Only owner can remove project

6 files changed, 13 insertions, 5 deletions

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 5735c1d2916..75cd8f15605 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -112,6 +112,10 @@ class ApplicationController < ActionController::Base
     render file: Rails.root.join("public", "404"), layout: false, status: "404"
   end
 
+  def render_403
+    render file: Rails.root.join("public", "403"), layout: false, status: "403"
+  end
+
   def require_non_empty_project
     redirect_to @project if @project.empty_repo?
   end
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index a6e7f1f93fb..272a6e95411 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -89,6 +89,8 @@ class ProjectsController < ProjectResourceController
   end
 
   def destroy
+    return access_denied! unless can?(current_user, :remove_project, project)
+
     # Disable the UsersProject update_repository call, otherwise it will be
     # called once for every person removed from the project
     UsersProject.skip_callback(:destroy, :after, :update_repository)
diff --git a/app/views/help/permissions.html.haml b/app/views/help/permissions.html.haml
index cf8ce9c5560..c9ec701add7 100644
--- a/app/views/help/permissions.html.haml
+++ b/app/views/help/permissions.html.haml
@@ -66,3 +66,4 @@
   %legend Owner
   %ul
     %li Transfer project to another namespace
+    %li Remove project
diff --git a/app/views/projects/_form.html.haml b/app/views/projects/_form.html.haml
index 879f1073f01..448293ca080 100644
--- a/app/views/projects/_form.html.haml
+++ b/app/views/projects/_form.html.haml
@@ -26,7 +26,7 @@
           &nbsp;
           %span.cred Be careful. Changing project namespace can have unintended side effects
         - else
-          %a.btn.btn-small.disabled= @project.namespace.try(:human_name) || "/"
+          %a.btn.disabled= @project.namespace.try(:human_name) || "/"
           &nbsp;
           %span.cred Only owner can change project namespace.
 
@@ -69,5 +69,6 @@
     = f.submit 'Save', class: "btn save-btn"
     = link_to 'Cancel', @project, class: "btn"
     - unless @project.new_record?
-      .right
-        = link_to 'Remove', @project, confirm: 'Are you sure?', method: :delete, class: "btn danger"
+      - if can?(current_user, :remove_project, @project)
+        .right
+          = link_to 'Remove', @project, confirm: 'Removed project can not be restored! Are you sure?', method: :delete, class: "btn danger"
diff --git a/app/views/services/_gitlab_ci.html.haml b/app/views/services/_gitlab_ci.html.haml
index 09d139c0d2c..649c5cc4c3c 100644
--- a/app/views/services/_gitlab_ci.html.haml
+++ b/app/views/services/_gitlab_ci.html.haml
@@ -5,7 +5,7 @@
     - if @service.active
       %small.cgreen Enabled
     - else
-      %small.btn Disabled
+      %small.cgray Disabled
 
 
 
diff --git a/app/views/services/index.html.haml b/app/views/services/index.html.haml
index 65e94383da3..81599ec7c3f 100644
--- a/app/views/services/index.html.haml
+++ b/app/views/services/index.html.haml
@@ -12,7 +12,7 @@
         - if @gitlab_ci_service.active
           %small.cgreen Enabled
         - else
-          %small.btn Disabled
+          %small.cgray Disabled
   %li.wll
     %h4
       Jenkins CI