Abiliy to disable 'Share with Group' feature

406587a4 · Valery Sizov · 56fee497 · 406587a4 · 406587a4 · 406587a4
Commit 406587a4 authored 9 years ago by Valery Sizov
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -135,7 +135,7 @@ class GroupsController < Groups::ApplicationController
  end
  
  def group_params
-    params.require(:group).permit(:name, :description, :path, :avatar, :membership_lock)
+    params.require(:group).permit(:name, :description, :path, :avatar, :membership_lock, :share_with_group_lock)
  end
  
  def load_events

--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -777,4 +777,8 @@ class Project < ActiveRecord::Base
      approvers.find_or_create_by(user_id: user_id, target_id: id)
    end
  end
+
+  def allowed_to_share_with_group?
+    !namespace.share_with_group_lock
+  end
 end
--- a/app/models/project_team.rb
+++ b/app/models/project_team.rb
@@ -145,7 +145,7 @@ class ProjectTeam
      access << group.group_members.find_by(user_id: user_id).try(:access_field)
    end
  
-    if project.invited_groups.any?
+    if project.invited_groups.any? && project.allowed_to_share_with_group?
      access << max_invited_level(user_id)
    end
  
@@ -175,7 +175,7 @@ class ProjectTeam
    group_members = group ? group.group_members : []
    invited_members = []
  
-    if project.invited_groups.any?
+    if project.invited_groups.any? && project.allowed_to_share_with_group?
      project.project_group_links.each do |group_link|
        invited_group = group_link.group
        im = invited_group.group_members

--- a/app/views/groups/edit.html.haml
+++ b/app/views/groups/edit.html.haml
@@ -27,13 +27,22 @@
  
      .form-group
        %hr
-        = f.label :name, class: 'control-label' do
+        = f.label :membership_lock, class: 'control-label' do
          Member lock
        .col-sm-10
          .checkbox
            = f.check_box :membership_lock
            %span.descr Prevent adding new members to project membership within this group
  
+      .form-group
+        %hr
+        = f.label :share_with_group_lock, class: 'control-label' do
+          Share with group lock
+        .col-sm-10
+          .checkbox
+            = f.check_box :share_with_group_lock
+            %span.descr Prevent sharing a project with another group within this group
+
      .form-actions
        = f.submit 'Save group', class: "btn btn-save"
  

--- a/app/views/layouts/nav/_project_settings.html.haml
+++ b/app/views/layouts/nav/_project_settings.html.haml
@@ -13,11 +13,12 @@
        = icon('pencil-square-o fw')
        %span
          Project Settings
-    = nav_link(controller: :group_links) do
-      = link_to namespace_project_group_links_path(@project.namespace, @project) do
-        = icon('share-square-o fw')
-        %span
-          Groups
+    - if @project.allowed_to_share_with_group?
+      = nav_link(controller: :group_links) do
+        = link_to namespace_project_group_links_path(@project.namespace, @project) do
+          = icon('share-square-o fw')
+          %span
+            Groups
    = nav_link(controller: :deploy_keys) do
      = link_to namespace_project_deploy_keys_path(@project.namespace, @project), title: 'Deploy Keys', data: {placement: 'right'} do
        = icon('key fw')

--- a/app/views/projects/project_members/index.html.haml
+++ b/app/views/projects/project_members/index.html.haml
@@ -32,7 +32,7 @@
  
 - if @group
  = render "group_members", members: @group_members
- if @project_group_links.any?
+- if @project_group_links.any? && @project.allowed_to_share_with_group?
  = render "shared_group_members"
  
 :coffeescript

--- a/db/migrate/20150930110012_add_group_share_lock.rb
+++ b/db/migrate/20150930110012_add_group_share_lock.rb
+class AddGroupShareLock < ActiveRecord::Migration
+  def change
+    add_column :namespaces, :share_with_group_lock, :boolean, default: false
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
  
-ActiveRecord::Schema.define(version: 20150920161119) do
+ActiveRecord::Schema.define(version: 20150930110012) do
  
  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
@@ -549,15 +549,16 @@ ActiveRecord::Schema.define(version: 20150920161119) do
  add_index "milestones", ["project_id"], name: "index_milestones_on_project_id", using: :btree
  
  create_table "namespaces", force: true do |t|
-    t.string   "name",                            null: false
-    t.string   "path",                            null: false
+    t.string   "name",                                  null: false
+    t.string   "path",                                  null: false
    t.integer  "owner_id"
    t.datetime "created_at"
    t.datetime "updated_at"
    t.string   "type"
-    t.string   "description",     default: "",    null: false
+    t.string   "description",           default: "",    null: false
    t.string   "avatar"
-    t.boolean  "membership_lock", default: false
+    t.boolean  "membership_lock",       default: false
+    t.boolean  "share_with_group_lock", default: false
  end
  
  add_index "namespaces", ["created_at", "id"], name: "index_namespaces_on_created_at_and_id", using: :btree

--- a/lib/api/groups.rb
+++ b/lib/api/groups.rb
@@ -23,15 +23,18 @@ module API
      # Create group. Available only for users who can create groups.
      #
      # Parameters:
-      #   name (required) - The name of the group
-      #   path (required) - The path of the group
+      #   name                  (required) - The name of the group
+      #   path                  (required) - The path of the group
+      #   description           (optional) - The details of the group
+      #   membership_lock       (optional, boolean) - Prevent adding new members to project membership within this group
+      #   share_with_group_lock (optional, boolean) - Prevent sharing a project with another group within this group
      # Example Request:
      #   POST /groups
      post do
        authorize! :create_group, current_user
        required_attributes! [:name, :path]
  
-        attrs = attributes_for_keys [:name, :path, :description]
+        attrs = attributes_for_keys [:name, :path, :description, :membership_lock, :share_with_group_lock]
        @group = Group.new(attrs)
  
        if @group.save
@@ -51,6 +54,29 @@ module API
        end
      end
  
+      # Update group. Available only for users who can manage this group.
+      #
+      # Parameters:
+      #   id                    (required) - The ID of a group
+      #   name                  (required) - The name of the group
+      #   path                  (required) - The path of the group
+      #   description           (optional) - The details of the group
+      #   membership_lock       (optional, boolean) - Prevent adding new members to project membership within this group
+      #   share_with_group_lock (optional, boolean) - Prevent sharing a project with another group within this group
+      # Example Request:
+      #   PUT /groups/:id
+      put ":id" do
+        attrs = attributes_for_keys [:name, :path, :description, :membership_lock, :share_with_group_lock]
+        @group = find_group(params[:id])
+        authorize! :admin_group, @group
+
+        if @group.update_attributes(attrs)
+          present @group, with: Entities::Group
+        else
+          render_api_error!("Failed to update group #{@group.errors.messages}", 400)
+        end
+      end
+
      # Get a single group, with containing projects
      #
      # Parameters:

--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -264,6 +264,10 @@ module API
      post ":id/share" do
        authorize! :admin_project, user_project
        required_attributes! [:group_id, :group_access]
+        
+        unless user_project.allowed_to_share_with_group?
+          return render_api_error!("The project sharing with group is disabled")
+        end
  
        link = user_project.project_group_links.new
        link.group_id = params[:group_id]

--- a/spec/requests/api/groups_spec.rb
+++ b/spec/requests/api/groups_spec.rb
@@ -142,6 +142,24 @@ describe API::API, api: true  do
    end
  end
  
+  describe "PUT /groups" do
+    context "when authenticated as user without group permissions" do
+      it "should not create group" do
+        put api("/groups/#{group2.id}", user1), attributes_for(:group)
+        expect(response.status).to eq(403)
+      end
+    end
+
+    context "when authenticated as user with group permissions" do
+      it "should update group" do
+        group2.update(owner: user2)
+        put api("/groups/#{group2.id}", user2), { name: 'Renamed' }
+        expect(response.status).to eq(200)
+        expect(group2.reload.name).to eq('Renamed')
+      end
+    end
+  end
+
  describe "DELETE /groups/:id" do
    context "when authenticated as user" do
      it "should remove group" do