New feature: Teams
Created by: dzaporozhets
From #2731
Work in progress
Merge request reports
Activity
- app/controllers/teams_controller.rb 0 → 100644
1 class TeamsController < ApplicationController 2 # Authorize 3 before_filter :authorize_manage_user_team! 4 before_filter :authorize_admin_user_team! 5 6 # Skip access control on public section 7 skip_before_filter :authorize_manage_user_team!, only: [:index, :show, :new, :destroy, :create, :search, :issues, :merge_requests] 8 skip_before_filter :authorize_admin_user_team!, only: [:index, :show, :new, :create, :search, :issues, :merge_requests] 9 10 layout 'user_team', only: [:show, :edit, :update, :destroy, :issues, :merge_requests, :search] Created by: AlexDenisov
Duplicated code:
@users = User.active @users = @users.not_in_team(user_team) if user_team.members.any? @users = UserDecorator.decorate @usersadmin/teams/members_controller.rb admin/teams_controller.rb teams/members_controller.rb
@projects = Project.scoped @projects = @projects.without_team(user_team) if user_team.projects.any? #@projects.reject!(&:empty_repo?)admin/teams/projects_controller.rb admin/teams_controller.rb
By Administrator on 2013-01-24T17:15:02 (imported from GitLab project)
By Administrator on 2013-01-24T17:15:02 (imported from GitLab)
- app/controllers/teams_controller.rb 0 → 100644
1 class TeamsController < ApplicationController 2 # Authorize 3 before_filter :authorize_manage_user_team! 4 before_filter :authorize_admin_user_team! 5 6 # Skip access control on public section 7 skip_before_filter :authorize_manage_user_team!, only: [:index, :show, :new, :destroy, :create, :search, :issues, :merge_requests] 8 skip_before_filter :authorize_admin_user_team!, only: [:index, :show, :new, :create, :search, :issues, :merge_requests] 9 10 layout 'user_team', only: [:show, :edit, :update, :destroy, :issues, :merge_requests, :search] Created by: zzet
@AlexDenisov, I understand your confusion as to why the first to declare, and then clean up.
Ask penetrate our experience and understand that whitelisting is always better blacklists.
If we say that everything is permitted that is not forbidden, we just close our eyes to what is happening around. New
Actionimmediately rules out of country, as it comes under the general rule, but this is not correct. Developer attention wasn't focused on the fact what can be resolved, and what not.If he will do something without thinking - he would be plucked for error. He will not have access to and it will look for the problem. When he sees that he needs to explicitly allow access, he thinks, and whether to do it or not. So the security aspect is covered at 100% and there is no reason to worry.
From the point of view of the developers - can be clearly seen that the legal policy of staggered and they once again look what the developer has to say. Again, plus the side of safety.
2 line is more code, and so much profit!
By Administrator on 2013-01-24T20:32:11 (imported from GitLab project)
By Administrator on 2013-01-24T20:32:11 (imported from GitLab)
Created by: zzet
@AlexDenisov
admin/teams_controller.rbcleanup in https://github.com/Undev/gitlabhq/commit/94d0c6e2fc1a8f649a1be73a78bc43e0946235b7 #2751 PRWhat about
admin/teams/members_controller.rbANDteams/members_controller.rbhttps://github.com/Undev/gitlabhq/commit/fb0edba316cd80b9d5bed072b0bce016c2710542 #2751 PRBy Administrator on 2013-01-24T18:32:24 (imported from GitLab project)
By Administrator on 2013-01-24T18:32:24 (imported from GitLab)
- app/controllers/teams_controller.rb 0 → 100644
1 class TeamsController < ApplicationController 2 # Authorize 3 before_filter :authorize_manage_user_team! 4 before_filter :authorize_admin_user_team! 5 6 # Skip access control on public section 7 skip_before_filter :authorize_manage_user_team!, only: [:index, :show, :new, :destroy, :create, :search, :issues, :merge_requests] 8 skip_before_filter :authorize_admin_user_team!, only: [:index, :show, :new, :create, :search, :issues, :merge_requests] 9 10 layout 'user_team', only: [:show, :edit, :update, :destroy, :issues, :merge_requests, :search] Created by: AlexDenisov
@zzet, thank a lot for detailed explanation. Now I understand reason and totally agree with you. And I see that this approach is a good practice.
By Administrator on 2013-01-24T20:32:12 (imported from GitLab project)
By Administrator on 2013-01-24T20:32:12 (imported from GitLab)
- app/controllers/teams_controller.rb 0 → 100644
1 class TeamsController < ApplicationController 2 # Authorize 3 before_filter :authorize_manage_user_team! 4 before_filter :authorize_admin_user_team! 5 6 # Skip access control on public section 7 skip_before_filter :authorize_manage_user_team!, only: [:index, :show, :new, :destroy, :create, :search, :issues, :merge_requests] 8 skip_before_filter :authorize_admin_user_team!, only: [:index, :show, :new, :create, :search, :issues, :merge_requests] 9 10 layout 'user_team', only: [:show, :edit, :update, :destroy, :issues, :merge_requests, :search] Created by: zzet
@AlexDenisov, thx :)
By Administrator on 2013-01-24T20:32:12 (imported from GitLab project)
By Administrator on 2013-01-24T20:32:12 (imported from GitLab)
