Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
1c62ec09
Commit
1c62ec09
authored
Feb 16, 2012
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
4 roles permission system
parent
dac7c44a
Changes
18
Hide whitespace changes
Inline
Side-by-side
Showing
18 changed files
with
66 additions
and
111 deletions
+66
-111
app/controllers/projects_controller.rb
app/controllers/projects_controller.rb
+1
-1
app/models/project.rb
app/models/project.rb
+14
-24
app/models/repository.rb
app/models/repository.rb
+1
-11
app/models/users_project.rb
app/models/users_project.rb
+7
-7
app/views/admin/projects/show.html.haml
app/views/admin/projects/show.html.haml
+0
-2
app/views/admin/team_members/_form.html.haml
app/views/admin/team_members/_form.html.haml
+0
-4
app/views/admin/users/show.html.haml
app/views/admin/users/show.html.haml
+0
-2
app/views/help/permissions.html.haml
app/views/help/permissions.html.haml
+6
-0
app/views/team_members/_form.html.haml
app/views/team_members/_form.html.haml
+2
-11
app/views/team_members/_show.html.haml
app/views/team_members/_show.html.haml
+1
-4
app/views/team_members/show.html.haml
app/views/team_members/show.html.haml
+0
-7
app/views/widgets/_project_member.html.haml
app/views/widgets/_project_member.html.haml
+0
-1
db/migrate/20120216085842_move_to_roles_permissions.rb
db/migrate/20120216085842_move_to_roles_permissions.rb
+18
-0
db/schema.rb
db/schema.rb
+1
-14
spec/models/note_spec.rb
spec/models/note_spec.rb
+7
-9
spec/models/project_security_spec.rb
spec/models/project_security_spec.rb
+4
-6
spec/requests/projects_security_spec.rb
spec/requests/projects_security_spec.rb
+2
-4
spec/requests/team_members_spec.rb
spec/requests/team_members_spec.rb
+2
-4
No files found.
app/controllers/projects_controller.rb
View file @
1c62ec09
...
@@ -28,7 +28,7 @@ class ProjectsController < ApplicationController
...
@@ -28,7 +28,7 @@ class ProjectsController < ApplicationController
Project
.
transaction
do
Project
.
transaction
do
@project
.
save!
@project
.
save!
@project
.
users_projects
.
create!
(
:
repo_access
=>
Repository
::
REPO_RW
,
:project_access
=>
Project
::
PROJECT_RWA
,
:user
=>
current_user
)
@project
.
users_projects
.
create!
(
:
project_access
=>
UsersProject
::
MASTER
,
:user
=>
current_user
)
# when project saved no team member exist so
# when project saved no team member exist so
# project repository should be updated after first user add
# project repository should be updated after first user add
...
...
app/models/project.rb
View file @
1c62ec09
require
"grit"
require
"grit"
class
Project
<
ActiveRecord
::
Base
class
Project
<
ActiveRecord
::
Base
PROJECT_N
=
0
PROJECT_R
=
1
PROJECT_RW
=
2
PROJECT_RWA
=
3
belongs_to
:owner
,
:class_name
=>
"User"
belongs_to
:owner
,
:class_name
=>
"User"
has_many
:merge_requests
,
:dependent
=>
:destroy
has_many
:merge_requests
,
:dependent
=>
:destroy
...
@@ -61,12 +56,7 @@ class Project < ActiveRecord::Base
...
@@ -61,12 +56,7 @@ class Project < ActiveRecord::Base
end
end
def
self
.
access_options
def
self
.
access_options
{
UsersProject
.
access_roles
"Denied"
=>
PROJECT_N
,
"Read"
=>
PROJECT_R
,
"Report"
=>
PROJECT_RW
,
"Admin"
=>
PROJECT_RWA
}
end
end
def
repository
def
repository
...
@@ -193,11 +183,11 @@ class Project < ActiveRecord::Base
...
@@ -193,11 +183,11 @@ class Project < ActiveRecord::Base
# Should be rewrited for new access rights
# Should be rewrited for new access rights
def
add_access
(
user
,
*
access
)
def
add_access
(
user
,
*
access
)
access
=
if
access
.
include?
(
:admin
)
access
=
if
access
.
include?
(
:admin
)
{
:project_access
=>
PROJECT_RWA
}
{
:project_access
=>
UsersProject
::
MASTER
}
elsif
access
.
include?
(
:write
)
elsif
access
.
include?
(
:write
)
{
:project_access
=>
PROJECT_RW
}
{
:project_access
=>
UsersProject
::
DEVELOPER
}
else
else
{
:project_access
=>
PROJECT_R
}
{
:project_access
=>
UsersProject
::
GUEST
}
end
end
opts
=
{
:user
=>
user
}
opts
=
{
:user
=>
user
}
opts
.
merge!
(
access
)
opts
.
merge!
(
access
)
...
@@ -210,48 +200,48 @@ class Project < ActiveRecord::Base
...
@@ -210,48 +200,48 @@ class Project < ActiveRecord::Base
def
repository_readers
def
repository_readers
keys
=
Key
.
joins
({
:user
=>
:users_projects
}).
keys
=
Key
.
joins
({
:user
=>
:users_projects
}).
where
(
"users_projects.project_id = ? AND users_projects.
repo_access = ?"
,
id
,
Repository
::
REPO_
R
)
where
(
"users_projects.project_id = ? AND users_projects.
project_access = ?"
,
id
,
UsersProject
::
REPORTE
R
)
keys
.
map
(
&
:identifier
)
+
deploy_keys
.
map
(
&
:identifier
)
keys
.
map
(
&
:identifier
)
+
deploy_keys
.
map
(
&
:identifier
)
end
end
def
repository_writers
def
repository_writers
keys
=
Key
.
joins
({
:user
=>
:users_projects
}).
keys
=
Key
.
joins
({
:user
=>
:users_projects
}).
where
(
"users_projects.project_id = ? AND users_projects.
repo_access = ?"
,
id
,
Repository
::
REPO_RW
)
where
(
"users_projects.project_id = ? AND users_projects.
project_access = ?"
,
id
,
UsersProject
::
DEVELOPER
)
keys
.
map
(
&
:identifier
)
keys
.
map
(
&
:identifier
)
end
end
def
repository_masters
def
repository_masters
keys
=
Key
.
joins
({
:user
=>
:users_projects
}).
keys
=
Key
.
joins
({
:user
=>
:users_projects
}).
where
(
"users_projects.project_id = ? AND users_projects.
repo_access = ?"
,
id
,
Repository
::
REPO_
MASTER
)
where
(
"users_projects.project_id = ? AND users_projects.
project_access = ?"
,
id
,
UsersProject
::
MASTER
)
keys
.
map
(
&
:identifier
)
keys
.
map
(
&
:identifier
)
end
end
def
readers
def
readers
@readers
||=
users_projects
.
includes
(
:user
).
where
(
:project_access
=>
[
PROJECT_R
,
PROJECT_RW
,
PROJECT_RWA
]).
map
(
&
:user
)
@readers
||=
users_projects
.
includes
(
:user
).
map
(
&
:user
)
end
end
def
writers
def
writers
@writers
||=
users_projects
.
includes
(
:user
).
where
(
:project_access
=>
[
PROJECT_RW
,
PROJECT_RWA
]).
map
(
&
:user
)
@writers
||=
users_projects
.
includes
(
:user
).
map
(
&
:user
)
end
end
def
admins
def
admins
@admins
||=
users_projects
.
includes
(
:user
).
where
(
:project_access
=>
PROJECT_RWA
).
map
(
&
:user
)
@admins
||=
users_projects
.
includes
(
:user
).
where
(
:project_access
=>
UsersProject
::
MASTER
).
map
(
&
:user
)
end
end
def
allow_read_for?
(
user
)
def
allow_read_for?
(
user
)
!
users_projects
.
where
(
:user_id
=>
user
.
id
,
:project_access
=>
[
PROJECT_R
,
PROJECT_RW
,
PROJECT_RWA
]
).
empty?
!
users_projects
.
where
(
:user_id
=>
user
.
id
).
empty?
end
end
def
allow_write_for?
(
user
)
def
allow_write_for?
(
user
)
!
users_projects
.
where
(
:user_id
=>
user
.
id
,
:project_access
=>
[
PROJECT_RW
,
PROJECT_RWA
]
).
empty?
!
users_projects
.
where
(
:user_id
=>
user
.
id
).
empty?
end
end
def
allow_admin_for?
(
user
)
def
allow_admin_for?
(
user
)
!
users_projects
.
where
(
:user_id
=>
user
.
id
,
:project_access
=>
[
PROJECT_RWA
]).
empty?
||
owner_id
==
user
.
id
!
users_projects
.
where
(
:user_id
=>
user
.
id
,
:project_access
=>
[
UsersProject
::
MASTER
]).
empty?
||
owner_id
==
user
.
id
end
end
def
allow_pull_for?
(
user
)
def
allow_pull_for?
(
user
)
!
users_projects
.
where
(
:user_id
=>
user
.
id
,
:
repo_access
=>
[
Repository
::
REPO_R
,
Repository
::
REPO_RW
,
Repository
::
REPO_
MASTER
]).
empty?
!
users_projects
.
where
(
:user_id
=>
user
.
id
,
:
project_access
=>
[
UsersProject
::
REPORTER
,
UsersProject
::
DEVELOPER
,
UsersProject
::
MASTER
]).
empty?
end
end
def
root_ref
def
root_ref
...
...
app/models/repository.rb
View file @
1c62ec09
require
File
.
join
(
Rails
.
root
,
"lib"
,
"gitlabhq"
,
"git_host"
)
require
File
.
join
(
Rails
.
root
,
"lib"
,
"gitlabhq"
,
"git_host"
)
class
Repository
class
Repository
REPO_N
=
0
REPO_R
=
1
REPO_RW
=
2
REPO_MASTER
=
3
attr_accessor
:project
attr_accessor
:project
def
self
.
default_ref
def
self
.
default_ref
...
@@ -13,12 +8,7 @@ class Repository
...
@@ -13,12 +8,7 @@ class Repository
end
end
def
self
.
access_options
def
self
.
access_options
{
{}
"Denied"
=>
REPO_N
,
"Pull"
=>
REPO_R
,
"Pull & Push"
=>
REPO_RW
,
"Master"
=>
REPO_MASTER
}
end
end
def
initialize
(
project
)
def
initialize
(
project
)
...
...
app/models/users_project.rb
View file @
1c62ec09
class
UsersProject
<
ActiveRecord
::
Base
class
UsersProject
<
ActiveRecord
::
Base
REPORTER
=
21
GUEST
=
10
DEVELOPER
=
22
REPORTER
=
20
MASTER
=
33
DEVELOPER
=
30
MASTER
=
40
belongs_to
:user
belongs_to
:user
belongs_to
:project
belongs_to
:project
...
@@ -21,7 +22,6 @@ class UsersProject < ActiveRecord::Base
...
@@ -21,7 +22,6 @@ class UsersProject < ActiveRecord::Base
UsersProject
.
transaction
do
UsersProject
.
transaction
do
user_ids
.
each
do
|
user_id
|
user_ids
.
each
do
|
user_id
|
users_project
=
UsersProject
.
new
(
users_project
=
UsersProject
.
new
(
:repo_access
=>
repo_access
,
:project_access
=>
project_access
,
:project_access
=>
project_access
,
:user_id
=>
user_id
:user_id
=>
user_id
)
)
...
@@ -35,7 +35,6 @@ class UsersProject < ActiveRecord::Base
...
@@ -35,7 +35,6 @@ class UsersProject < ActiveRecord::Base
UsersProject
.
transaction
do
UsersProject
.
transaction
do
project_ids
.
each
do
|
project_id
|
project_ids
.
each
do
|
project_id
|
users_project
=
UsersProject
.
new
(
users_project
=
UsersProject
.
new
(
:repo_access
=>
repo_access
,
:project_access
=>
project_access
,
:project_access
=>
project_access
,
)
)
users_project
.
project_id
=
project_id
users_project
.
project_id
=
project_id
...
@@ -47,6 +46,7 @@ class UsersProject < ActiveRecord::Base
...
@@ -47,6 +46,7 @@ class UsersProject < ActiveRecord::Base
def
self
.
access_roles
def
self
.
access_roles
{
{
"Guest"
=>
GUEST
,
"Reporter"
=>
REPORTER
,
"Reporter"
=>
REPORTER
,
"Developer"
=>
DEVELOPER
,
"Developer"
=>
DEVELOPER
,
"Master"
=>
MASTER
"Master"
=>
MASTER
...
@@ -54,7 +54,7 @@ class UsersProject < ActiveRecord::Base
...
@@ -54,7 +54,7 @@ class UsersProject < ActiveRecord::Base
end
end
def
role_access
def
role_access
"
#{
project_access
}#{
repo_access
}
"
project_access
end
end
def
update_repository
def
update_repository
...
@@ -68,7 +68,7 @@ class UsersProject < ActiveRecord::Base
...
@@ -68,7 +68,7 @@ class UsersProject < ActiveRecord::Base
end
end
def
repo_access_human
def
repo_access_human
Repository
.
access_options
.
key
(
self
.
repo_access
)
""
end
end
end
end
# == Schema Information
# == Schema Information
...
...
app/views/admin/projects/show.html.haml
View file @
1c62ec09
...
@@ -53,7 +53,6 @@
...
