Refactor abilities. Added ProjectUpdate context. Fixed few bugs with namespaces

author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2012-11-29 07:29:11 +0300
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2012-11-29 12:39:03 +0200
commit: eb1004f7890d25a86beb0ca0a7eca802d9fce665 (patch)
tree: 94cb713c0628542e646aad323be4d88fb1c356e3 /app/models
parent: a1ffc673b95f4d0e2316d461f1364fa1ee08e9d2 (diff)
download: gitlab-ce-eb1004f7890d25a86beb0ca0a7eca802d9fce665.tar.gz
5 files changed, 68 insertions, 21 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb
index e55e7709372..96d3ac6dd51 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -15,7 +15,37 @@ class Ability
     def project_abilities(user, project)
       rules = []
 
-      rules << [
+      # Rules based on role in project
+      if project.master_access_for?(user)
+        # TODO: replace with master rules.
+        # Only allow project administration for owners
+        rules << project_admin_rules
+
+      elsif project.dev_access_for?(user)
+        rules << project_dev_rules
+
+      elsif project.report_access_for?(user)
+        rules << project_report_rules
+
+      elsif project.guest_access_for?(user)
+        rules << project_guest_rules
+      end
+
+      # If user own project namespace (Ex. group owner or account owner)
+      if project.namespace && project.namespace.owner == user
+        rules << project_admin_rules
+      end
+
+      # If user was set as direct project owner
+      if project.owner == user
+        rules << project_admin_rules
+      end
+
+      rules.flatten
+    end
+
+    def project_guest_rules
+      [
         :read_project,
         :read_wiki,
         :read_issue,
@@ -27,28 +57,30 @@ class Ability
         :write_project,
         :write_issue,
         :write_note
-      ] if project.guest_access_for?(user)
+      ]
+    end
 
-      rules << [
+    def project_report_rules
+      project_guest_rules + [
         :download_code,
         :write_merge_request,
         :write_snippet
-      ] if project.report_access_for?(user)
+      ]
+    end
 
-      rules << [
+    def project_dev_rules
+      project_report_rules + [
         :write_wiki,
         :push_code
-      ] if project.dev_access_for?(user)
-
-      rules << [
-        :push_code_to_protected_branches
-      ] if project.master_access_for?(user)
+      ]
+    end
 
-      rules << [
+    def project_master_rules
+      project_dev_rules + [
+        :push_code_to_protected_branches,
         :modify_issue,
         :modify_snippet,
         :modify_merge_request,
-        :admin_project,
         :admin_issue,
         :admin_milestone,
         :admin_snippet,
@@ -57,9 +89,13 @@ class Ability
         :admin_note,
         :accept_mr,
         :admin_wiki
-      ] if project.master_access_for?(user) || project.owner == user
+      ]
+    end
 
-      rules.flatten
+    def project_admin_rules
+      project_master_rules + [
+        :admin_project
+      ]
     end
 
     def group_abilities user, group
diff --git a/app/models/group.rb b/app/models/group.rb
index 66267c56957..b668f5560ab 100644
--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -13,7 +13,9 @@
 
 class Group < Namespace
   def users
-    User.joins(:users_projects).where(users_projects: {project_id: project_ids}).uniq
+    users = User.joins(:users_projects).where(users_projects: {project_id: project_ids})
+    users = users << owner
+    users.uniq
   end
 
   def human_name
diff --git a/app/models/namespace.rb b/app/models/namespace.rb
index 5762bfc57cb..e1c24de949a 100644
--- a/app/models/namespace.rb
+++ b/app/models/namespace.rb
@@ -53,12 +53,14 @@ class Namespace < ActiveRecord::Base
   end
 
   def move_dir
-    old_path = File.join(Gitlab.config.git_base_path, path_was)
-    new_path = File.join(Gitlab.config.git_base_path, path)
-    if File.exists?(new_path)
-      raise "Already exists"
+    if path_changed?
+      old_path = File.join(Gitlab.config.git_base_path, path_was)
+      new_path = File.join(Gitlab.config.git_base_path, path)
+      if File.exists?(new_path)
+        raise "Already exists"
+      end
+      system("mv #{old_path} #{new_path}")
     end
-    system("mv #{old_path} #{new_path}")
   end
 
   def rm_dir
diff --git a/app/models/project.rb b/app/models/project.rb
index 0c74c0bd878..8df662db9a0 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -29,7 +29,7 @@ class Project < ActiveRecord::Base
   attr_accessible :name, :path, :description, :default_branch, :issues_enabled,
                   :wall_enabled, :merge_requests_enabled, :wiki_enabled, as: [:default, :admin]
 
-  attr_accessible :namespace_id, as: :admin
+  attr_accessible :namespace_id, :owner_id, as: :admin
 
   attr_accessor :error_code
 
diff --git a/app/models/user.rb b/app/models/user.rb
index 43163404e85..d43e3cbb6b6 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -123,4 +123,11 @@ class User < ActiveRecord::Base
       self.password = self.password_confirmation = Devise.friendly_token.first(8)
     end
   end
+
+  def accessed_groups
+    @accessed_groups ||= begin
+                           groups = Group.where(id: self.projects.pluck(:namespace_id)).all
+                           groups + self.groups
+                         end
+  end
 end
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2012-11-29 07:29:11 +0300
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2012-11-29 12:39:03 +0200
commit	eb1004f7890d25a86beb0ca0a7eca802d9fce665 (patch)
tree	94cb713c0628542e646aad323be4d88fb1c356e3 /app/models
parent	a1ffc673b95f4d0e2316d461f1364fa1ee08e9d2 (diff)
download	gitlab-ce-eb1004f7890d25a86beb0ca0a7eca802d9fce665.tar.gz