Commit d145f09c authored by Marin Jankovski's avatar Marin Jankovski

Correct authorization for group milestones.

parent e66a8b4c
class Groups::MilestonesController < ApplicationController class Groups::MilestonesController < ApplicationController
layout 'group' layout 'group'
before_filter :authorize_group_milestone!, only: :update
def index def index
project_milestones = Milestone.where(project_id: group.projects) project_milestones = Milestone.where(project_id: group.projects)
@group_milestones = Milestones::GroupService.new(project_milestones).execute @group_milestones = Milestones::GroupService.new(project_milestones).execute
...@@ -47,4 +49,8 @@ class Groups::MilestonesController < ApplicationController ...@@ -47,4 +49,8 @@ class Groups::MilestonesController < ApplicationController
def status(state) def status(state)
@group_milestones.map{ |milestone| next if milestone.state != state; milestone }.compact @group_milestones.map{ |milestone| next if milestone.state != state; milestone }.compact
end end
def authorize_group_milestone!
return render_404 unless can?(current_user, :manage_group, group)
end
end end
...@@ -76,39 +76,4 @@ class GroupMilestone ...@@ -76,39 +76,4 @@ class GroupMilestone
def participants def participants
milestones.map{ |milestone| milestone.participants.uniq }.reject(&:empty?).flatten milestones.map{ |milestone| milestone.participants.uniq }.reject(&:empty?).flatten
end end
def filter_by(filter, entity)
if entity
milestones = self.milestones.sort_by(&:project_id)
entities = {}
milestones.each do |project_milestone|
next unless project_milestone.send(entity).any?
project_name = project_milestone.project.name
entities_by_state = state_filter(filter, project_milestone.send(entity))
entities.store(project_name, entities_by_state)
end
entities
else
{}
end
end
def state_filter(filter, entities)
if entities.present?
sorted_entities = entities.sort_by(&:position)
entities_by_state = case filter
when 'active'; sorted_entities.group_by(&:state)['opened']
when 'closed'; sorted_entities.group_by(&:state)['closed']
else sorted_entities
end
if entities_by_state.blank?
[]
else
entities_by_state
end
else
[]
end
end
end end
...@@ -24,6 +24,7 @@ ...@@ -24,6 +24,7 @@
- @group_milestones.each do |milestone| - @group_milestones.each do |milestone|
%li{class: "milestone milestone-#{milestone.closed? ? 'closed' : 'open'}", id: dom_id(milestone.milestones.first) } %li{class: "milestone milestone-#{milestone.closed? ? 'closed' : 'open'}", id: dom_id(milestone.milestones.first) }
.pull-right .pull-right
- if can?(current_user, :manage_group, @group)
- if milestone.closed? - if milestone.closed?
= link_to 'Reopen Milestone', group_milestone_path(@group, milestone.safe_title, milestone: {state_event: :activate }), method: :put, class: "btn btn-small btn-grouped" = link_to 'Reopen Milestone', group_milestone_path(@group, milestone.safe_title, milestone: {state_event: :activate }), method: :put, class: "btn btn-small btn-grouped"
- else - else
...@@ -32,10 +33,10 @@ ...@@ -32,10 +33,10 @@
= link_to_gfm truncate(milestone.title, length: 100), group_milestone_path(@group, milestone.safe_title) = link_to_gfm truncate(milestone.title, length: 100), group_milestone_path(@group, milestone.safe_title)
%div %div
%div %div
= link_to group_milestone_path(@group, milestone.safe_title) do = link_to group_milestone_path(@group, milestone.safe_title, anchor: 'tab-issues') do
= pluralize milestone.issue_count, 'Issue' = pluralize milestone.issue_count, 'Issue'
&nbsp; &nbsp;
= link_to group_milestone_path(@group, milestone.safe_title) do = link_to group_milestone_path(@group, milestone.safe_title, anchor: 'tab-merge-requests') do
= pluralize milestone.merge_requests_count, 'Merge Request' = pluralize milestone.merge_requests_count, 'Merge Request'
&nbsp; &nbsp;
%span.light #{milestone.percent_complete}% complete %span.light #{milestone.percent_complete}% complete
......
%h3.page-title %h3.page-title
Milestone #{@group_milestone.title} Milestone #{@group_milestone.title}
.pull-right .pull-right
- if can?(current_user, :manage_group, @group)
- if @group_milestone.active? - if @group_milestone.active?
= link_to 'Close Milestone', group_milestone_path(@group, @group_milestone.safe_title, milestone: {state_event: :close }), method: :put, class: "btn btn-small btn-remove" = link_to 'Close Milestone', group_milestone_path(@group, @group_milestone.safe_title, milestone: {state_event: :close }), method: :put, class: "btn btn-small btn-remove"
- else - else
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment