From 525ea066877d82d3a3ed0ed0025866753b794290 Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Tue, 11 Apr 2017 19:36:56 +0300 Subject: Move permission to create subgroup into GroupPolicy Signed-off-by: Dmitriy Zaporozhets --- app/models/user.rb | 4 ---- app/policies/group_policy.rb | 1 + app/views/groups/subgroups.html.haml | 2 +- .../siemens-gitlab-ce-fix-subgroup-hide-button.yml | 4 ++++ spec/models/user_spec.rb | 22 ---------------------- spec/policies/group_policy_spec.rb | 3 ++- 6 files changed, 8 insertions(+), 28 deletions(-) create mode 100644 changelogs/unreleased/siemens-gitlab-ce-fix-subgroup-hide-button.yml diff --git a/app/models/user.rb b/app/models/user.rb index bed2f0cae53..cbd741f96ed 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -570,10 +570,6 @@ class User < ActiveRecord::Base can?(:create_group) end - def can_create_subgroup?(group) - can?(:create_group) && can?(:admin_group, group) - end - def can_select_namespace? several_namespaces? || admin end diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index 4cc21696eb6..556ea3a8c72 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -28,6 +28,7 @@ class GroupPolicy < BasePolicy can! :admin_namespace can! :admin_group_member can! :change_visibility_level + can! :create_subgroup if @user.can_create_group end if globally_viewable && @subject.request_access_enabled && !member diff --git a/app/views/groups/subgroups.html.haml b/app/views/groups/subgroups.html.haml index 3342ba118ef..8f0724c0677 100644 --- a/app/views/groups/subgroups.html.haml +++ b/app/views/groups/subgroups.html.haml @@ -9,7 +9,7 @@ .nav-controls = form_tag request.path, method: :get do |f| = search_field_tag :filter_groups, params[:filter_groups], placeholder: 'Filter by name', class: 'form-control', spellcheck: false - - if current_user.can_create_subgroup? @group + - if can?(current_user, :create_subgroup, @group) = link_to new_group_path(parent_id: @group.id), class: 'btn btn-new pull-right' do New Subgroup diff --git a/changelogs/unreleased/siemens-gitlab-ce-fix-subgroup-hide-button.yml b/changelogs/unreleased/siemens-gitlab-ce-fix-subgroup-hide-button.yml new file mode 100644 index 00000000000..338944cdbbb --- /dev/null +++ b/changelogs/unreleased/siemens-gitlab-ce-fix-subgroup-hide-button.yml @@ -0,0 +1,4 @@ +--- +title: Hide new subgroup button if user has no permission to create one +merge_request: +author: diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 575b43c3d88..a9e37be1157 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -464,28 +464,6 @@ describe User, models: true do it { expect(@user2.several_namespaces?).to be_truthy } end - describe 'subgroups' do - let(:group) { create :group } - - it 'allows if owner' do - user = create :user - group.add_user(user, GroupMember::OWNER) - expect(user.can_create_subgroup?(group)).to be_truthy - end - - it 'disallows if missing right' do - user = create(:user, can_create_group: false) - group.add_user(user, GroupMember::MASTER) - expect(user.can_create_subgroup?(group)).to be_falsey - end - - it 'disallows if developer' do - user = create :user - group.add_user(user, GroupMember::DEVELOPER) - expect(user.can_create_subgroup?(group)).to be_falsey - end - end - describe 'namespaced' do before do @user = create :user diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index 5c34ff04152..2077c14ff7a 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -22,7 +22,8 @@ describe GroupPolicy, models: true do :admin_group, :admin_namespace, :admin_group_member, - :change_visibility_level + :change_visibility_level, + :create_subgroup ] end -- cgit v1.2.1