summaryrefslogtreecommitdiff
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/concerns/issues_action.rb14
-rw-r--r--app/controllers/concerns/merge_requests_action.rb9
-rw-r--r--app/controllers/dashboard_controller.rb20
-rw-r--r--app/controllers/groups/group_members_controller.rb30
-rw-r--r--app/controllers/groups_controller.rb20
-rw-r--r--app/controllers/projects/compare_controller.rb4
-rw-r--r--app/controllers/projects/project_members_controller.rb34
7 files changed, 67 insertions, 64 deletions
diff --git a/app/controllers/concerns/issues_action.rb b/app/controllers/concerns/issues_action.rb
new file mode 100644
index 00000000000..effd4721949
--- /dev/null
+++ b/app/controllers/concerns/issues_action.rb
@@ -0,0 +1,14 @@
+module IssuesAction
+ extend ActiveSupport::Concern
+
+ def issues
+ @issues = get_issues_collection
+ @issues = @issues.page(params[:page]).per(ApplicationController::PER_PAGE)
+ @issues = @issues.preload(:author, :project)
+
+ respond_to do |format|
+ format.html
+ format.atom { render layout: false }
+ end
+ end
+end
diff --git a/app/controllers/concerns/merge_requests_action.rb b/app/controllers/concerns/merge_requests_action.rb
new file mode 100644
index 00000000000..f7a25111db9
--- /dev/null
+++ b/app/controllers/concerns/merge_requests_action.rb
@@ -0,0 +1,9 @@
+module MergeRequestsAction
+ extend ActiveSupport::Concern
+
+ def merge_requests
+ @merge_requests = get_merge_requests_collection
+ @merge_requests = @merge_requests.page(params[:page]).per(ApplicationController::PER_PAGE)
+ @merge_requests = @merge_requests.preload(:author, :target_project)
+ end
+end
diff --git a/app/controllers/dashboard_controller.rb b/app/controllers/dashboard_controller.rb
index b2c1fa4230c..087da935087 100644
--- a/app/controllers/dashboard_controller.rb
+++ b/app/controllers/dashboard_controller.rb
@@ -1,26 +1,12 @@
class DashboardController < Dashboard::ApplicationController
+ include IssuesAction
+ include MergeRequestsAction
+
before_action :event_filter, only: :activity
before_action :projects, only: [:issues, :merge_requests]
respond_to :html
- def merge_requests
- @merge_requests = get_merge_requests_collection
- @merge_requests = @merge_requests.page(params[:page]).per(PER_PAGE)
- @merge_requests = @merge_requests.preload(:author, :target_project)
- end
-
- def issues
- @issues = get_issues_collection
- @issues = @issues.page(params[:page]).per(PER_PAGE)
- @issues = @issues.preload(:author, :project)
-
- respond_to do |format|
- format.html
- format.atom { render layout: false }
- end
- end
-
def activity
@last_push = current_user.recent_push
diff --git a/app/controllers/groups/group_members_controller.rb b/app/controllers/groups/group_members_controller.rb
index b25957a06e2..0e902c4bb43 100644
--- a/app/controllers/groups/group_members_controller.rb
+++ b/app/controllers/groups/group_members_controller.rb
@@ -3,8 +3,7 @@ class Groups::GroupMembersController < Groups::ApplicationController
# Authorize
before_action :authorize_read_group!
- before_action :authorize_admin_group!, except: [:index, :leave]
- before_action :authorize_admin_group_member!, only: [:create, :resend_invite]
+ before_action :authorize_admin_group_member!, except: [:index, :leave]
def index
@project = @group.projects.find(params[:project_id]) if params[:project_id]
@@ -17,7 +16,8 @@ class Groups::GroupMembersController < Groups::ApplicationController
end
@members = @members.order('access_level DESC').page(params[:page]).per(50)
- @group_member = GroupMember.new
+
+ @group_member = @group.group_members.new
end
def create
@@ -27,24 +27,23 @@ class Groups::GroupMembersController < Groups::ApplicationController
end
def update
- @member = @group.group_members.find(params[:id])
+ @group_member = @group.group_members.find(params[:id])
- return render_403 unless can?(current_user, :update_group_member, @member)
+ return render_403 unless can?(current_user, :update_group_member, @group_member)
- @member.update_attributes(member_params)
+ @group_member.update_attributes(member_params)
end
def destroy
@group_member = @group.group_members.find(params[:id])
- if can?(current_user, :destroy_group_member, @group_member) # May fail if last owner.