@@ -53,7 +53,6 @@
%td
%td
=
link_to
tm
.
user_name
,
admin_users_path
(
tm
.
user
)
=
link_to
tm
.
user_name
,
admin_users_path
(
tm
.
user
)
%td
=
select_tag
:tm_project_access
,
options_for_select
(
Project
.
access_options
,
tm
.
project_access
),
:class
=>
"medium project-access-select"
,
:disabled
=>
:disabled
%td
=
select_tag
:tm_project_access
,
options_for_select
(
Project
.
access_options
,
tm
.
project_access
),
:class
=>
"medium project-access-select"
,
:disabled
=>
:disabled
%td
=
select_tag
:tm_repo_access
,
options_for_select
(
Repository
.
access_options
,
tm
.
repo_access
),
:class
=>
"medium repo-access-select"
,
:disabled
=>
:disabled
%td
=
link_to
'Edit Access'
,
edit_admin_team_member_path
(
tm
),
:class
=>
"btn small"
%td
=
link_to
'Edit Access'
,
edit_admin_team_member_path
(
tm
),
:class
=>
"btn small"
%td
=
link_to
'Remove from team'
,
admin_team_member_path
(
tm
),
:confirm
=>
'Are you sure?'
,
:method
=>
:delete
,
:class
=>
"btn danger small"
%td
=
link_to
'Remove from team'
,
admin_team_member_path
(
tm
),
:confirm
=>
'Are you sure?'
,
:method
=>
:delete
,
:class
=>
"btn danger small"
...
@@ -68,7 +67,6 @@
...
@@ -68,7 +67,6 @@
%tr
%tr
%td
=
select_tag
:user_ids
,
options_from_collection_for_select
(
@users
,
:id
,
:name
),
:multiple
=>
true
%td
=
select_tag
:user_ids
,
options_from_collection_for_select
(
@users
,
:id
,
:name
),
:multiple
=>
true
%td
=
select_tag
:project_access
,
options_for_select
(
Project
.
access_options
),
:class
=>
"project-access-select"
%td
=
select_tag
:project_access
,
options_for_select
(
Project
.
access_options
),
:class
=>
"project-access-select"
%td
=
select_tag
:repo_access
,
options_for_select
(
Repository
.
access_options
),
:class
=>
"repo-access-select"
.actions
.actions
=
submit_tag
'Add'
,
:class
=>
"btn primary"
=
submit_tag
'Add'
,
:class
=>
"btn primary"
...
...
app/views/admin/team_members/_form.html.haml
View file @
1c62ec09
...
@@ -10,10 +10,6 @@
...
@@ -10,10 +10,6 @@
.input
.input
=
f
.
select
:project_access
,
options_for_select
(
Project
.
access_options
,
@admin_team_member
.
project_access
),
{},
:class
=>
"project-access-select"
=
f
.
select
:project_access
,
options_for_select
(
Project
.
access_options
,
@admin_team_member
.
project_access
),
{},
:class
=>
"project-access-select"
.clearfix
%label
Repository Access:
.input
=
f
.
select
:repo_access
,
options_for_select
(
Repository
.
access_options
,
@admin_team_member
.
repo_access
),
{},
:class
=>
"repo-access-select"
%br
%br
.actions
.actions
=
f
.
submit
'Save'
,
:class
=>
"btn primary"
=
f
.
submit
'Save'
,
:class
=>
"btn primary"
...
...
app/views/admin/users/show.html.haml
View file @
1c62ec09
...
@@ -61,7 +61,6 @@
...
@@ -61,7 +61,6 @@
%tr
%tr
%td
=
link_to
project
.
name
,
admin_project_path
(
project
)
%td
=
link_to
project
.
name
,
admin_project_path
(
project
)
%td
=
select_tag
:tm_project_access
,
options_for_select
(
Project
.
access_options
,
tm
.
project_access
),
:class
=>
"medium project-access-select"
,
:disabled
=>
:disabled
%td
=
select_tag
:tm_project_access
,
options_for_select
(
Project
.
access_options
,
tm
.
project_access
),
:class
=>
"medium project-access-select"
,
:disabled
=>
:disabled
%td
=
select_tag
:tm_repo_access
,
options_for_select
(
Repository
.
access_options
,
tm
.
repo_access
),
:class
=>
"medium repo-access-select"
,
:disabled
=>
:disabled
%td
=
link_to
'Edit Access'
,
edit_admin_team_member_path
(
tm
),
:class
=>
"btn small"
%td
=
link_to
'Edit Access'
,
edit_admin_team_member_path
(
tm
),
:class
=>
"btn small"
%td
=
link_to
'Remove from team'
,
admin_team_member_path
(
tm
),
:confirm
=>
'Are you sure?'
,
:method
=>
:delete
,
:class
=>
"btn small danger"
%td
=
link_to
'Remove from team'
,
admin_team_member_path
(
tm
),
:confirm
=>
'Are you sure?'
,
:method
=>
:delete
,
:class
=>
"btn small danger"
...
@@ -76,7 +75,6 @@
...
@@ -76,7 +75,6 @@
%tr
%tr
%td
=
select_tag
:project_ids
,
options_from_collection_for_select
(
@projects
,
:id
,
:name
),
:multiple
=>
true
%td
=
select_tag
:project_ids
,
options_from_collection_for_select
(
@projects
,
:id
,
:name
),
:multiple
=>
true
%td
=
select_tag
:project_access
,
options_for_select
(
Project
.
access_options
),
:class
=>
"project-access-select"
%td
=
select_tag
:project_access
,
options_for_select
(
Project
.
access_options
),
:class
=>
"project-access-select"
%td
=
select_tag
:repo_access
,
options_for_select
(
Repository
.
access_options
),
:class
=>
"repo-access-select"
.actions
.actions
=
submit_tag
'Add'
,
:class
=>
"btn primary"
=
submit_tag
'Add'
,
:class
=>
"btn primary"
...
...
app/views/help/permissions.html.haml
View file @
1c62ec09
%h3
Permissions
%h3
Permissions
%hr
%hr
%h4
Reporter
%ul
%li
Create new issue
%li
Create new merge request
%li
Write on project wall
%h4
Reporter
%h4
Reporter
%ul
%ul
%li
Pull project code
%li
Pull project code
...
...
app/views/team_members/_form.html.haml
View file @
1c62ec09
...
@@ -14,18 +14,9 @@
...
@@ -14,18 +14,9 @@
.clearfix
.clearfix
=
f
.
label
:project_access
,
"Project Access"
=
f
.
label
:project_access
,
"Project Access"
.input
=
f
.
select
:_project_access
,
options_for_select
(
UsersProject
.
access_roles
,
@team_member
.
role_access
),
{},
:class
=>
"project-access-select"
.input
=
f
.
select
:project_access
,
options_for_select
(
Project
.
access_options
,
@team_member
.
project_access
),
{},
:class
=>
"project-access-select"
-#.clearfix
-#= f.label :project_access, "Project Access"
-#.input= f.select :project_access, options_for_select(Project.access_options, @team_member.project_access), {}, :class => "project-access-select"
-#.clearfix
-#= f.label :repo_access, "Repository Access"
-#.input= f.select :repo_access, options_for_select(Repository.access_options, @team_member.repo_access), {}, :class => "repo-access-select"
.actions
.actions
=
f
.
submit
'Save'
,
:class
=>
"btn primary"
=
f
.
submit
'Save'
,
:class
=>
"btn primary"
=
link_to
"Cancel"
,
team_project_path
(
@project
),
:class
=>
"btn"
=
link_to
"Cancel"
,
team_project_path
(
@project
),
:class
=>
"btn"
...
@@ -37,6 +28,6 @@
...
@@ -37,6 +28,6 @@
:javascript
:javascript
$
(
'
select#team_member_user_id
'
).
chosen
();
$
(
'
select#team_member_user_id
'
).
chosen
();
$
(
'
select#team_member_
_
project_access
'
).
chosen
();
$
(
'
select#team_member_project_access
'
).
chosen
();
//$('select#team_member_repo_access').chosen();
//$('select#team_member_repo_access').chosen();
//$('select#team_member_project_access').chosen();
//$('select#team_member_project_access').chosen();
app/views/team_members/_show.html.haml
View file @
1c62ec09
...
@@ -11,9 +11,6 @@
...
@@ -11,9 +11,6 @@
.span3
.span3
=
form_for
(
member
,
:as
=>
:team_member
,
:url
=>
project_team_member_path
(
@project
,
member
))
do
|
f
|
=
form_for
(
member
,
:as
=>
:team_member
,
:url
=>
project_team_member_path
(
@project
,
member
))
do
|
f
|
=
f
.
select
:_project_access
,
options_for_select
(
UsersProject
.
access_roles
,
member
.
role_access
),
{},
:class
=>
"medium project-access-select"
,
:disabled
=>
!
allow_admin
=
f
.
select
:project_access
,
options_for_select
(
UsersProject
.
access_roles
,
member
.
project_access
),
{},
:class
=>
"medium project-access-select"
,
:disabled
=>
!
allow_admin
-#.span3
-#= form_for(member, :as => :team_member, :url => project_team_member_path(@project, member)) do |f|
-#= f.select :repo_access, options_for_select(Repository.access_options, member.repo_access), {}, :class => "medium repo-access-select", :disabled => !allow_admin
-
if
@project
.
owner
==
user
-
if
@project
.
owner
==
user
%span
.label
Project Owner
%span
.label
Project Owner
app/views/team_members/show.html.haml
View file @
1c62ec09
...
