Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce

author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2015-04-15 15:41:36 +0300
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2015-04-15 15:41:36 +0300
commit: cc41381be4ee437c20218acc0e9a856d2c529d96 (patch)
tree: 890423b81388d75d670af102eb77821af4673f35 /app/controllers
parent: 4c26bcbec810e9a621fcf02601189973a50caf76 (diff)
parent: 345e32d332fd06e3c99b21660d3bf2939ba62ce5 (diff)
download: gitlab-ce-cc41381be4ee437c20218acc0e9a856d2c529d96.tar.gz
8 files changed, 128 insertions, 20 deletions
diff --git a/app/controllers/admin/groups_controller.rb b/app/controllers/admin/groups_controller.rb
index 9d9adaa467f..22d045fc388 100644
--- a/app/controllers/admin/groups_controller.rb
+++ b/app/controllers/admin/groups_controller.rb
@@ -41,7 +41,7 @@ class Admin::GroupsController < Admin::ApplicationController
   end
 
   def members_update
-    @group.add_users(params[:user_ids].split(','), params[:access_level])
+    @group.add_users(params[:user_ids].split(','), params[:access_level], current_user)
 
     redirect_to [:admin, @group], notice: 'Users were successfully added.'
   end
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 0521a9ef8cf..920a981e7c9 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -126,7 +126,7 @@ class ApplicationController < ActionController::Base
 
   def repository
     @repository ||= project.repository
-  rescue Grit::NoSuchPathError(e)
+  rescue Grit::NoSuchPathError => e
     log_exception(e)
     nil
   end
diff --git a/app/controllers/confirmations_controller.rb b/app/controllers/confirmations_controller.rb
index bc98eab133c..af1faca93f6 100644
--- a/app/controllers/confirmations_controller.rb
+++ b/app/controllers/confirmations_controller.rb
@@ -4,11 +4,11 @@ class ConfirmationsController < Devise::ConfirmationsController
 
   def after_confirmation_path_for(resource_name, resource)
     if signed_in?(resource_name)
-      signed_in_root_path(resource)
+      after_sign_in_path_for(resource)
     else
       sign_in(resource)
       if signed_in?(resource_name)
-        signed_in_root_path(resource)
+        after_sign_in_path_for(resource)
       else
         new_session_path(resource_name)
       end
diff --git a/app/controllers/groups/application_controller.rb b/app/controllers/groups/application_controller.rb
index a73b8fa212a..469a6813ee2 100644
--- a/app/controllers/groups/application_controller.rb
+++ b/app/controllers/groups/application_controller.rb
@@ -13,7 +13,7 @@ class Groups::ApplicationController < ApplicationController
   end
   
   def authorize_admin_group!
-    unless can?(current_user, :manage_group, group)
+    unless can?(current_user, :admin_group, group)
       return render_404
     end
   end
diff --git a/app/controllers/groups/group_members_controller.rb b/app/controllers/groups/group_members_controller.rb
index 2df51c97a22..265cf4f0f4a 100644
--- a/app/controllers/groups/group_members_controller.rb
+++ b/app/controllers/groups/group_members_controller.rb
@@ -11,6 +11,7 @@ class Groups::GroupMembersController < Groups::ApplicationController
   def index
     @project = @group.projects.find(params[:project_id]) if params[:project_id]
     @members = @group.group_members
+    @members = @members.non_invite unless can?(current_user, :admin_group, @group)
 
     if params[:search].present?
       users = @group.users.search(params[:search]).to_a
@@ -22,7 +23,7 @@ class Groups::GroupMembersController < Groups::ApplicationController
   end
 
   def create
-    @group.add_users(params[:user_ids].split(','), params[:access_level])
+    @group.add_users(params[:user_ids].split(','), params[:access_level], current_user)
 
     redirect_to group_group_members_path(@group), notice: 'Users were successfully added.'
   end
@@ -38,7 +39,7 @@ class Groups::GroupMembersController < Groups::ApplicationController
     if can?(current_user, :destroy_group_member, @group_member)  # May fail if last owner.
       @group_member.destroy
       respond_to do |format|
-        format.html { redirect_to group_group_members_path(@group), notice: 'User was  successfully removed from group.' }
+        format.html { redirect_to group_group_members_path(@group), notice: 'User was successfully removed from group.' }
         format.js { render nothing: true }
       end
     else
@@ -46,12 +47,26 @@ class Groups::GroupMembersController < Groups::ApplicationController
     end
   end
 
+  def resend_invite
+    redirect_path = group_group_members_path(@group)
+    
+    @group_member = @group.group_members.find(params[:id])
+
+    if @group_member.invite?
+      @group_member.resend_invite
+
+      redirect_to redirect_path, notice: 'The invitation was successfully resent.'
+    else
+      redirect_to redirect_path, alert: 'The invitation has already been accepted.'
+    end
+  end
+
   def leave
     @group_member = @group.group_members.where(user_id: current_user.id).first
     
     if can?(current_user, :destroy_group_member, @group_member)
       @group_member.destroy
-      redirect_to(dashboard_groups_path, info: "You left #{group.name} group.")
+      redirect_to(dashboard_groups_path, notice: "You left #{group.name} group.")
     else
       return render_403
     end
diff --git a/app/controllers/groups/milestones_controller.rb b/app/controllers/groups/milestones_controller.rb
index c46b8fff88f..546ff2cc71f 100644
--- a/app/controllers/groups/milestones_controller.rb
+++ b/app/controllers/groups/milestones_controller.rb
@@ -51,6 +51,6 @@ class Groups::MilestonesController < ApplicationController
   end
 
   def authorize_group_milestone!
-    return render_404 unless can?(current_user, :manage_group, group)
+    return render_404 unless can?(current_user, :admin_group, group)
   end
 end
diff --git a/app/controllers/invites_controller.rb b/app/controllers/invites_controller.rb
new file mode 100644
index 00000000000..1f97ff16c55
--- /dev/null
+++ b/app/controllers/invites_controller.rb
@@ -0,0 +1,83 @@
+class InvitesController < ApplicationController
+  before_filter :member
+  skip_before_filter :authenticate_user!, only: :decline
+
+  respond_to :html
+
+  layout 'navless'
+
+  def show
+
+  end
+
+  def accept
+    if member.accept_invite!(current_user)
+      label, path = source_info(member.source)
+
+      redirect_to path, notice: "You have been granted #{member.human_access} access to #{label}."
+    else
+      redirect_to :back, alert: "The invitation could not be accepted."
+    end
+  end
+
+  def decline
+    if member.decline_invite!
+      label, _ = source_info(member.source)
+
+      path = 
+        if current_user
+          dashboard_path
+        else
+          new_user_session_path
+        end
+
+      redirect_to path, notice: "You have declined the invitation to join #{label}."
+    else
+      redirect_to :back, alert: "The invitation could not be declined."
+    end
+  end
+
+  private
+
+  def member
+    return @member if defined?(@member)
+    
+    @token = params[:id]
+    @member = Member.find_by_invite_token(@token)
+
+    unless @member
+      render_404 and return
+    end
+
+    @member
+  end
+
+  def authenticate_user!
+    return if current_user
+
+    notice = "To accept this invitation, sign in"
+    notice << " or create an account" if current_application_settings.signup_enabled?
+    notice << "."
+
+    store_location_for :user, request.fullpath
+    redirect_to new_user_session_path, notice: notice
+  end
+
+  def source_info(source)
+    case source
+    when Project
+      project = member.source
+      label = "project #{project.name_with_namespace}"
+      path = namespace_project_path(project.namespace, project)
+    when Group
+      group = member.source
+      label = "group #{group.name}"
+      path = group_path(group)
+    else
+      label = "who knows what"
+      path = dashboard_path
+    end
+
+    [label, path]
+  end
+end
diff --git a/app/controllers/projects/project_members_controller.rb b/app/controllers/projects/project_members_controller.rb
index 4ab15db01f7..72967a26ff1 100644
--- a/app/controllers/projects/project_members_controller.rb
+++ b/app/controllers/projects/project_members_controller.rb
@@ -6,6 +6,7 @@ class Projects::ProjectMembersController < Projects::ApplicationController
 
   def index
     @project_members = @project.project_members
+    @project_members = @project_members.non_invite unless can?(current_user, :admin_project, @project)
 
     if params[:search].present?
       users = @project.users.search(params[:search]).to_a
@@ -17,6 +18,7 @@ class Projects::ProjectMembersController < Projects::ApplicationController
     @group = @project.group
     if @group
       @group_members = @group.group_members
+      @group_members = @group_members.non_invite unless can?(current_user, :admin_group, @group)
 
       if params[:search].present?
         users = @group.users.search(params[:search]).to_a
@@ -34,30 +36,42 @@ class Projects::ProjectMembersController < Projects::ApplicationController
   end
 
   def create
-    users = User.where(id: params[:user_ids].split(','))
-    @project.team << [users, params[:access_level]]
+    @project.team.add_users(params[:user_ids].split(','), params[:access_level], current_user)
 
     redirect_to namespace_project_project_members_path(@project.namespace, @project)
   end
 
   def update
-    @project_member = @project.project_members.find_by(user_id: member)
+    @project_member = @project.project_members.find(params[:id])
     @project_member.update_attributes(member_params)
   end
 
   def destroy
-    @project_member = @project.project_members.find_by(user_id: member)
+    @project_member = @project.project_members.find(params[:id])
     @project_member.destroy
 
     respond_to do |format|
       format.html do
-        redirect_to namespace_project_project_members_path(@project.namespace,
-                                                      @project)
+        redirect_to namespace_project_project_members_path(@project.namespace, @project)
       end
       format.js { render nothing: true }
     end
   end
 
+  def resend_invite
+    redirect_path = namespace_project_project_members_path(@project.namespace, @project)
+
+    @project_member = @project.project_members.find(params[:id])
+    
+    if @project_member.invite?
+      @project_member.resend_invite
+
+      redirect_to redirect_path, notice: 'The invitation was successfully resent.'
+    else
+      redirect_to redirect_path, alert: 'The invitation has already been accepted.'
+    end
+  end
+
   def leave
     @project.project_members.find_by(user_id: current_user).destroy
 
@@ -69,7 +83,7 @@ class Projects::ProjectMembersController < Projects::ApplicationController
 
   def apply_import
     giver = Project.find(params[:source_project_id])
-    status = @project.team.import(giver)
+    status = @project.team.import(giver, current_user)
     notice = status ? "Successfully imported" : "Import failed"
 
     redirect_to(namespace_project_project_members_path(project.namespace, project),
@@ -78,10 +92,6 @@ class Projects::ProjectMembersController < Projects::ApplicationController
 
   protected
 
-  def member
-    @member ||= User.find_by(username: params[:id])
-  end
-
   def member_params
     params.require(:project_member).permit(:user_id, :access_level)
   end
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2015-04-15 15:41:36 +0300
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2015-04-15 15:41:36 +0300
commit	cc41381be4ee437c20218acc0e9a856d2c529d96 (patch)
tree	890423b81388d75d670af102eb77821af4673f35 /app/controllers
parent	4c26bcbec810e9a621fcf02601189973a50caf76 (diff)
parent	345e32d332fd06e3c99b21660d3bf2939ba62ce5 (diff)
download	gitlab-ce-cc41381be4ee437c20218acc0e9a856d2c529d96.tar.gz