diff options
| author | Dmitriy Zaporozhets <dzaporozhets@sphereconsultinginc.com> | 2012-02-16 09:03:55 +0200 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dzaporozhets@sphereconsultinginc.com> | 2012-02-16 09:03:55 +0200 |
| commit | 1c62ec09b0fe8d51e9b375714c560eded1b35d51 (patch) | |
| tree | fbca0d0d05935544e3bdf7ef77036d6fbdd30346 | |
| parent | dac7c44ab357d703381c2beafd2e04996794fa45 (diff) | |
| download | gitlab-ce-1c62ec09b0fe8d51e9b375714c560eded1b35d51.tar.gz | |
4 roles permission system
| -rw-r--r-- | app/controllers/projects_controller.rb | 2 | ||||
| -rw-r--r-- | app/models/project.rb | 38 | ||||
| -rw-r--r-- | app/models/repository.rb | 12 | ||||
| -rw-r--r-- | app/models/users_project.rb | 14 | ||||
| -rw-r--r-- | app/views/admin/projects/show.html.haml | 2 | ||||
| -rw-r--r-- | app/views/admin/team_members/_form.html.haml | 4 | ||||
| -rw-r--r-- | app/views/admin/users/show.html.haml | 2 | ||||
| -rw-r--r-- | app/views/help/permissions.html.haml | 6 | ||||
| -rw-r--r-- | app/views/team_members/_form.html.haml | 13 | ||||
| -rw-r--r-- | app/views/team_members/_show.html.haml | 5 | ||||
| -rw-r--r-- | app/views/team_members/show.html.haml | 7 | ||||
| -rw-r--r-- | app/views/widgets/_project_member.html.haml | 1 | ||||
| -rw-r--r-- | db/migrate/20120216085842_move_to_roles_permissions.rb | 18 | ||||
| -rw-r--r-- | db/schema.rb | 15 | ||||
| -rw-r--r-- | spec/models/note_spec.rb | 16 | ||||
| -rw-r--r-- | spec/models/project_security_spec.rb | 10 | ||||
| -rw-r--r-- | spec/requests/projects_security_spec.rb | 6 | ||||
| -rw-r--r-- | spec/requests/team_members_spec.rb | 6 |
18 files changed, 66 insertions, 111 deletions
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 955d863c992..71821080c2c 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -28,7 +28,7 @@ class ProjectsController < ApplicationController Project.transaction do @project.save! - @project.users_projects.create!(:repo_access => Repository::REPO_RW , :project_access => Project::PROJECT_RWA, :user => current_user) + @project.users_projects.create!(:project_access => UsersProject::MASTER, :user => current_user) # when project saved no team member exist so # project repository should be updated after first user add diff --git a/app/models/project.rb b/app/models/project.rb index ac70eedb009..017ef2ce573 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -1,11 +1,6 @@ require "grit" class Project < ActiveRecord::Base - PROJECT_N = 0 - PROJECT_R = 1 - PROJECT_RW = 2 - PROJECT_RWA = 3 - belongs_to :owner, :class_name => "User" has_many :merge_requests, :dependent => :destroy @@ -61,12 +56,7 @@ class Project < ActiveRecord::Base end def self.access_options - { - "Denied" => PROJECT_N, - "Read" => PROJECT_R, - "Report" => PROJECT_RW, - "Admin" => PROJECT_RWA - } + UsersProject.access_roles end def repository @@ -193,11 +183,11 @@ class Project < ActiveRecord::Base # Should be rewrited for new access rights def add_access(user, *access) access = if access.include?(:admin) - { :project_access => PROJECT_RWA } + { :project_access => UsersProject::MASTER } elsif access.include?(:write) - { :project_access => PROJECT_RW } + { :project_access => UsersProject::DEVELOPER } else - { :project_access => PROJECT_R } + { :project_access => UsersProject::GUEST } end opts = { :user => user } opts.merge!