@@ -28,13 +28,6 @@
...
@@ -28,13 +28,6 @@
=
form_for
(
@team_member
,
:as
=>
:team_member
,
:url
=>
project_team_member_path
(
@project
,
@team_member
))
do
|
f
|
=
form_for
(
@team_member
,
:as
=>
:team_member
,
:url
=>
project_team_member_path
(
@project
,
@team_member
))
do
|
f
|
=
f
.
select
:project_access
,
options_for_select
(
Project
.
access_options
,
@team_member
.
project_access
),
{},
:class
=>
"project-access-select"
,
:disabled
=>
!
allow_admin
=
f
.
select
:project_access
,
options_for_select
(
Project
.
access_options
,
@team_member
.
project_access
),
{},
:class
=>
"project-access-select"
,
:disabled
=>
!
allow_admin
%tr
%td
Repository Access
%td
=
form_for
(
@team_member
,
:as
=>
:team_member
,
:url
=>
project_team_member_path
(
@project
,
@team_member
))
do
|
f
|
=
f
.
select
:repo_access
,
options_for_select
(
Repository
.
access_options
,
@team_member
.
repo_access
),
{},
:class
=>
"repo-access-select"
,
:disabled
=>
!
allow_admin
-
unless
user
.
skype
.
empty?
-
unless
user
.
skype
.
empty?
%tr
%tr
%td
Skype:
%td
Skype:
...
...
app/views/widgets/_project_member.html.haml
View file @
1c62ec09
...
@@ -13,7 +13,6 @@
...
@@ -13,7 +13,6 @@
.span3
.span3
%span
.label
=
member
.
project_access_human
%span
.label
=
member
.
project_access_human
%span
.label
=
member
.
repo_access_human
-
if
can?
current_user
,
:write_project
,
@project
-
if
can?
current_user
,
:write_project
,
@project
-
if
@project
.
issues_enabled
&&
@project
.
merge_requests_enabled
-
if
@project
.
issues_enabled
&&
@project
.
merge_requests_enabled
...
...
db/migrate/20120216085842_move_to_roles_permissions.rb
0 → 100644
View file @
1c62ec09
class
MoveToRolesPermissions
<
ActiveRecord
::
Migration
def
up
repo_n
=
0
repo_r
=
1
repo_rw
=
2
project_rwa
=
3
UsersProject
.
update_all
[
"project_access = ?"
,
UsersProject
::
MASTER
],
[
"project_access = ?"
,
project_rwa
]
UsersProject
.
update_all
[
"project_access = ?"
,
UsersProject
::
DEVELOPER
],
[
"repo_access = ?"
,
repo_rw
]
UsersProject
.
update_all
[
"project_access = ?"
,
UsersProject
::
REPORTER
],
[
"repo_access = ?"
,
repo_r
]
UsersProject
.
update_all
[
"project_access = ?"
,
UsersProject
::
GUEST
],
[
"repo_access = ?"
,
repo_n
]
remove_column
:users_projects
,
:repo_access
end
def
down
end
end
db/schema.rb
View file @
1c62ec09
...
@@ -11,19 +11,7 @@
...
@@ -11,19 +11,7 @@
#
#
# It's strongly recommended to check this file into your version control system.
# It's strongly recommended to check this file into your version control system.
ActiveRecord
::
Schema
.
define
(
:version
=>
20120215182305
)
do
ActiveRecord
::
Schema
.
define
(
:version
=>
20120216085842
)
do
create_table
"features"
,
:force
=>
true
do
|
t
|
t
.
string
"name"
t
.
string
"branch_name"
t
.
integer
"assignee_id"
t
.
integer
"author_id"
t
.
integer
"project_id"
t
.
datetime
"created_at"
t
.
datetime
"updated_at"
t
.
string
"version"
t
.
integer
"status"
,
:default
=>
0
,
:null
=>
false
end
create_table
"issues"
,
:force
=>
true
do
|
t
|
create_table
"issues"
,
:force
=>
true
do
|
t
|
t
.
string
"title"
t
.
string
"title"
...
@@ -160,7 +148,6 @@ ActiveRecord::Schema.define(:version => 20120215182305) do
...
@@ -160,7 +148,6 @@ ActiveRecord::Schema.define(:version => 20120215182305) do
t
.
integer
"project_id"
,
:null
=>
false
t
.
integer
"project_id"
,
:null
=>
false
t
.
datetime
"created_at"
t
.
datetime
"created_at"
t
.
datetime
"updated_at"
t
.
datetime
"updated_at"
t
.
integer
"repo_access"
,
:default
=>
0
,
:null
=>
false
t
.
integer
"project_access"
,
:default
=>
0
,
:null
=>
false
t
.
integer
"project_access"
,
:default
=>
0
,
:null
=>
false
end
end
...
...
spec/models/note_spec.rb
View file @
1c62ec09
...
@@ -64,9 +64,8 @@ describe Note do
...
@@ -64,9 +64,8 @@ describe Note do
describe
:read
do
describe
:read
do
before
do
before
do
@p1
.
users_projects
.
create
(
:user
=>
@u1
,
:project_access
=>
Project
::
PROJECT_N
)
@p1
.
users_projects
.
create
(
:user
=>
@u2
,
:project_access
=>
UsersProject
::
GUEST
)
@p1
.
users_projects
.
create
(
:user
=>
@u2
,
:project_access
=>
Project
::
PROJECT_R
)
@p2
.
users_projects
.
create
(
:user
=>
@u3
,
:project_access
=>
UsersProject
::
GUEST
)
@p2
.
users_projects
.
create
(
:user
=>
@u3
,
:project_access
=>
Project
::
PROJECT_R
)
end
end
it
{
@abilities
.
allowed?
(
@u1
,
:read_note
,
@p1
).
should
be_false
}
it
{
@abilities
.
allowed?
(
@u1
,
:read_note
,
@p1
).
should
be_false
}
...
@@ -76,9 +75,8 @@ describe Note do
...
@@ -76,9 +75,8 @@ describe Note do
describe
:write
do
describe
:write
do
before
do
before
do
@p1
.
users_projects
.
create
(
:user
=>
@u1
,
:project_access
=>
Project
::
PROJECT_R
)
@p1
.
users_projects
.
create
(
:user
=>
@u2
,
:project_access
=>
UsersProject
::
DEVELOPER
)
@p1
.
users_projects
.
create
(
:user
=>
@u2
,
:project_access
=>
Project
::
PROJECT_RW
)
@p2
.
users_projects
.
create
(
:user
=>
@u3
,
:project_access
=>
UsersProject
::
DEVELOPER
)
@p2
.
users_projects
.
create
(
:user
=>
@u3
,
:project_access
=>
Project
::
PROJECT_RW
)
end
end
it
{
@abilities
.
allowed?
(
@u1
,
:write_note
,
@p1
).
should
be_false
}
it
{
@abilities
.
allowed?
(
@u1
,
:write_note
,
@p1
).
should
be_false
}
...
@@ -88,9 +86,9 @@ describe Note do
...
@@ -88,9 +86,9 @@ describe Note do
describe
:admin
do
describe
:admin
do
before
do
before
do
@p1
.
users_projects
.
create
(
:user
=>
@u1
,
:project_access
=>
Project
::
PROJECT_
R
)
@p1
.
users_projects
.
create
(
:user
=>
@u1
,
:project_access
=>
UsersProject
::
REPORTE
R
)
@p1
.
users_projects
.
create
(
:user
=>
@u2
,
:project_access
=>
Project
::
PROJECT_RWA
)
@p1
.
users_projects
.
create
(
:user
=>
@u2
,
:project_access
=>
UsersProject
::
MASTER
)
@p2
.
users_projects
.
create
(
:user
=>
@u3
,
:project_access
=>
Project
::
PROJECT_RWA
)
@p2
.
users_projects
.
create
(
:user
=>
@u3
,
:project_access
=>
UsersProject
::
MASTER
)
end
end
it
{
@abilities
.
allowed?
(
@u1
,
:admin_note
,
@p1
).
should
be_false
}
it
{
@abilities
.
allowed?
(
@u1
,
:admin_note
,
@p1
).
should
be_false
}
...
...
spec/models/project_security_spec.rb
View file @
1c62ec09
...
@@ -12,8 +12,7 @@ describe Project do
...
@@ -12,8 +12,7 @@ describe Project do
describe
"read access"
do
describe
"read access"
do
before
do
before
do
@p1
.
users_projects
.
create
(
:project
=>
@p1
,
:user
=>
@u1
,
:project_access
=>
Project
::
PROJECT_N
)
@p1
.
users_projects
.
create
(
:project
=>
@p1
,
:user
=>
@u2
,
:project_access
=>
UsersProject
::
REPORTER
)
@p1
.
users_projects
.
create
(
:project
=>
@p1
,
:user
=>
@u2
,
:project_access
=>
Project
::
PROJECT_R
)
end
end
it
{
@abilities
.
allowed?
