@ -299,8 +312,8 @@ class Ability def named_abilities(name) [ :"read_#{name}", - :"write_#{name}", - :"modify_#{name}", + :"create_#{name}", + :"update_#{name}", :"admin_#{name}" ] end diff --git a/app/services/issues/bulk_update_service.rb b/app/services/issues/bulk_update_service.rb index eb07413ee94..de8387c4900 100644 --- a/app/services/issues/bulk_update_service.rb +++ b/app/services/issues/bulk_update_service.rb @@ -10,7 +10,7 @@ module Issues issues = Issue.where(id: issues_ids) issues.each do |issue| - next unless can?(current_user, :modify_issue, issue) + next unless can?(current_user, :update_issue, issue) Issues::UpdateService.new(issue.project, current_user, issue_params).execute(issue) end diff --git a/app/services/update_snippet_service.rb b/app/services/update_snippet_service.rb index 9d181c2d2ab..e9328bb7323 100644 --- a/app/services/update_snippet_service.rb +++ b/app/services/update_snippet_service.rb @@ -9,9 +9,9 @@ class UpdateSnippetService < BaseService def execute # check that user is allowed to set specified visibility_level new_visibility = params[:visibility_level] + if new_visibility && new_visibility.to_i != snippet.visibility_level - unless can?(current_user, :change_visibility_level, snippet) && - Gitlab::VisibilityLevel.allowed_for?(current_user, new_visibility) + unless Gitlab::VisibilityLevel.allowed_for?(current_user, new_visibility) deny_visibility_level(snippet, new_visibility) return snippet end diff --git a/app/views/groups/group_members/_group_member.html.haml b/app/views/groups/group_members/_group_member.html.haml index ec39a755f0f..b460e0ff59e 100644 --- a/app/views/groups/group_members/_group_member.html.haml +++ b/app/views/groups/group_members/_group_member.html.haml @@ -32,7 +32,7 @@ %span.pull-right %strong= member.human_access - if show_controls - - if can?(current_user, :modify_group_member, member) + - if can?(current_user, :update_group_member, member) = button_tag class: "btn-xs btn js-toggle-button", title: 'Edit access level', type: 'button' do %i.fa.fa-pencil-square-o diff --git a/app/views/projects/_aside.html.haml b/app/views/projects/_aside.html.haml index 86a807a0cae..72aea8814f5 100644 --- a/app/views/projects/_aside.html.haml +++ b/app/views/projects/_aside.html.haml @@ -22,11 +22,11 @@ Contribution guide .actions - - if can? current_user, :write_issue, @project + - if can? current_user, :create_issue, @project = link_to url_for_new_issue(@project, only_path: true), title: "New Issue", class: 'btn btn-sm append-right-10' do New Issue - - if can? current_user, :write_merge_request, @project + - if can? current_user, :create_merge_request, @project = link_to new_namespace_project_merge_request_path(@project.namespace, @project), class: "btn btn-sm", title: "New Merge Request" do New Merge Request diff --git a/app/views/projects/diffs/_parallel_view.html.haml b/app/views/projects/diffs/_parallel_view.html.haml index cb41dd852d3..37fd1b1ec8a 100644 --- a/app/views/projects/diffs/_parallel_view.html.haml +++ b/app/views/projects/diffs/_parallel_view.html.haml @@ -18,7 +18,7 @@ - elsif type_left == 'old' || type_left.nil? %td.old_line{id: line_code_left, class: "#{type_left}"} = link_to raw(line_number_left), "##{line_code_left}", id: line_code_left - - if @comments_allowed && can?(current_user, :write_note, @project) + - if @comments_allowed && can?(current_user, :create_note, @project) = link_to_new_diff_note(line_code_left, 'old') %td.line_content{class: "parallel noteable_line #{type_left} #{line_code_left}", "line_code" => line_code_left }= raw line_content_left @@ -31,7 +31,7 @@ %td.new_line{id: new_line_code, class: "#{new_line_class}", data: { linenumber: line_number_right }} = link_to raw(line_number_right), "##{new_line_code}", id: new_line_code - - if @comments_allowed && can?(current_user, :write_note, @project) + - if @comments_allowed && can?(current_user, :create_note, @project) = link_to_new_diff_note(line_code_right, 'new') %td.line_content.parallel{class: "noteable_line #{new_line_class} #{new_line_code}", "line_code" => new_line_code}= raw line_content_right diff --git a/app/views/projects/diffs/_text_file.html.haml b/app/views/projects/diffs/_text_file.html.haml index a6373181b45..ed4c601bcdb 100644 --- a/app/views/projects/diffs/_text_file.html.haml +++ b/app/views/projects/diffs/_text_file.html.haml @@ -16,7 +16,7 @@ - else %td.old_line = link_to raw(type == "new" ? " " : line_old), "##{line_code}", id: line_code - - if @comments_allowed && can?(current_user, :write_note, @project) + - if @comments_allowed && can?(current_user, :create_note, @project) = link_to_new_diff_note(line_code) %td.new_line{data: {linenumber: line.new_pos}} = link_to raw(type == "old" ? " " : line.new_pos) , "##{line_code}", id: line_code diff --git a/app/views/projects/issues/_discussion.html.haml b/app/views/projects/issues/_discussion.html.haml index a099e597294..f61ae957208 100644 --- a/app/views/projects/issues/_discussion.html.haml +++ b/app/views/projects/issues/_discussion.html.haml @@ -1,5 +1,5 @@ - content_for :note_actions do - - if can?(current_user, :modify_issue, @issue) + - if can?(current_user, :update_issue, @issue) - if @issue.closed? = link_to 'Reopen Issue', issue_path(@issue, issue: {state_event: :reopen}, status_only: true), method: :put, class: 'btn btn-grouped btn-reopen js-note-target-reopen', title: 'Reopen Issue' - else diff --git a/app/views/projects/issues/index.html.haml b/app/views/projects/issues/index.html.haml index 2785ff25e69..d06225f5488 100644 --- a/app/views/projects/issues/index.html.haml +++ b/app/views/projects/issues/index.html.haml @@ -13,7 +13,7 @@ = render 'shared/issuable/search_form', path: namespace_project_issues_path(@project.namespace, @project) - - if can? current_user, :write_issue, @project + - if can? current_user, :create_issue, @project = link_to new_namespace_project_issue_path(@project.namespace, @project, issue: { assignee_id: @issuable_finder.assignee.try(:id), milestone_id: @issuable_finder.milestones.try(:first).try(:id) }), class: "btn btn-new pull-left", title: "New Issue", id: "new_issue_link" do %i.fa.fa-plus New Issue diff --git a/app/views/projects/issues/show.html.haml b/app/views/projects/issues/show.html.haml index 5bbb1fd4e92..54d33a5ddd1 100644 --- a/app/views/projects/issues/show.html.haml +++ b/app/views/projects/issues/show.html.haml @@ -12,11 +12,11 @@ · created by #{link_to_member(@project, @issue.author)} #{issue_timestamp(@issue)} .pull-right - - if can?(current_user, :write_issue, @project) + - if can?(current_user, :create_issue, @project) = link_to new_namespace_project_issue_path(@project.namespace, @project), class: 'btn btn-grouped new-issue-link', title: 'New Issue', id: 'new_issue_link' do = icon('plus') New Issue - - if can?(current_user, :modify_issue, @issue) + - if can?(current_user, :update_issue, @issue) - if @issue.closed? = link_to 'Reopen', issue_path(@issue, issue: {state_event: :reopen}, status_only: true), method: :put, class: 'btn btn-grouped btn-reopen' - else @@ -31,7 +31,7 @@ = gfm escape_once(@issue.title) %div - if @issue.description.present? - .description{class: can?(current_user, :modify_issue, @issue) ? 'js-task-list-container' : ''} + .description{class: can?(current_user, :update_issue, @issue) ? 'js-task-list-container' : ''} .wiki = preserve do = markdown(@issue.description) diff --git a/app/views/projects/merge_requests/_discussion.html.haml b/app/views/projects/merge_requests/_discussion.html.haml index 76088b9c862..f855dfec321 100644 --- a/app/views/projects/merge_requests/_discussion.html.haml +++ b/app/views/projects/merge_requests/_discussion.html.haml @@ -1,5 +1,5 @@ - content_for :note_actions do - - if can?(current_user, :modify_merge_request, @merge_request) + - if can?(current_user, :update_merge_request, @merge_request) - if @merge_request.open? = link_to 'Close', merge_request_path(@merge_request, merge_request: {state_event: :close }), method: :put, class: "btn btn-grouped btn-close close-mr-link js-note-target-close", title: "Close merge request" - if @merge_request.closed? diff --git a/app/views/projects/merge_requests/index.html.haml b/app/views/projects/merge_requests/index.html.haml index 750cc3e6eea..e0bc1df97ee 100644 --- a/app/views/projects/merge_requests/index.html.haml +++ b/app/views/projects/merge_requests/index.html.haml @@ -3,7 +3,7 @@ .pull-right = render 'shared/issuable/search_form', path: namespace_project_merge_requests_path(@project.namespace, @project) - - if can? current_user, :write_merge_request, @project + - if can? current_user, :create_merge_request, @project .pull-left.hidden-xs = link_to new_namespace_project_merge_request_path(@project.namespace, @project), class: "btn btn-new", title: "New Merge Request" do %i.fa.fa-plus diff --git a/app/views/projects/merge_requests/show/_mr_box.html.haml b/app/views/projects/merge_requests/show/_mr_box.html.haml index b3470ba37d6..e3cd4346872 100644 --- a/app/views/projects/merge_requests/show/_mr_box.html.haml +++ b/app/views/projects/merge_requests/show/_mr_box.html.haml @@ -3,7 +3,7 @@ %div - if @merge_request.description.present? - .description{class: can?(current_user, :modify_merge_request, @merge_request) ? 'js-task-list-container' : ''} + .description{class: can?(current_user, :update_merge_request, @merge_request) ? 'js-task-list-container' : ''} .wiki = preserve do = markdown(@merge_request.description) diff --git a/app/views/projects/merge_requests/show/_mr_title.html.haml b/app/views/projects/merge_requests/show/_mr_title.html.haml index 83baf157a92..4e8144b4de2 100644 --- a/app/views/projects/merge_requests/show/_mr_title.html.haml +++ b/app/views/projects/merge_requests/show/_mr_title.html.haml @@ -7,7 +7,7 @@ created by #{link_to_member(@project, @merge_request.author)} #{time_ago_with_tooltip(@merge_request.created_at)} .issue-btn-group.pull-right - - if can?(current_user, :modify_merge_request, @merge_request) + - if can?(current_user, :update_merge_request, @merge_request) - if @merge_request.open? = link_to 'Close', merge_request_path(@merge_request, merge_request: { state_event: :close }), method: :put, class: "btn btn-grouped btn-close", title: "Close merge request" = link_to edit_namespace_project_merge_request_path(@project.namespace, @project, @merge_request), class: "btn btn-grouped issuable-edit", id: "edit_merge_request" do diff --git a/app/views/projects/milestones/show.html.haml b/app/views/projects/milestones/show.html.haml index 5c85092a045..5947498e379 100644 --- a/app/views/projects/milestones/show.html.haml +++ b/app/views/projects/milestones/show.html.haml @@ -62,7 +62,7 @@ %span.badge= @users.count .pull-right - - if can?(current_user, :write_issue, @project) + - if can?(current_user, :create_issue, @project) = link_to new_namespace_project_issue_path(@project.namespace, @project, issue: { milestone_id: @milestone.id }), class: "btn btn-grouped", title: "New Issue" do %i.fa.fa-plus New Issue diff --git a/app/views/projects/notes/_notes_with_form.html.haml b/app/views/projects/notes/_notes_with_form.html.haml index a202e74a892..04222b8f7c4 100644 --- a/app/views/projects/notes/_notes_with_form.html.haml +++ b/app/views/projects/notes/_notes_with_form.html.haml @@ -3,7 +3,7 @@ .js-notes-busy .js-main-target-form -- if can? current_user, :write_note, @project +- if can? current_user, :create_note, @project = render "projects/notes/form", view: params[:view] :javascript diff --git a/app/views/projects/snippets/index.html.haml b/app/views/projects/snippets/index.html.haml index da9401bd8c1..30081673ffc 100644 --- a/app/views/projects/snippets/index.html.haml +++ b/app/views/projects/snippets/index.html.haml @@ -1,7 +1,7 @@ - page_title "Snippets" %h3.page-title Snippets - - if can? current_user, :write_project_snippet, @project + - if can? current_user, :create_project_snippet, @project = link_to new_namespace_project_snippet_path(@project.namespace, @project), class: "btn btn-new pull-right", title: "New Snippet" do Add new snippet diff --git a/app/views/projects/snippets/show.html.haml b/app/views/projects/snippets/show.html.haml index 5725d804df3..8cbb813c758 100644 --- a/app/views/projects/snippets/show.html.haml +++ b/app/views/projects/snippets/show.html.haml @@ -28,7 +28,7 @@ = @snippet.file_name .file-actions .btn-group - - if can?(current_user, :modify_project_snippet, @snippet) + - if can?(current_user, :update_project_snippet, @snippet) = link_to "edit", edit_namespace_project_snippet_path(@project.namespace, @project, @snippet), class: "btn btn-sm", title: 'Edit Snippet' = link_to "raw", raw_namespace_project_snippet_path(@project.namespace, @project, @snippet), class: "btn btn-sm", target: "_blank" - if can?(current_user, :admin_project_snippet, @snippet) diff --git a/app/views/projects/wikis/_main_links.html.haml b/app/views/projects/wikis/_main_links.html.haml index 633214a4e86..788bb8cf1e2 100644 --- a/app/views/projects/wikis/_main_links.html.haml +++ b/app/views/projects/wikis/_main_links.html.haml @@ -2,7 +2,7 @@ - if (@page && @page.persisted?) = link_to history_namespace_project_wiki_path(@project.namespace, @project, @page), class: "btn btn-grouped" do Page History - - if can?(current_user, :write_wiki, @project) + - if can?(current_user, :create_wiki, @project) = link_to edit_namespace_project_wiki_path(@project.namespace, @project, @page), class: "btn btn-grouped" do %i.fa.fa-pencil-square-o Edit diff --git a/app/views/projects/wikis/_nav.html.haml b/app/views/projects/wikis/_nav.html.haml index 693c3facb32..804a1b52dbe 100644 --- a/app/views/projects/wikis/_nav.html.haml +++ b/app/views/projects/wikis/_nav.html.haml @@ -10,7 +10,7 @@ %i.fa.fa-download Git Access - - if can?(current_user, :write_wiki, @project) + - if can?(current_user, :create_wiki, @project) .pull-right = link_to '#modal-new-wiki', class: "add-new-wiki btn btn-new", "data-toggle" => "modal" do %i.fa.fa-plus diff --git a/app/views/snippets/show.html.haml b/app/views/snippets/show.html.haml index 70a95abde6f..089e8122918 100644 --- a/app/views/snippets/show.html.haml +++ b/app/views/snippets/show.html.haml @@ -36,7 +36,7 @@ = @snippet.file_name .file-actions .btn-group - - if can?(current_user, :modify_personal_snippet, @snippet) + - if can?(current_user, :update_personal_snippet, @snippet) = link_to "edit", edit_snippet_path(@snippet), class: "btn btn-sm", title: 'Edit Snippet' = link_to "raw", raw_snippet_path(@snippet), class: "btn btn-sm", target: "_blank" - if can?(current_user, :admin_personal_snippet, @snippet) diff --git a/lib/api/issues.rb b/lib/api/issues.rb index 4d632ce77c1..6e7a7672070 100644 --- a/lib/api/issues.rb +++ b/lib/api/issues.rb @@ -144,7 +144,7 @@ module API # PUT /projects/:id/issues/:issue_id put ":id/issues/:issue_id" do issue = user_project.issues.find(params[:issue_id]) - authorize! :modify_issue, issue + authorize! :update_issue, issue attrs = attributes_for_keys [:title, :description, :assignee_id, :milestone_id, :state_event] # Validate label names in advance diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb index d835dce2ded..aa43e1dffd9 100644 --- a/lib/api/merge_requests.rb +++ b/lib/api/merge_requests.rb @@ -109,7 +109,7 @@ module API # POST /projects/:id/merge_requests # post ":id/merge_requests" do - authorize! :write_merge_request, user_project + authorize! :create_merge_request, user_project required_attributes! [:source_branch, :target_branch, :title] attrs = attributes_for_keys [:source_branch, :target_branch, :assignee_id, :title, :target_project_id, :description] @@ -149,7 +149,7 @@ module API put ":id/merge_request/:merge_request_id" do attrs = attributes_for_keys [:target_branch, :assignee_id, :title, :state_event, :description] merge_request = user_project.merge_requests.find(params[:merge_request_id]) - authorize! :modify_merge_request, merge_request + authorize! :update_merge_request, merge_request # Ensure source_branch is not specified if params[:source_branch].present? diff --git a/lib/api/project_snippets.rb b/lib/api/project_snippets.rb index 54f2555903f..22ce3c6a066 100644 --- a/lib/api/project_snippets.rb +++ b/lib/api/project_snippets.rb @@ -46,7 +46,7 @@ module API # Example Request: # POST /projects/:id/snippets post ":id/snippets" do - authorize! :write_project_snippet, user_project + authorize! :create_project_snippet, user_project required_attributes! [:title, :file_name, :code, :visibility_level] attrs = attributes_for_keys [:title, :file_name, :visibility_level] @@ -74,7 +74,7 @@ module API # PUT /projects/:id/snippets/:snippet_id put ":id/snippets/:snippet_id" do @snippet = user_project.snippets.find(params[:snippet_id]) - authorize! :modify_project_snippet, @snippet + authorize! :update_project_snippet, @snippet attrs = attributes_for_keys [:title, :file_name, :visibility_level] attrs[:content] = params[:code] if params[:code].present? @@ -98,7 +98,7 @@ module API delete ":id/snippets/:snippet_id" do begin @snippet = user_project.snippets.find(params[:snippet_id]) - authorize! :modify_project_snippet, @snippet + authorize! :update_project_snippet, @snippet @snippet.destroy rescue not_found!('Snippet') diff --git a/lib/gitlab/git_access_wiki.rb b/lib/gitlab/git_access_wiki.rb index 8ba97184e69..8672cbc0ec4 100644 --- a/lib/gitlab/git_access_wiki.rb +++ b/lib/gitlab/git_access_wiki.rb @@ -1,7 +1,7 @@ module Gitlab class GitAccessWiki < GitAccess def change_access_check(change) - if user.can?(:write_wiki, project) + if user.can?(:create_wiki, project) build_status_object(true) else build_status_object(false, "You are not allowed to write to this project's wiki.") diff --git a/spec/models/members/project_member_spec.rb b/spec/models/members/project_member_spec.rb index 5c72cfe1d6a..ee912bf12a2 100644 --- a/spec/models/members/project_member_spec.rb +++ b/spec/models/members/project_member_spec.rb @@ -43,7 +43,7 @@ describe ProjectMember do it { expect(@project_2.users).to include(@user_1) } it { expect(@project_2.users).to include(@user_2) } - it { expect(@abilities.allowed?(@user_1, :write_project, @project_2)).to be_truthy } + it { expect(@abilities.allowed?(@user_1, :create_project, @project_2)).to be_truthy } it { expect(@abilities.allowed?(@user_2, :read_project, @project_2)).to be_truthy } end diff --git a/spec/models/note_spec.rb b/spec/models/note_spec.rb index 9037992bb08..eba33dd510f 100644 --- a/spec/models/note_spec.rb +++ b/spec/models/note_spec.rb @@ -172,9 +172,9 @@ describe Note do @p2.project_members.create(user: @u3, access_level: ProjectMember::DEVELOPER) end - it { expect(@abilities.allowed?(@u1, :write_note, @p1)).to be_falsey } - it { expect(@abilities.allowed?(@u2, :write_note, @p1)).to be_truthy } - it { expect(@abilities.allowed?(@u3, :write_note, @p1)).to be_falsey } + it { expect(@abilities.allowed?(@u1, :create_note, @p1)).to be_falsey } + it { expect(@abilities.allowed?(@u2, :create_note, @p1)).to be_truthy } + it { expect(@abilities.allowed?(@u3, :create_note, @p1)).to be_falsey } end describe 'admin' do |