(access) @@ -210,48 +200,48 @@ class Project < ActiveRecord::Base def repository_readers keys = Key.joins({:user => :users_projects}). - where("users_projects.project_id = ? AND users_projects.repo_access = ?", id, Repository::REPO_R) + where("users_projects.project_id = ? AND users_projects.project_access = ?", id, UsersProject::REPORTER) keys.map(&:identifier) + deploy_keys.map(&:identifier) end def repository_writers keys = Key.joins({:user => :users_projects}). - where("users_projects.project_id = ? AND users_projects.repo_access = ?", id, Repository::REPO_RW) + where("users_projects.project_id = ? AND users_projects.project_access = ?", id, UsersProject::DEVELOPER) keys.map(&:identifier) end def repository_masters keys = Key.joins({:user => :users_projects}). - where("users_projects.project_id = ? AND users_projects.repo_access = ?", id, Repository::REPO_MASTER) + where("users_projects.project_id = ? AND users_projects.project_access = ?", id, UsersProject::MASTER) keys.map(&:identifier) end def readers - @readers ||= users_projects.includes(:user).where(:project_access => [PROJECT_R, PROJECT_RW, PROJECT_RWA]).map(&:user) + @readers ||= users_projects.includes(:user).map(&:user) end def writers - @writers ||= users_projects.includes(:user).where(:project_access => [PROJECT_RW, PROJECT_RWA]).map(&:user) + @writers ||= users_projects.includes(:user).map(&:user) end def admins - @admins ||= users_projects.includes(:user).where(:project_access => PROJECT_RWA).map(&:user) + @admins ||= users_projects.includes(:user).where(:project_access => UsersProject::MASTER).map(&:user) end def allow_read_for?(user) - !users_projects.where(:user_id => user.id, :project_access => [PROJECT_R, PROJECT_RW, PROJECT_RWA]).empty? + !users_projects.where(:user_id => user.id).empty? end def allow_write_for?(user) - !users_projects.where(:user_id => user.id, :project_access => [PROJECT_RW, PROJECT_RWA]).empty? + !users_projects.where(:user_id => user.id).empty? end def allow_admin_for?(user) - !users_projects.where(:user_id => user.id, :project_access => [PROJECT_RWA]).empty? || owner_id == user.id + !users_projects.where(:user_id => user.id, :project_access => [UsersProject::MASTER]).empty? || owner_id == user.id end def allow_pull_for?(user) - !users_projects.where(:user_id => user.id, :repo_access => [Repository::REPO_R, Repository::REPO_RW, Repository::REPO_MASTER]).empty? + !users_projects.where(:user_id => user.id, :project_access => [UsersProject::REPORTER, UsersProject::DEVELOPER, UsersProject::MASTER]).empty? end def root_ref diff --git a/app/models/repository.rb b/app/models/repository.rb index 3d9ad262390..1e78e588b69 100644 --- a/app/models/repository.rb +++ b/app/models/repository.rb @@ -1,11 +1,6 @@ require File.join(Rails.root, "lib", "gitlabhq", "git_host") class Repository - REPO_N = 0 - REPO_R = 1 - REPO_RW = 2 - REPO_MASTER = 3 - attr_accessor :project def self.default_ref @@ -13,12 +8,7 @@ class Repository end def self.access_options - { - "Denied" => REPO_N, - "Pull" => REPO_R, - "Pull & Push" => REPO_RW, - "Master" => REPO_MASTER - } + {} end def initialize(project) diff --git a/app/models/users_project.rb b/app/models/users_project.rb index 82302b1c100..bc625225bc4 100644 --- a/app/models/users_project.rb +++ b/app/models/users_project.rb @@ -1,7 +1,8 @@ class UsersProject < ActiveRecord::Base - REPORTER = 21 - DEVELOPER = 22 - MASTER = 33 + GUEST = 10 + REPORTER = 20 + DEVELOPER = 30 + MASTER = 40 belongs_to :user belongs_to :project @@ -21,7 +22,6 @@ class UsersProject < ActiveRecord::Base UsersProject.transaction do user_ids.each do |user_id| users_project = UsersProject.new( - :repo_access => repo_access, :project_access => project_access, :user_id => user_id ) @@ -35,7 +35,6 @@ class UsersProject < ActiveRecord::Base UsersProject.transaction do project_ids.each do |project_id| users_project = UsersProject.new( - :repo_access => repo_access, :project_access => project_access, ) users_project.project_id = project_id @@ -47,6 +46,7 @@ class UsersProject < ActiveRecord::Base def