summaryrefslogtreecommitdiff
path: root/app/services/groups
diff options
context:
space:
mode:
authorRuben Davila <rdavila84@gmail.com>2017-09-07 13:35:45 -0500
committerRuben Davila <rdavila84@gmail.com>2017-09-07 13:47:58 -0500
commit62bb6235c229a869052180f9709c4801116f02cc (patch)
treea28626180edfe5f8abef6e5e2e44a2128c636f49 /app/services/groups
parentbc955cfc8e75e17897ab25717176209fefbba915 (diff)
downloadgitlab-ce-62bb6235c229a869052180f9709c4801116f02cc.tar.gz
Make Members with Owner and Master roles always able to create subgroups30473-allow-creation-of-subgroups-with-gitlab_default_can_create_group-set-to-false
Diffstat (limited to 'app/services/groups')
-rw-r--r--app/services/groups/create_service.rb38
1 files changed, 29 insertions, 9 deletions
diff --git a/app/services/groups/create_service.rb b/app/services/groups/create_service.rb
index c7c27621085..70e50aa0f12 100644
--- a/app/services/groups/create_service.rb
+++ b/app/services/groups/create_service.rb
@@ -8,15 +8,7 @@ module Groups
def execute
@group = Group.new(params)
- unless Gitlab::VisibilityLevel.allowed_for?(current_user, params[:visibility_level])
- deny_visibility_level(@group)
- return @group
- end
-
- if @group.parent && !can?(current_user, :create_subgroup, @group.parent)
- @group.parent = nil
- @group.errors.add(:parent_id, 'You don’t have permission to create a subgroup in this group.')
-
+ unless can_use_visibility_level? && can_create_group?
return @group
end
@@ -39,5 +31,33 @@ module Groups
def create_chat_team?
Gitlab.config.mattermost.enabled && @chat_team && group.chat_team.nil?
end
+
+ def can_create_group?
+ if @group.subgroup?
+ unless can?(current_user, :create_subgroup, @group.parent)
+ @group.parent = nil
+ @group.errors.add(:parent_id, 'You don’t have permission to create a subgroup in this group.')
+
+ return false
+ end
+ else
+ unless can?(current_user, :create_group)
+ @group.errors.add(:base, 'You don’t have permission to create groups.')
+
+ return false
+ end
+ end
+
+ true
+ end
+
+ def can_use_visibility_level?
+ unless Gitlab::VisibilityLevel.allowed_for?(current_user, params[:visibility_level])
+ deny_visibility_level(@group)
+ return false
+ end
+
+ true
+ end
end
end