diff options
author | Felipe Artur <felipefac@gmail.com> | 2016-07-15 18:46:29 -0300 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2016-07-20 14:38:21 +0200 |
commit | 4d69cb9d9460f9805bfc1f34ca3a600f54804167 (patch) | |
tree | d252ca69044d640cdc4d5253a00552ec5e90d5cc | |
parent | a920bf3834e870dbc1afabb043c962d26a9c9664 (diff) | |
download | gitlab-ce-4d69cb9d9460f9805bfc1f34ca3a600f54804167.tar.gz |
Allow to disable user request access to groups/projects
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | app/controllers/admin/groups_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/groups_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/projects_controller.rb | 2 | ||||
-rw-r--r-- | app/models/ability.rb | 4 | ||||
-rw-r--r-- | app/views/admin/groups/_form.html.haml | 4 | ||||
-rw-r--r-- | app/views/groups/edit.html.haml | 4 | ||||
-rw-r--r-- | app/views/projects/edit.html.haml | 4 | ||||
-rw-r--r-- | app/views/shared/_allow_request_access.html.haml | 6 | ||||
-rw-r--r-- | db/migrate/20160715154212_add_request_access_enabled_to_projects.rb | 12 | ||||
-rw-r--r-- | db/migrate/20160715204316_add_request_access_enabled_to_groups.rb | 12 | ||||
-rw-r--r-- | db/schema.rb | 12 | ||||
-rw-r--r-- | doc/workflow/add-user/add-user.md | 3 | ||||
-rw-r--r-- | doc/workflow/groups.md | 3 | ||||
-rw-r--r-- | spec/features/groups/members/user_requests_access_spec.rb | 16 | ||||
-rw-r--r-- | spec/features/projects/members/user_requests_access_spec.rb | 9 |
16 files changed, 86 insertions, 10 deletions
diff --git a/CHANGELOG b/CHANGELOG index e9c86cc0bf3..2bc08da802c 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -13,6 +13,7 @@ v 8.10.0 (unreleased) - Fix commit builds API, return all builds for all pipelines for given commit. !4849 - Replace Haml with Hamlit to make view rendering faster. !3666 - Refresh the branch cache after `git gc` runs + - Allow to disable request access button on projects/groups - Refactor repository paths handling to allow multiple git mount points - Optimize system note visibility checking by memoizing the visible reference count !5070 - Add Application Setting to configure default Repository Path for new projects diff --git a/app/controllers/admin/groups_controller.rb b/app/controllers/admin/groups_controller.rb index 94b5aaa71d0..f3a88a8e6c8 100644 --- a/app/controllers/admin/groups_controller.rb +++ b/app/controllers/admin/groups_controller.rb @@ -60,6 +60,6 @@ class Admin::GroupsController < Admin::ApplicationController end def group_params - params.require(:group).permit(:name, :description, :path, :avatar, :visibility_level) + params.require(:group).permit(:name, :description, :path, :avatar, :visibility_level, :request_access_enabled) end end diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index a04bf7df722..6780a6d4d87 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -121,7 +121,7 @@ class GroupsController < Groups::ApplicationController end def group_params - params.require(:group).permit(:name, :description, :path, :avatar, :public, :visibility_level, :share_with_group_lock) + params.require(:group).permit(:name, :description, :path, :avatar, :public, :visibility_level, :share_with_group_lock, :request_access_enabled) end def load_events diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 4e5bcff9cf8..ec7a2e63b9a 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -296,7 +296,7 @@ class ProjectsController < Projects::ApplicationController :issues_tracker_id, :default_branch, :wiki_enabled, :visibility_level, :import_url, :last_activity_at, :namespace_id, :avatar, :builds_enabled, :build_allow_git_fetch, :build_timeout_in_minutes, :build_coverage_regex, - :public_builds, :only_allow_merge_if_build_succeeds + :public_builds, :only_allow_merge_if_build_succeeds, :request_access_enabled ) end diff --git a/app/models/ability.rb b/app/models/ability.rb index 6fd18f2ee24..e6c186c6910 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -172,7 +172,7 @@ class Ability rules << :read_build if project.public_builds? unless owner || project.team.member?(user) || project_group_member?(project, user) - rules << :request_access + rules << :request_access if project.request_access_enabled end end @@ -372,7 +372,7 @@ class Ability ] end - if group.public? || (group.internal? && !user.external?) + if (group.public? || (group.internal? && !user.external?)) && group.request_access_enabled rules << :request_access unless group.users.include?(user) end diff --git a/app/views/admin/groups/_form.html.haml b/app/views/admin/groups/_form.html.haml index 0cc405401cf..5f7fdfdb011 100644 --- a/app/views/admin/groups/_form.html.haml +++ b/app/views/admin/groups/_form.html.haml @@ -9,6 +9,10 @@ = render 'shared/visibility_level', f: f, visibility_level: @group.visibility_level, can_change_visibility_level: can_change_group_visibility_level?(@group), form_model: @group + .form-group + .col-sm-offset-2.col-sm-10 + = render 'shared/allow_request_access', form: f + - if @group.new_record? .form-group .col-sm-offset-2.col-sm-10 diff --git a/app/views/groups/edit.html.haml b/app/views/groups/edit.html.haml index 92cd4c553d0..decb89b2fd6 100644 --- a/app/views/groups/edit.html.haml +++ b/app/views/groups/edit.html.haml @@ -22,6 +22,10 @@ = render 'shared/visibility_level', f: f, visibility_level: @group.visibility_level, can_change_visibility_level: can_change_group_visibility_level?(@group), form_model: @group .form-group + .col-sm-offset-2.col-sm-10 + = render 'shared/allow_request_access', form: f + + .form-group %hr = f.label :share_with_group_lock, class: 'control-label' do Share with group lock diff --git a/app/views/projects/edit.html.haml b/app/views/projects/edit.html.haml index 57af167180b..541d81e65e5 100644 --- a/app/views/projects/edit.html.haml +++ b/app/views/projects/edit.html.haml @@ -32,6 +32,10 @@ %strong = visibility_level_label(@project.visibility_level) .light= visibility_level_description(@project.visibility_level, @project) + + .form-group + = render 'shared/allow_request_access', form: f + .form-group = f.label :tag_list, "Tags", class: 'label-light' = f.text_field :tag_list, value: @project.tag_list.to_s, maxlength: 2000, class: "form-control" diff --git a/app/views/shared/_allow_request_access.html.haml b/app/views/shared/_allow_request_access.html.haml new file mode 100644 index 00000000000..53a99a736c0 --- /dev/null +++ b/app/views/shared/_allow_request_access.html.haml @@ -0,0 +1,6 @@ +.checkbox + = form.label :request_access_enabled do + = form.check_box :request_access_enabled + %strong Allow users to request access + %br + %span.descr Allow users to request access if visibility is public or internal. diff --git a/db/migrate/20160715154212_add_request_access_enabled_to_projects.rb b/db/migrate/20160715154212_add_request_access_enabled_to_projects.rb new file mode 100644 index 00000000000..bf0131c6d76 --- /dev/null +++ b/db/migrate/20160715154212_add_request_access_enabled_to_projects.rb @@ -0,0 +1,12 @@ +class AddRequestAccessEnabledToProjects < ActiveRecord::Migration + include Gitlab::Database::MigrationHelpers + disable_ddl_transaction! + + def up + add_column_with_default :projects, :request_access_enabled, :boolean, default: true + end + + def down + remove_column :projects, :request_access_enabled + end +end diff --git a/db/migrate/20160715204316_add_request_access_enabled_to_groups.rb b/db/migrate/20160715204316_add_request_access_enabled_to_groups.rb new file mode 100644 index 00000000000..e7b14cd3ee2 --- /dev/null +++ b/db/migrate/20160715204316_add_request_access_enabled_to_groups.rb @@ -0,0 +1,12 @@ +class AddRequestAccessEnabledToGroups < ActiveRecord::Migration + include Gitlab::Database::MigrationHelpers + disable_ddl_transaction! + + def up + add_column_with_default :namespaces, :request_access_enabled, :boolean, default: true + end + + def down + remove_column :namespaces, :request_access_enabled + end +end diff --git a/db/schema.rb b/db/schema.rb index ebf31ded369..72780fb8d03 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -664,16 +664,17 @@ ActiveRecord::Schema.define(version: 20160718153603) do add_index "milestones", ["title"], name: "index_milestones_on_title_trigram", using: :gin, opclasses: {"title"=>"gin_trgm_ops"} create_table "namespaces", force: :cascade do |t| - t.string "name", null: false - t.string "path", null: false + t.string "name", null: false + t.string "path", null: false t.integer "owner_id" t.datetime "created_at" t.datetime "updated_at" t.string "type" - t.string "description", default: "", null: false + t.string "description", default: "", null: false t.string "avatar" - t.boolean "share_with_group_lock", default: false - t.integer "visibility_level", default: 20, null: false + t.boolean "share_with_group_lock", default: false + t.integer "visibility_level", default: 20, null: false + t.boolean "request_access_enabled", default: true, null: false end add_index "namespaces", ["created_at", "id"], name: "index_namespaces_on_created_at_and_id", using: :btree @@ -843,6 +844,7 @@ ActiveRecord::Schema.define(version: 20160718153603) do t.boolean "has_external_issue_tracker" t.string "repository_storage", default: "default", null: false t.boolean "has_external_wiki" + t.boolean "request_access_enabled", default: true, null: false end add_index "projects", ["builds_enabled", "shared_runners_enabled"], name: "index_projects_on_builds_enabled_and_shared_runners_enabled", using: :btree diff --git a/doc/workflow/add-user/add-user.md b/doc/workflow/add-user/add-user.md index 0537ce0bcd4..53d9750d4d3 100644 --- a/doc/workflow/add-user/add-user.md +++ b/doc/workflow/add-user/add-user.md @@ -90,6 +90,9 @@ GitLab account using the same e-mail address the invitation was sent to. ## Request access to a project +As project owner you can enable or disable non members to request access to +your project. Go to project settings and click on **allow users to request access** + As a user, you can request to be a member of a project. Go to the project you'd like to be a member of, and click the **Request Access** button on the right side of your screen. diff --git a/doc/workflow/groups.md b/doc/workflow/groups.md index 9b50286b179..f56de4f3f25 100644 --- a/doc/workflow/groups.md +++ b/doc/workflow/groups.md @@ -53,6 +53,9 @@ If necessary, you can increase the access level of an individual user for a spec ## Requesting access to a group +As group owner you can enable or disable non members to request access to +your group. Go to group settings and click on **allow users to request access** + As a user, you can request to be a member of a group. Go to the group you'd like to be a member of, and click the **Request Access** button on the right side of your screen. diff --git a/spec/features/groups/members/user_requests_access_spec.rb b/spec/features/groups/members/user_requests_access_spec.rb index d1a6a98ab72..5d3fc23d6f4 100644 --- a/spec/features/groups/members/user_requests_access_spec.rb +++ b/spec/features/groups/members/user_requests_access_spec.rb @@ -9,10 +9,19 @@ feature 'Groups > Members > User requests access', feature: true do background do group.add_owner(owner) login_as(user) + end + + scenario 'request access feature is disabled' do + group.update_attributes(request_access_enabled: false) + visit group_path(group) + visit group_path(group) + expect(page).not_to have_content 'Request Access' end scenario 'user can request access to a group' do + visit group_path(group) + perform_enqueued_jobs { click_link 'Request Access' } expect(ActionMailer::Base.deliveries.last.to).to eq [owner.notification_email] @@ -26,12 +35,15 @@ feature 'Groups > Members > User requests access', feature: true do end scenario 'user does not see private projects' do + visit group_path(group) + perform_enqueued_jobs { click_link 'Request Access' } expect(page).not_to have_content project.name end scenario 'user does not see group in the Dashboard > Groups page' do + visit group_path(group) perform_enqueued_jobs { click_link 'Request Access' } visit dashboard_groups_path @@ -40,6 +52,8 @@ feature 'Groups > Members > User requests access', feature: true do end scenario 'user is not listed in the group members page' do + visit group_path(group) + click_link 'Request Access' expect(group.requesters.exists?(user_id: user)).to be_truthy @@ -52,6 +66,8 @@ feature 'Groups > Members > User requests access', feature: true do end scenario 'user can withdraw its request for access' do + visit group_path(group) + click_link 'Request Access' expect(group.requesters.exists?(user_id: user)).to be_truthy diff --git a/spec/features/projects/members/user_requests_access_spec.rb b/spec/features/projects/members/user_requests_access_spec.rb index f2fe3ef364d..3190fa21a15 100644 --- a/spec/features/projects/members/user_requests_access_spec.rb +++ b/spec/features/projects/members/user_requests_access_spec.rb @@ -8,10 +8,17 @@ feature 'Projects > Members > User requests access', feature: true do background do project.team << [master, :master] login_as(user) + end + + scenario 'request access feature is disabled' do + project.update_attributes(request_access_enabled: false) + visit namespace_project_path(project.namespace, project) + expect(page).not_to have_content 'Request Access' end scenario 'user can request access to a project' do + visit namespace_project_path(project.namespace, project) perform_enqueued_jobs { click_link 'Request Access' } expect(ActionMailer::Base.deliveries.last.to).to eq [master.notification_email] @@ -25,6 +32,7 @@ feature 'Projects > Members > User requests access', feature: true do end scenario 'user is not listed in the project members page' do + visit namespace_project_path(project.namespace, project) click_link 'Request Access' expect(project.requesters.exists?(user_id: user)).to be_truthy @@ -39,6 +47,7 @@ feature 'Projects > Members > User requests access', feature: true do end scenario 'user can withdraw its request for access' do + visit namespace_project_path(project.namespace, project) click_link 'Request Access' expect(project.requesters.exists?(user_id: user)).to be_truthy |