- @group_member.destroy
- respond_to do |format|
- format.html { redirect_to group_group_members_path(@group), notice: 'User was successfully removed from group.' }
- format.js { render nothing: true }
- end
- else
- return render_403
+ return render_403 unless can?(current_user, :destroy_group_member, @group_member)
+
+ @group_member.destroy
+
+ respond_to do |format|
+ format.html { redirect_to group_group_members_path(@group), notice: 'User was successfully removed from group.' }
+ format.js { render nothing: true }
end
end
@@ -63,10 +62,11 @@ class Groups::GroupMembersController < Groups::ApplicationController
end
def leave
- @group_member = @group.group_members.where(user_id: current_user.id).first
+ @group_member = @group.group_members.find_by(user_id: current_user)
if can?(current_user, :destroy_group_member, @group_member)
@group_member.destroy
+
redirect_to(dashboard_groups_path, notice: "You left #{group.name} group.")
else
if @group.last_owner?(current_user)
diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb
index fb4eb094f27..fb26a4e6fc3 100644
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -1,4 +1,7 @@
class GroupsController < Groups::ApplicationController
+ include IssuesAction
+ include MergeRequestsAction
+
skip_before_action :authenticate_user!, only: [:show, :issues, :merge_requests]
respond_to :html
before_action :group, except: [:new, :create]
@@ -53,23 +56,6 @@ class GroupsController < Groups::ApplicationController
end
end
- def merge_requests
- @merge_requests = get_merge_requests_collection
- @merge_requests = @merge_requests.page(params[:page]).per(PER_PAGE)
- @merge_requests = @merge_requests.preload(:author, :target_project)
- end
-
- def issues
- @issues = get_issues_collection
- @issues = @issues.page(params[:page]).per(PER_PAGE)
- @issues = @issues.preload(:author, :project)
-
- respond_to do |format|
- format.html
- format.atom { render layout: false }
- end
- end
-
def edit
end
diff --git a/app/controllers/projects/compare_controller.rb b/app/controllers/projects/compare_controller.rb
index 55134e11d15..5200d609cc9 100644
--- a/app/controllers/projects/compare_controller.rb
+++ b/app/controllers/projects/compare_controller.rb
@@ -20,8 +20,8 @@ class Projects::CompareController < Projects::ApplicationController
if compare_result
@commits = Commit.decorate(compare_result.commits, @project)
@diffs = compare_result.diffs
- @commit = @commits.last
- @first_commit = @commits.first
+ @commit = @project.commit(head_ref)
+ @first_commit = @project.commit(base_ref)
@line_notes = []
end
end
diff --git a/app/controllers/projects/project_members_controller.rb b/app/controllers/projects/project_members_controller.rb
index 9de5269cd25..07eb94e4f48 100644
--- a/app/controllers/projects/project_members_controller.rb
+++ b/app/controllers/projects/project_members_controller.rb
@@ -1,6 +1,6 @@
class Projects::ProjectMembersController < Projects::ApplicationController
# Authorize
- before_action :authorize_admin_project!, except: :leave
+ before_action :authorize_admin_project_member!, except: :leave
def index
@project_members = @project.project_members
@@ -29,10 +29,6 @@ class Projects::ProjectMembersController < Projects::ApplicationController
@project_member = @project.project_members.new
end
- def new
- @project_member = @project.project_members.new
- end
-
def create
@project.team.add_users(params[:user_ids].split(','), params[:access_level], current_user)
@@ -41,11 +37,17 @@ class Projects::ProjectMembersController < Projects::ApplicationController
def update
@project_member = @project.project_members.find(params[:id])
+
+ return render_403 unless can?(current_user, :update_project_member, @project_member)
+
@project_member.update_attributes(member_params)
end
def destroy
@project_member = @project.project_members.find(params[:id])
+
+ return render_403 unless can?(current_user, :destroy_project_member, @project_member)
+
@project_member.destroy
respond_to do |format|
@@ -71,16 +73,22 @@ class Projects::ProjectMembersController < Projects::ApplicationController
end
def leave
- if @project.namespace == current_user.namespace
- message = 'You can not leave your own project. Transfer or delete the project.'
- return redirect_back_or_default(default: { action: 'index' }, options: { alert: message })
- end
+ @project_member = @project.project_members.find_by(user_id: current_user)
- @project.project_members.find_by(user_id: current_user).destroy
+ if can?(current_user, :destroy_project_member, @project_member)
+ @project_member.destroy
- respond_to do |format|
- format.html { redirect_to dashboard_projects_path }
- format.js { render nothing: true }
+ respond_to do |format|
+ format.html { redirect_to dashboard_projects_path, notice: "You left the project." }
+ format.js { render nothing: true }
+ end
+ else
+ if current_user == @project.owner
+ message = 'You can not leave your own project. Transfer or delete the project.'
+ redirect_back_or_default(default: { action: 'index' }, options: { alert: message })
+ else
+ render_403
+ end
end
end
View Lorry Controller Status