More explicit permission error for developers

2 files changed, 17 insertions, 1 deletions

diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 33cec6a..57a29fe 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -51,6 +51,10 @@ class ProjectsController < ApplicationController
   end
 
   def create
+    unless current_user.can_manage_project?(YAML.load(params["project"])[:id])
+      return redirect_to root_path, alert: 'You have to have at least master role to enable CI for this project'
+    end
+
     @project = CreateProjectService.new.execute(current_user, params[:project], project_url(":project_id"))
 
     if @project.persisted?
diff --git a/spec/controllers/projects_controller_spec.rb b/spec/controllers/projects_controller_spec.rb
index cea3986..17f6417 100644
--- a/spec/controllers/projects_controller_spec.rb
+++ b/spec/controllers/projects_controller_spec.rb
@@ -59,11 +59,23 @@ describe ProjectsController do
       allow(controller).to receive(:reset_cache) { true }
       allow(controller).to receive(:current_user) { user }
       Network.any_instance.stub(:enable_ci).and_return(true)
+      Network.any_instance.stub(:project_hooks).and_return(true)
 
       post :create, { project: project_dump }.with_indifferent_access
 
-      Project.exists?(gitlab_id: 189).should be_true
       expect(response.code).to eq('302')
+      expect(assigns(:project)).not_to be_a_new(Project)
+    end
+
+    it "shows error" do
+      allow(controller).to receive(:reset_cache) { true }
+      allow(controller).to receive(:current_user) { user }
+      User.any_instance.stub(:can_manage_project?).and_return(false)
+
+      post :create, { project: project_dump }.with_indifferent_access
+
+      expect(response.code).to eq('302')
+      expect(flash[:alert]).to include("You have to have at least master role to enable CI for this project")
     end
   end