self.access_roles { + "Guest" => GUEST, "Reporter" => REPORTER, "Developer" => DEVELOPER, "Master" => MASTER @@ -54,7 +54,7 @@ class UsersProject < ActiveRecord::Base end def role_access - "#{project_access}#{repo_access}" + project_access end def update_repository @@ -68,7 +68,7 @@ class UsersProject < ActiveRecord::Base end def repo_access_human - Repository.access_options.key(self.repo_access) + "" end end # == Schema Information diff --git a/app/views/admin/projects/show.html.haml b/app/views/admin/projects/show.html.haml index 55610fa64e7..5142dac55c4 100644 --- a/app/views/admin/projects/show.html.haml +++ b/app/views/admin/projects/show.html.haml @@ -53,7 +53,6 @@ %td = link_to tm.user_name, admin_users_path(tm.user) %td= select_tag :tm_project_access, options_for_select(Project.access_options, tm.project_access), :class => "medium project-access-select", :disabled => :disabled - %td= select_tag :tm_repo_access, options_for_select(Repository.access_options, tm.repo_access), :class => "medium repo-access-select", :disabled => :disabled %td= link_to 'Edit Access', edit_admin_team_member_path(tm), :class => "btn small" %td= link_to 'Remove from team', admin_team_member_path(tm), :confirm => 'Are you sure?', :method => :delete, :class => "btn danger small" @@ -68,7 +67,6 @@ %tr %td= select_tag :user_ids, options_from_collection_for_select(@users , :id, :name), :multiple => true %td= select_tag :project_access, options_for_select(Project.access_options), :class => "project-access-select" - %td= select_tag :repo_access, options_for_select(Repository.access_options), :class => "repo-access-select" .actions = submit_tag 'Add', :class => "btn primary" diff --git a/app/views/admin/team_members/_form.html.haml b/app/views/admin/team_members/_form.html.haml index 6929ade8c0e..0bf9020f748 100644 --- a/app/views/admin/team_members/_form.html.haml +++ b/app/views/admin/team_members/_form.html.haml @@ -10,10 +10,6 @@ .input = f.select :project_access, options_for_select(Project.access_options, @admin_team_member.project_access), {}, :class => "project-access-select" - .clearfix - %label Repository Access: - .input - = f.select :repo_access, options_for_select(Repository.access_options, @admin_team_member.repo_access), {}, :class => "repo-access-select" %br .actions = f.submit 'Save', :class => "btn primary" diff --git a/app/views/admin/users/show.html.haml b/app/views/admin/users/show.html.haml index cf86fb12112..21529ab6305 100644 --- a/app/views/admin/users/show.html.haml +++ b/app/views/admin/users/show.html.haml @@ -61,7 +61,6 @@ %tr %td= link_to project.name, admin_project_path(project) %td= select_tag :tm_project_access, options_for_select(Project.access_options, tm.project_access), :class => "medium project-access-select", :disabled => :disabled - %td= select_tag :tm_repo_access, options_for_select(Repository.access_options, tm.repo_access), :class => "medium repo-access-select", :disabled => :disabled %td= link_to 'Edit Access', edit_admin_team_member_path(tm), :class => "btn small" %td= link_to 'Remove from team', admin_team_member_path(tm), :confirm => 'Are you sure?', :method => :delete, :class => "btn small danger" @@ -76,7 +75,6 @@ %tr %td= select_tag :project_ids, options_from_collection_for_select(@projects , :id, :name), :multiple => true %td= select_tag :project_access, options_for_select(Project.access_options), :class => "project-access-select" - %td= select_tag :repo_access, options_for_select(Repository.access_options), :class => "repo-access-select" .actions = submit_tag 'Add', :class => "btn primary" diff --git a/app/views/help/permissions.html.haml b/app/views/help/permissions.html.haml index 1e54a91dcd2..e652417e0ef 