Skip to content
Snippets Groups Projects
Commit 09987ec7 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets Committed by Wes Gurney
Browse files

Modify permissions for project and group

* Hooks and team pages allowed only for masters/owners
* Group page allowed for admin
* Corrent authentication for Projects controller
* Hide some project elements from visitor
parent 3b5b715d
No related branches found
No related tags found
1 merge request!4954Add support to configure webhook_timeout in gitlab.yaml
This commit is part of merge request !4954. Comments created here will be created in the context of that merge request.
class Projects::HooksController < Projects::ApplicationController
# Authorize
before_filter :authorize_read_project!
before_filter :authorize_admin_project!, only: [:new, :create, :destroy]
before_filter :authorize_admin_project!
 
respond_to :html
 
Loading
Loading
Loading
Loading
@@ -14,8 +14,6 @@ class Projects::SnippetsController < Projects::ApplicationController
# Allow destroy snippet
before_filter :authorize_admin_project_snippet!, only: [:destroy]
 
layout 'projects'
respond_to :html
 
def index
Loading
Loading
class Projects::TeamMembersController < Projects::ApplicationController
# Authorize
before_filter :authorize_read_project!
before_filter :authorize_admin_project!, except: [:index, :show]
before_filter :authorize_admin_project!
 
layout "project_settings"
 
Loading
Loading
class ProjectsController < Projects::ApplicationController
class ProjectsController < ApplicationController
skip_before_filter :authenticate_user!, only: [:show]
skip_before_filter :project, only: [:new, :create]
skip_before_filter :repository, only: [:new, :create]
before_filter :project, except: [:new, :create]
before_filter :repository, except: [:new, :create]
 
# Authorize
before_filter :authorize_read_project!, except: [:index, :new, :create]
Loading
Loading
Loading
Loading
@@ -154,7 +154,7 @@ class Ability
def group_abilities user, group
rules = []
 
if group.users.include?(user)
if group.users.include?(user) || user.admin?
rules << :read_group
end
 
Loading
Loading
Loading
Loading
@@ -32,6 +32,10 @@ class Group < Namespace
end
end
 
def add_user(user, group_access)
self.users_groups.create(user_id: user.id, group_access: group_access)
end
def change_owner(user)
self.owner = user
membership = users_groups.where(user_id: user.id).first
Loading
Loading
Loading
Loading
@@ -19,37 +19,38 @@
%i.icon-download-alt
%span.only-wide Download
 
.dropdown.pull-right
%a.dropdown-toggle.btn{href: '#', "data-toggle" => "dropdown"}
%i.icon-plus-sign-alt
%span.only-wide New
%b.caret
%ul.dropdown-menu
- if @project.issues_enabled && can?(current_user, :write_issue, @project)
%li
= link_to url_for_new_issue, title: "New Issue" do
Issue
- if @project.merge_requests_enabled && can?(current_user, :write_merge_request, @project)
%li
= link_to new_project_merge_request_path(@project), title: "New Merge Request" do
Merge Request
- if @project.snippets_enabled && can?(current_user, :write_snippet, @project)
%li
= link_to new_project_snippet_path(@project), title: "New Snippet" do
Snippet
- if can? current_user, :push_code, @project
%li.divider
%li
= link_to new_project_branch_path(@project) do
%i.icon-code-fork
Git branch
%li
= link_to new_project_tag_path(@project) do
%i.icon-tag
Git tag
- if current_user
.dropdown.pull-right
%a.dropdown-toggle.btn{href: '#', "data-toggle" => "dropdown"}
%i.icon-plus-sign-alt
%span.only-wide New
%b.caret
%ul.dropdown-menu
- if @project.issues_enabled && can?(current_user, :write_issue, @project)
%li
= link_to url_for_new_issue, title: "New Issue" do
Issue
- if @project.merge_requests_enabled && can?(current_user, :write_merge_request, @project)
%li
= link_to new_project_merge_request_path(@project), title: "New Merge Request" do
Merge Request
- if @project.snippets_enabled && can?(current_user, :write_snippet, @project)
%li
= link_to new_project_snippet_path(@project), title: "New Snippet" do
Snippet
- if can? current_user, :push_code, @project
%li.divider
%li
= link_to new_project_branch_path(@project) do
%i.icon-code-fork
Git branch
%li
= link_to new_project_tag_path(@project) do
%i.icon-tag
Git tag
 
- if can?(current_user, :admin_team_member, @project)
%li.divider
%li
= link_to new_project_team_member_path(@project), title: "New project member" do
Project member
- if can?(current_user, :admin_team_member, @project)
%li.divider
%li
= link_to new_project_team_member_path(@project), title: "New project member" do
Project member
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment