diff --git a/Gemfile b/Gemfile index ef0adb5e2bea87b2f95feb86a5edb791dcd29f63..0964ecdffbf2bf2f520b3c28ab7af429ca88d4de 100644 --- a/Gemfile +++ b/Gemfile @@ -174,6 +174,7 @@ gem "font-awesome-rails", '~> 3.2' gem "gitlab_emoji", "~> 0.0.1.1" gem "gon", '~> 5.0.0' gem 'nprogress-rails' +gem 'request_store' group :development do gem "annotate", "~> 2.6.0.beta2" diff --git a/Gemfile.lock b/Gemfile.lock index 3bea962f6ac0f08aca2cca7142d2d64fb37d01b6..f46cd723f80804ef6d250f5a1686c7db05466079 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -412,6 +412,7 @@ GEM redis-store (1.1.4) redis (>= 2.2) ref (1.0.5) + request_store (1.0.5) require_all (1.3.2) rest-client (1.6.7) mime-types (>= 1.16) @@ -650,6 +651,7 @@ DEPENDENCIES rb-inotify redcarpet (~> 2.2.2) redis-rails + request_store rspec-rails sanitize (~> 2.0) sass-rails (~> 4.0.2) diff --git a/app/models/ability.rb b/app/models/ability.rb index c60aa2d622e841e912a1544f117fb49e5b61fad0..e43316bead60465db050281d06a4cfbaf6d726fb 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -67,40 +67,42 @@ class Ability def project_abilities(user, project) rules = [] + key = "/user/#{user.id}/project/#{project.id}" + RequestStore.store[key] ||= begin + team = project.team - team = project.team + # Rules based on role in project + if team.master?(user) + rules += project_master_rules - # Rules based on role in project - if team.master?(user) - rules += project_master_rules + elsif team.developer?(user) + rules += project_dev_rules - elsif team.developer?(user) - rules += project_dev_rules + elsif team.reporter?(user) + rules += project_report_rules - elsif team.reporter?(user) - rules += project_report_rules + elsif team.guest?(user) + rules += project_guest_rules + end - elsif team.guest?(user) - rules += project_guest_rules - end + if project.public? || project.internal? + rules += public_project_rules + end - if project.public? || project.internal? - rules += public_project_rules - end + if project.owner == user || user.admin? + rules += project_admin_rules + end - if project.owner == user || user.admin? - rules += project_admin_rules - end + if project.group && project.group.has_owner?(user) + rules += project_admin_rules + end - if project.group && project.group.has_owner?(user) - rules += project_admin_rules - end + if project.archived? + rules -= project_archived_rules + end - if project.archived? - rules -= project_archived_rules + rules end - - rules end def public_project_rules