(
@u1
,
:read_project
,
@p1
).
should
be_false
}
it
{
@abilities
.
allowed?
(
@u1
,
:read_project
,
@p1
).
should
be_false
}
...
@@ -22,8 +21,7 @@ describe Project do
...
@@ -22,8 +21,7 @@ describe Project do
describe
"write access"
do
describe
"write access"
do
before
do
before
do
@p1
.
users_projects
.
create
(
:project
=>
@p1
,
:user
=>
@u1
,
:project_access
=>
Project
::
PROJECT_R
)
@p1
.
users_projects
.
create
(
:project
=>
@p1
,
:user
=>
@u2
,
:project_access
=>
UsersProject
::
DEVELOPER
)
@p1
.
users_projects
.
create
(
:project
=>
@p1
,
:user
=>
@u2
,
:project_access
=>
Project
::
PROJECT_RW
)
end
end
it
{
@abilities
.
allowed?
(
@u1
,
:write_project
,
@p1
).
should
be_false
}
it
{
@abilities
.
allowed?
(
@u1
,
:write_project
,
@p1
).
should
be_false
}
...
@@ -32,8 +30,8 @@ describe Project do
...
@@ -32,8 +30,8 @@ describe Project do
describe
"admin access"
do
describe
"admin access"
do
before
do
before
do
@p1
.
users_projects
.
create
(
:project
=>
@p1
,
:user
=>
@u1
,
:project_access
=>
Project
::
PROJECT_RW
)
@p1
.
users_projects
.
create
(
:project
=>
@p1
,
:user
=>
@u1
,
:project_access
=>
UsersProject
::
DEVELOPER
)
@p1
.
users_projects
.
create
(
:project
=>
@p1
,
:user
=>
@u2
,
:project_access
=>
Project
::
PROJECT_RWA
)
@p1
.
users_projects
.
create
(
:project
=>
@p1
,
:user
=>
@u2
,
:project_access
=>
UsersProject
::
MASTER
)
end
end
it
{
@abilities
.
allowed?
(
@u1
,
:admin_project
,
@p1
).
should
be_false
}
it
{
@abilities
.
allowed?
(
@u1
,
:admin_project
,
@p1
).
should
be_false
}
...
...
spec/requests/projects_security_spec.rb
View file @
1c62ec09
...
@@ -20,11 +20,9 @@ describe "Projects" do
...
@@ -20,11 +20,9 @@ describe "Projects" do
@u2
=
Factory
:user
@u2
=
Factory
:user
@u3
=
Factory
:user
@u3
=
Factory
:user
# full access
# full access
@project
.
users_projects
.
create
(
:user
=>
@u1
,
:project_access
=>
Project
::
PROJECT_RWA
)
@project
.
users_projects
.
create
(
:user
=>
@u1
,
:project_access
=>
UsersProject
::
MASTER
)
# no access
@project
.
users_projects
.
create
(
:user
=>
@u2
,
:project_access
=>
Project
::
PROJECT_N
)
# readonly
# readonly
@project
.
users_projects
.
create
(
:user
=>
@u3
,
:project_access
=>
Project
::
PROJECT_
R
)
@project
.
users_projects
.
create
(
:user
=>
@u3
,
:project_access
=>
UsersProject
::
REPORTE
R
)
end
end
describe
"GET /project_code"
do
describe
"GET /project_code"
do
...
...
spec/requests/team_members_spec.rb
View file @
1c62ec09
...
@@ -31,8 +31,7 @@ describe "TeamMembers" do
...
@@ -31,8 +31,7 @@ describe "TeamMembers" do
before
do
before
do
within
"#new_team_member"
do
within
"#new_team_member"
do
select
@user_1
.
name
,
:from
=>
"team_member_user_id"
select
@user_1
.
name
,
:from
=>
"team_member_user_id"
select
"Report"
,
:from
=>
"team_member_project_access"
select
"Reporter"
,
:from
=>
"team_member_project_access"
select
"Pull"
,
:from
=>
"team_member_repo_access"
end
end
end
end
...
@@ -45,8 +44,7 @@ describe "TeamMembers" do
...
@@ -45,8 +44,7 @@ describe "TeamMembers" do
page
.
should
have_content
@user_1
.
name
page
.
should
have_content
@user_1
.
name
@member
.
reload
@member
.
reload
@member
.
project_access
.
should
==
Project
::
PROJECT_RW
@member
.
project_access
.
should
==
UsersProject
::
REPORTER
@member
.
repo_access
.
should
==
Repository
::
REPO_R
end
end
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment