Fixed some missing permission conditions

2 files changed, 12 insertions, 11 deletions

diff --git a/app/views/groups/_settings_head.html.haml b/app/views/groups/_settings_head.html.haml
index d225f7ed3c0..d99426bc2c1 100644
--- a/app/views/groups/_settings_head.html.haml
+++ b/app/views/groups/_settings_head.html.haml
@@ -1,3 +1,5 @@
+- can_admin_group = can?(current_user, :admin_group, @group)
+- can_edit = can?(current_user, :admin_group, @group)
 = content_for :sub_nav do
   .scrolling-tabs-container.sub-nav-scroll
     = render 'shared/nav_scroll'
@@ -8,7 +10,8 @@
             %span
               Projects
 
-        = nav_link(path: 'groups#edit') do
-          = link_to edit_group_path(@group), title: 'Edit Group' do
-            %span
-              Edit Group
+        - if can_edit && can_admin_group
+          = nav_link(path: 'groups#edit') do
+            = link_to edit_group_path(@group), title: 'Edit Group' do
+              %span
+                Edit Group
diff --git a/app/views/layouts/nav/_group.html.haml b/app/views/layouts/nav/_group.html.haml
index 9de0e344196..b2ecf6504e0 100644
--- a/app/views/layouts/nav/_group.html.haml
+++ b/app/views/layouts/nav/_group.html.haml
@@ -1,5 +1,4 @@
 - can_admin_group = can?(current_user, :admin_group, @group)
-- can_edit = can?(current_user, :admin_group, @group)
 .scrolling-tabs-container{ class: nav_control_class }
   .fade-left
     = icon('angle-left')
@@ -26,9 +25,8 @@
       = link_to group_group_members_path(@group), title: 'Members' do
         %span
           Members
-    - if current_user
-      - if can_admin_group || can_edit
-        = nav_link(path: %w[groups#projects groups#edit]) do
-          = link_to projects_group_path(@group), title: 'Settings' do
-            %span
-              Settings
+    - if current_user && can_admin_group
+      = nav_link(path: %w[groups#projects groups#edit]) do
+        = link_to projects_group_path(@group), title: 'Settings' do
+          %span
+            Settings