diff options
| author | Douwe Maan <douwe@gitlab.com> | 2015-07-28 16:32:15 +0200 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2015-07-28 16:32:15 +0200 |
| commit | f9bcb9632c1f7f5c5c72d50a90289baa2af762f5 (patch) | |
| tree | 8f72848f4a2560f52ea99d361d1128e7a7ff2e04 | |
| parent | 43d118803133558209973464b1c16fd4c7ba446c (diff) | |
| download | gitlab-ce-f9bcb9632c1f7f5c5c72d50a90289baa2af762f5.tar.gz | |
Add specific ability for managing group members
| -rw-r--r-- | app/controllers/groups/group_members_controller.rb | 7 | ||||
| -rw-r--r-- | app/models/ability.rb | 5 | ||||
| -rw-r--r-- | app/views/dashboard/groups/index.html.haml | 7 | ||||
| -rw-r--r-- | app/views/groups/group_members/_group_member.html.haml | 2 | ||||
| -rw-r--r-- | app/views/groups/group_members/index.html.haml | 2 |
5 files changed, 16 insertions, 7 deletions
diff --git a/app/controllers/groups/group_members_controller.rb b/app/controllers/groups/group_members_controller.rb index 040255f08e6..b9c428a964f 100644 --- a/app/controllers/groups/group_members_controller.rb +++ b/app/controllers/groups/group_members_controller.rb @@ -21,6 +21,8 @@ class Groups::GroupMembersController < Groups::ApplicationController end def create + return render_403 unless can?(current_user, :admin_group_member, @group) + @group.add_users(params[:user_ids].split(','), params[:access_level], current_user) redirect_to group_group_members_path(@group), notice: 'Users were successfully added.' @@ -28,6 +30,9 @@ class Groups::GroupMembersController < Groups::ApplicationController def update @member = @group.group_members.find(params[:id]) + + return render_403 unless can?(current_user, :update_group_member, @member) + @member.update_attributes(member_params) end @@ -46,6 +51,8 @@ class Groups::GroupMembersController < Groups::ApplicationController end def resend_invite + return render_403 unless can?(current_user, :admin_group_member, @group) + redirect_path = group_group_members_path(@group) @group_member = @group.group_members.find(params[:id]) diff --git a/app/models/ability.rb b/app/models/ability.rb index 6a8f683bc89..f8e5afa9b01 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -233,7 +233,8 @@ class Ability if group.has_owner?(user) || user.admin? rules.push(*[ :admin_group, - :admin_namespace + :admin_namespace, + :admin_group_member ]) end @@ -295,7 +296,7 @@ class Ability rules = [] target_user = subject.user group = subject.group - can_manage = group_abilities(user, group).include?(:admin_group) + can_manage = group_abilities(user, group).include?(:admin_group_member) if can_manage && (user != target_user) rules << :update_group_member diff --git a/app/views/dashboard/groups/index.html.haml b/app/views/dashboard/groups/index.html.haml index 0a354373b9b..b75c11795bd 100644 --- a/app/views/dashboard/groups/index.html.haml +++ b/app/views/dashboard/groups/index.html.haml @@ -23,9 +23,10 @@ %i.fa.fa-cogs Settings - = link_to leave_group_group_members_path(group), data: { confirm: leave_group_message(group.name) }, method: :delete, class: "btn-sm btn btn-grouped", title: 'Leave this group' do - %i.fa.fa-sign-out - Leave + - if can?(current_user, :destroy_group_member, group_member) + = link_to leave_group_group_members_path(group), data: { confirm: leave_group_message(group.name) }, method: :delete, class: "btn-sm btn btn-grouped", title: 'Leave this group' do + %i.fa.fa-sign-out + Leave = image_tag group_icon(group), class: "avatar s40 avatar-tile hidden-xs" = link_to group, class: 'group-name' do diff --git a/app/views/groups/group_members/_group_member.html.haml b/app/views/groups/group_members/_group_member.html.haml index b460e0ff59e..acc7f8b28c2 100644 --- a/app/views/groups/group_members/_group_member.html.haml +++ b/app/views/groups/group_members/_group_member.html.haml @@ -24,7 +24,7 @@ = link_to member.created_by.name, user_path(member.created_by) = time_ago_with_tooltip(member.created_at) - - if show_controls && can?(current_user, :admin_group, @group) + - if show_controls && can?(current_user, :admin_group_member, member) = link_to resend_invite_group_group_member_path(@group, member), method: :post, class: "btn-xs btn", title: 'Resend invite' do Resend invite diff --git a/app/views/groups/group_members/index.html.haml b/app/views/groups/group_members/index.html.haml index a70d1ff0697..dba395cc8fa 100644 --- a/app/views/groups/group_members/index.html.haml +++ b/app/views/groups/group_members/index.html.haml @@ -17,7 +17,7 @@ = search_field_tag :search, params[:search], { placeholder: 'Find existing member by name', class: 'form-control search-text-input' } = button_tag 'Search', class: 'btn' - - if current_user && current_user.can?(:admin_group, @group) + - if current_user && current_user.can?(:admin_group_member, @group) .pull-right = button_tag class: 'btn btn-new js-toggle-button', type: 'button' do Add members |