100644 --- a/app/views/help/permissions.html.haml +++ b/app/views/help/permissions.html.haml @@ -3,6 +3,12 @@ %h4 Reporter %ul + %li Create new issue + %li Create new merge request + %li Write on project wall + +%h4 Reporter +%ul %li Pull project code %li Create new issue %li Create new merge request diff --git a/app/views/team_members/_form.html.haml b/app/views/team_members/_form.html.haml index bc4ee353b77..281776de036 100644 --- a/app/views/team_members/_form.html.haml +++ b/app/views/team_members/_form.html.haml @@ -14,18 +14,9 @@ .clearfix = f.label :project_access, "Project Access" - .input= f.select :_project_access, options_for_select(UsersProject.access_roles, @team_member.role_access), {}, :class => "project-access-select" - + .input= f.select :project_access, options_for_select(Project.access_options, @team_member.project_access), {}, :class => "project-access-select" - -#.clearfix - -#= f.label :project_access, "Project Access" - -#.input= f.select :project_access, options_for_select(Project.access_options, @team_member.project_access), {}, :class => "project-access-select" - - -#.clearfix - -#= f.label :repo_access, "Repository Access" - -#.input= f.select :repo_access, options_for_select(Repository.access_options, @team_member.repo_access), {}, :class => "repo-access-select" - .actions = f.submit 'Save', :class => "btn primary" = link_to "Cancel", team_project_path(@project), :class => "btn" @@ -37,6 +28,6 @@ :javascript $('select#team_member_user_id').chosen(); - $('select#team_member__project_access').chosen(); + $('select#team_member_project_access').chosen(); //$('select#team_member_repo_access').chosen(); //$('select#team_member_project_access').chosen(); diff --git a/app/views/team_members/_show.html.haml b/app/views/team_members/_show.html.haml index 90a5de602e6..febdef1dd58 100644 --- a/app/views/team_members/_show.html.haml +++ b/app/views/team_members/_show.html.haml @@ -11,9 +11,6 @@ .span3 = form_for(member, :as => :team_member, :url => project_team_member_path(@project, member)) do |f| - = f.select :_project_access, options_for_select(UsersProject.access_roles, member.role_access), {}, :class => "medium project-access-select", :disabled => !allow_admin - -#.span3 - -#= form_for(member, :as => :team_member, :url => project_team_member_path(@project, member)) do |f| - -#= f.select :repo_access, options_for_select(Repository.access_options, member.repo_access), {}, :class => "medium repo-access-select", :disabled => !allow_admin + = f.select :project_access, options_for_select(UsersProject.access_roles, member.project_access), {}, :class => "medium project-access-select", :disabled => !allow_admin - if @project.owner == user %span.label Project Owner diff --git a/app/views/team_members/show.html.haml b/app/views/team_members/show.html.haml index 3712819aace..57f00ea10e0 100644 --- a/app/views/team_members/show.html.haml +++ b/app/views/team_members/show.html.haml @@ -28,13 +28,6 @@ = form_for(@team_member, :as => :team_member, :url => project_team_member_path(@project, @team_member)) do |f| = f.select :project_access, options_for_select(Project.access_options, @team_member.project_access), {}, :class => "project-access-select", :disabled => !allow_admin - %tr - %td Repository Access - %td - = form_for(@team_member, :as => :team_member, :url => project_team_member_path(@project, @team_member)) do |f| - = f.select :repo_access, options_for_select(Repository.access_options, @team_member.repo_access), {}, :class => "repo-access-select", :disabled => !allow_admin - - - unless user.skype.empty? %tr %td Skype: diff --git a/app/views/widgets/_project_member.html.haml b/app/views/widgets/_project_member.html.haml index 0380033d1d7..ac217b379a0 100644 --- a/app/views/widgets/_project_member.html.haml +++ b/app/views/widgets/_project_member.html.haml @@ -13,7 +13,6 @@ .span3 %span.label= member.project_access_human - %span.label= member.repo_access_human - if can? current_user, :write_project, @project - if @project.issues_enabled && @project.merge_requests_enabled diff --git a/db/migrate/20120216085842_move_to_roles_permissions.rb b/db/migrate/20120216085842_move_to_roles_permissions.rb new file mode 100644 index 00000000000..21679f11d88 --- /dev/null +++ b/db/migrate/20120216085842_move_to_roles_permissions.rb @@ -0,0 +1,18 @@ +class MoveToRolesPermissions < ActiveRecord::Migration + def up + repo_n = 0 + repo_r = 1 + repo_rw = 2 + project_rwa = 3 + + UsersProject.update_all ["project_access = ?", UsersProject::MASTER], ["project_access = ?", project_rwa] + UsersProject.update_all ["project_access = ?", UsersProject::DEVELOPER], ["repo_access = ?", repo_rw] + UsersProject.update_all ["project_access = ?", UsersProject::REPORTER], ["repo_access = ?", repo_r] + UsersProject.update_all ["project_access = ?", UsersProject::GUEST], ["repo_access = ?", repo_n] + + remove_column :users_projects, :repo_access + end + + def down + end +end diff --git a/db/schema.rb b/db/schema.rb index f7006c4c9c2..0ec8cfafc50 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,19 +11,7 @@ # # It's strongly recommended to check this file into your version control system. -ActiveRecord::Schema.define(:version => 20120215182305) do - - create_table "features", :force => true do |t| - t.string "name" - t.string "branch_name" - t.integer "assignee_id" - t.integer "author_id" - t.integer "project_id" - t.datetime "created_at" - t.datetime "updated_at" - t.string "version" - t.integer "status", :default => 0, :null => false - end +ActiveRecord::Schema.define(:version => 20120216085842) do create_table "issues", :force => true do |t| t.string "title" @@ -160,7 +148,6 @@ ActiveRecord::Schema.define(:version => 20120215182305) do t.integer "project_id", :null => false t.datetime "created_at" t.datetime "updated_at" - t.integer "repo_access", :default => 0, :null => false t.integer "project_access", :default => 0, :null => false end diff --git a/spec/models/note_spec.rb b/spec/models/note_spec.rb index 44a0ee1940a..70eba5cc194 100644 --- a/spec/models/note_spec.rb +++ b/spec/models/note_spec.rb @@ -64,9 +64,8 @@ describe Note do describe :read do before do - @p1.users_projects.create(:user => @u1, :project_access => Project::PROJECT_N) - @p1.users_projects.create(:user => @u2, :project_access => Project::PROJECT_R) - @p2.users_projects.create(:user => @u3, :project_access => Project::PROJECT_R) + @p1.users_projects.create(:user => @u2, :project_access => UsersProject::GUEST) + @p2.users_projects.create(:user => @u3, :project_access => UsersProject::GUEST) end it { @abilities.allowed?(@u1, :read_note, @p1).should be_false } @@ -76,9 +75,8 @@ describe Note do describe :write do before do - @p1.users_projects.create(:user => @u1, :project_access => Project::PROJECT_R) - @p1.users_projects.create(:user => @u2, :project_access => Project::PROJECT_RW) - @p2.users_projects.create(:user => @u3, :project_access => Project::PROJECT_RW) + @p1.users_projects.create(:user => @u2, :project_access => UsersProject::DEVELOPER) + @p2.users_projects.create(:user => @u3, :project_access => UsersProject::DEVELOPER) end it { @abilities.allowed?(@u1, :write_note, @p1).should be_false } @@ -88,9 +86,9 @@ describe Note do describe :admin do before do - @p1.users_projects.create(:user => @u1, :project_access => Project::PROJECT_R) - @p1.users_projects.create(:user => @u2, :project_access => Project::PROJECT_RWA) - @p2.users_projects.create(:user => @u3, :project_access => Project::PROJECT_RWA) + @p1.users_projects.create(:user => @u1, :project_access => UsersProject::REPORTER) + @p1.users_projects.create(:user => @u2, :project_access => UsersProject::MASTER) + @p2.users_projects.create(:user => @u3, :project_access => UsersProject::MASTER) end it { @abilities.allowed?(@u1, :admin_note, @p1).should be_false } diff --git a/spec/models/project_security_spec.rb b/spec/models/project_security_spec.rb index 1899e8aa9ee..bd697af9652 100644 --- a/spec/models/project_security_spec.rb +++ b/spec/models/project_security_spec.rb @@ -12,8 +12,7 @@ describe Project do describe "read access" do before do - @p1.users_projects.create(:project => @p1, :user => @u1, :project_access => Project::PROJECT_N) - @p1.users_projects.create(:project => @p1, :user => @u2, :project_access => Project::PROJECT_R) + @p1.users_projects.create(:project => @p1, :user => @u2, :project_access => UsersProject::REPORTER) end it { @abilities.allowed?(@u1, :read_project, @p1).should be_false } @@ -22,8 +21,7 @@ describe Project do describe "write access" do before do - @p1.users_projects.create(:project => @p1, :user => @u1, :project_access => Project::PROJECT_R) - @p1.users_projects.create(:project => @p1, :user => @u2, :project_access => Project::PROJECT_RW) + @p1.users_projects.create(:project => @p1, :user => @u2, :project_access => UsersProject::DEVELOPER) end it { @abilities.allowed?(@u1, :write_project, @p1).should be_false } @@ -32,8 +30,8 @@ describe Project do describe "admin access" do before do - @p1.users_projects.create(:project => @p1, :user => @u1, :project_access => Project::PROJECT_RW) - @p1.users_projects.create(:project => @p1, :user => @u2, :project_access => Project::PROJECT_RWA) + @p1.users_projects.create(:project => @p1, :user => @u1, :project_access => UsersProject::DEVELOPER) + @p1.users_projects.create(:project => @p1, :user => @u2, :project_access => UsersProject::MASTER) end it { @abilities.allowed?(@u1, :admin_project, @p1).should be_false } diff --git a/spec/requests/projects_security_spec.rb b/spec/requests/projects_security_spec.rb index f8942978a46..cf97716cc59 100644 --- a/spec/requests/projects_security_spec.rb +++ b/spec/requests/projects_security_spec.rb @@ -20,11 +20,9 @@ describe "Projects" do @u2 = Factory :user @u3 = Factory :user # full access - @project.users_projects.create(:user => @u1, :project_access => Project::PROJECT_RWA) - # no access - @project.users_projects.create(:user => @u2, :project_access => Project::PROJECT_N) + @project.users_projects.create(:user => @u1, :project_access => UsersProject::MASTER) # readonly - @project.users_projects.create(:user => @u3, :project_access => Project::PROJECT_R) + @project.users_projects.create(:user => @u3, :project_access => UsersProject::REPORTER) end describe "GET /project_code" do diff --git a/spec/requests/team_members_spec.rb b/spec/requests/team_members_spec.rb index a243ca81c7b..78385725639 100644 --- a/spec/requests/team_members_spec.rb +++ b/spec/requests/team_members_spec.rb @@ -31,8 +31,7 @@ describe "TeamMembers" do before do within "#new_team_member" do select @user_1.name, :from => "team_member_user_id" - select "Report", :from => "team_member_project_access" - select "Pull", :from => "team_member_repo_access" + select "Reporter", :from => "team_member_project_access" end end @@ -45,8 +44,7 @@ describe "TeamMembers" do page.should have_content @user_1.name @member.reload - @member.project_access.should == Project::PROJECT_RW - @member.repo_access.should == Repository::REPO_R + @member.project_access.should == UsersProject::REPORTER end end end |