Merge pull request #2772 from zzet/bugfix/path_and_page-project-member-access-#2745

fix edit project members access link and page fixes refs #2745

app/controllers/admin/projects/application_controller.rb

@@ -6,6 +6,6 @@ class Admin::Projects::ApplicationController < Admin::ApplicationController
   protected
 
   def project
-    @project ||= Project.find_by_path(params[:project_id])
+    @project ||= Project.find_with_namespace(params[:project_id])
   end
 end

app/controllers/admin/projects/members_controller.rb

@@ -22,7 +22,7 @@ class Admin::Projects::MembersController < Admin::Projects::ApplicationControlle
   private
 
   def team_member
-    @member ||= project.users.find(params[:id])
+    @member ||= project.users.find_by_username(params[:id])
   end
 
   def team_member_relation

app/controllers/admin/teams/members_controller.rb

@@ -36,6 +36,6 @@ class Admin::Teams::MembersController < Admin::Teams::ApplicationController
   protected
 
   def team_member
-    @member ||= user_team.members.find(params[:id])
+    @member ||= user_team.members.find_by_username(params[:id])
   end
 end

app/controllers/admin/users_controller.rb

@@ -7,25 +7,21 @@ class Admin::UsersController < Admin::ApplicationController
   end
 
   def show
-    @admin_user = User.find(params[:id])
-
-    @projects = if @admin_user.authorized_projects.empty?
+    projects = if admin_user.authorized_projects.empty?
                Project
              else
-               Project.without_user(@admin_user)
+               Project.without_user(admin_user)
              end.all
   end
 
   def team_update
-    @admin_user = User.find(params[:id])
-
     UsersProject.add_users_into_projects(
       params[:project_ids],
-      [@admin_user.id],
+      [admin_user.id],
       params[:project_access]
     )
 
-    redirect_to [:admin, @admin_user], notice: 'Teams were successfully updated.'
+    redirect_to [:admin, admin_user], notice: 'Teams were successfully updated.'
   end
 
 
@@ -34,13 +30,11 @@ class Admin::UsersController < Admin::ApplicationController
   end
 
   def edit
-    @admin_user = User.find(params[:id])
+    admin_user
   end
 
   def block
-    @admin_user = User.find(params[:id])
-
-    if @admin_user.block
+    if admin_user.block
       redirect_to :back, alert: "Successfully blocked"
     else
       redirect_to :back, alert: "Error occured. User was not blocked"
@@ -48,9 +42,7 @@ class Admin::UsersController < Admin::ApplicationController
   end
 
   def unblock
-    @admin_user = User.find(params[:id])
-
-    if @admin_user.update_attribute(:blocked, false)
+    if admin_user.update_attribute(:blocked, false)
       redirect_to :back, alert: "Successfully unblocked"
     else
       redirect_to :back, alert: "Error occured. User was not unblocked"
@@ -82,30 +74,34 @@ class Admin::UsersController < Admin::ApplicationController
       params[:user].delete(:password_confirmation)
     end
 
-    @admin_user = User.find(params[:id])
-    @admin_user.admin = (admin && admin.to_i > 0)
+    admin_user.admin = (admin && admin.to_i > 0)
 
     respond_to do |format|
-      if @admin_user.update_attributes(params[:user], as: :admin)
-        format.html { redirect_to [:admin, @admin_user], notice: 'User was successfully updated.' }
+      if admin_user.update_attributes(params[:user], as: :admin)
+        format.html { redirect_to [:admin, admin_user], notice: 'User was successfully updated.' }
         format.json { head :ok }
       else
         format.html { render action: "edit" }
-        format.json { render json: @admin_user.errors, status: :unprocessable_entity }
+        format.json { render json: admin_user.errors, status: :unprocessable_entity }
       end
     end
   end
 
   def destroy
-    @admin_user = User.find(params[:id])
-    if @admin_user.personal_projects.count > 0
+    if admin_user.personal_projects.count > 0
       redirect_to admin_users_path, alert: "User is a project owner and can't be removed." and return
     end
-    @admin_user.destroy
+    admin_user.destroy
 
