diff options
author | Douwe Maan <douwe@selenight.nl> | 2016-03-20 21:03:53 +0100 |
---|---|---|
committer | Douwe Maan <douwe@selenight.nl> | 2016-03-20 21:04:07 +0100 |
commit | 8db1292139cfdac4c29c03b876b68b9e752cf75a (patch) | |
tree | 2fcf67ada482ecf4ac90f39c858334a62b709618 /app/models/ability.rb | |
parent | 2eb19ea3ea36916bbea72a8ccab3e6d15f602ac9 (diff) | |
download | gitlab-ce-8db1292139cfdac4c29c03b876b68b9e752cf75a.tar.gz |
Tweaks, refactoring, and specs
Diffstat (limited to 'app/models/ability.rb')
-rw-r--r-- | app/models/ability.rb | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb index 88d7ecf3a16..de9253fcdd8 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -114,6 +114,13 @@ class Ability # Push abilities on the users team role rules.push(*project_team_rules(project.team, user)) + if project.owner == user || + (project.group && project.group.has_owner?(user)) || + user.admin? + + rules.push(*project_owner_rules) + end + if project.public? || (project.internal? && !user.external?) rules.push(*public_project_rules) @@ -121,14 +128,6 @@ class Ability rules << :read_build if project.public_builds? end - if project.owner == user || user.admin? - rules.push(*project_admin_rules) - end - - if project.group && project.group.has_owner?(user) - rules.push(*project_admin_rules) - end - if project.archived? rules -= project_archived_rules end @@ -228,8 +227,8 @@ class Ability ] end - def project_admin_rules - @project_admin_rules ||= project_master_rules + [ + def project_owner_rules + @project_owner_rules ||= project_master_rules + [ :change_namespace, :change_visibility_level, :rename_project, @@ -275,7 +274,7 @@ class Ability rules << :read_group if can_read_group?(user, group) - # Only group masters and group owners can create new projects and change permission level + # Only group masters and group owners can create new projects if group.has_master?(user) || group.has_owner?(user) || user.admin? rules += [ :create_projects, @@ -298,7 +297,7 @@ class Ability def can_read_group?(user, group) user.admin? || group.public? || (group.internal? && !user.external?) || group.users.include?(user) || - ProjectsFinder.new.execute(user, group: group).any? + GroupProjectsFinder.new(group).execute(user).any? end def namespace_abilities(user, namespace) |