     respond_to do |format|
-      format.html { redirect_to admin_users_url }
+      format.html { redirect_to admin_users_path }
       format.json { head :ok }
     end
   end
+
+  protected
+
+  def admin_user
+    @admin_user ||= User.find_by_username(params[:id])
+  end
 end

app/controllers/team_members_controller.rb

@@ -39,7 +39,7 @@ class TeamMembersController < ProjectResourceController
   end
 
   def destroy
-    @user_project_relation = project.users_projects.find_by_user_id(params[:id])
+    @user_project_relation = project.users_projects.find_by_user_id(member)
     @user_project_relation.destroy
 
     respond_to do |format|
@@ -59,6 +59,6 @@ class TeamMembersController < ProjectResourceController
   protected
 
   def member
-    @member ||= User.find(params[:id])
+    @member ||= User.find_by_username(params[:id])
   end
 end

app/controllers/teams/members_controller.rb

@@ -43,7 +43,7 @@ class Teams::MembersController < Teams::ApplicationController
   protected
 
   def team_member
-    @member ||= user_team.members.find(params[:id])
+    @member ||= user_team.members.find_by_username(params[:id])
   end
 
 end

app/models/user.rb

@@ -143,6 +143,11 @@ class User < ActiveRecord::Base
   #
   # Instance methods
   #
+
+  def to_param
+    username
+  end
+
   def generate_password
     if self.force_random_password
       self.password = self.password_confirmation = Devise.friendly_token.first(8)

app/views/admin/groups/show.html.haml

@@ -72,16 +72,17 @@
           %th Users
           %th Project Access:
 
-      - @group.users.each do |u|
-        %tr{class: "user_#{u.id}"}
-          %td.name= link_to u.name, admin_user_path(u)
+      - @group.users.each do |user|
+        - next unless user
+        %tr{class: "user_#{user.id}"}
+          %td.name= link_to user.name, admin_user_path(user)
           %td.projects_access
-            - u.authorized_projects.in_namespace(@group).each do |project|
-              - u_p = u.users_projects.in_project(project).first
+            - user.authorized_projects.in_namespace(@group).each do |project|
+              - u_p = user.users_projects.in_project(project).first
               - next unless u_p
               %span
-                = project.name
-                = link_to "(#{ u_p.project_access_human })", edit_admin_team_member_path(u_p)
+                = project.name_with_namespace
+                = link_to "(#{ u_p.project_access_human })", edit_admin_project_member_path(project, user)
       %tr
         %td.input= select_tag :user_ids, options_from_collection_for_select(@users , :id, :name), multiple: true, data: {placeholder: 'Select users'}, class: 'chosen span5'
         %td= select_tag :project_access, options_for_select(Project.access_options), {class: "project-access-select chosen span3"}

app/views/admin/users/show.html.haml

@@ -123,5 +123,5 @@
       %tr
         %td= link_to project.name_with_namespace, admin_project_path(project)
         %td= tm.project_access_human
-        %td= link_to 'Edit Access', edit_admin_team_member_path(tm), class: "btn small"
-        %td= link_to 'Remove from team', admin_team_member_path(tm), confirm: 'Are you sure?', method: :delete, class: "btn small danger"
+        %td= link_to 'Edit Access', edit_admin_project_member_path(project, tm.user), class: "btn small"
+        %td= link_to 'Remove from team', admin_project_member_path(project, tm.user), confirm: 'Are you sure?', method: :delete, class: "btn small danger"

config/routes.rb

@@ -84,7 +84,7 @@ Gitlab::Application.routes.draw do
         get :team
         put :team_update
       end
-      scope module: :projects, constraints: { id: /[^\/]+/ } do
+      scope module: :projects, constraints: { id: /[a-zA-Z.\/0-9_\-]+/ } do
         resources :members, only: [:edit, :update, :destroy]
       end
     end