Commit 9f166a86 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'rename-abilities' into 'master'

Rename abilities to correspond contoller/model action names

write_ was renamed to create_
modify_  was renamed to update_

So now in update action we have next code

```
def create
  can?(current_user, :create_issue, @issue)
end

def update
  can?(current_user, :update_issue, @issue)
end
```

See merge request !896
parents 06ab7d89 7ca017b5
...@@ -6,10 +6,10 @@ class Projects::IssuesController < Projects::ApplicationController ...@@ -6,10 +6,10 @@ class Projects::IssuesController < Projects::ApplicationController
before_action :authorize_read_issue! before_action :authorize_read_issue!
# Allow write(create) issue # Allow write(create) issue
before_action :authorize_write_issue!, only: [:new, :create] before_action :authorize_create_issue!, only: [:new, :create]
# Allow modify issue # Allow modify issue
before_action :authorize_modify_issue!, only: [:edit, :update] before_action :authorize_update_issue!, only: [:edit, :update]
# Allow issues bulk update # Allow issues bulk update
before_action :authorize_admin_issues!, only: [:bulk_update] before_action :authorize_admin_issues!, only: [:bulk_update]
...@@ -122,8 +122,8 @@ class Projects::IssuesController < Projects::ApplicationController ...@@ -122,8 +122,8 @@ class Projects::IssuesController < Projects::ApplicationController
end end
end end
def authorize_modify_issue! def authorize_update_issue!
return render_404 unless can?(current_user, :modify_issue, @issue) return render_404 unless can?(current_user, :update_issue, @issue)
end end
def authorize_admin_issues! def authorize_admin_issues!
......
...@@ -14,10 +14,10 @@ class Projects::MergeRequestsController < Projects::ApplicationController ...@@ -14,10 +14,10 @@ class Projects::MergeRequestsController < Projects::ApplicationController
before_action :authorize_read_merge_request! before_action :authorize_read_merge_request!
# Allow write(create) merge_request # Allow write(create) merge_request
before_action :authorize_write_merge_request!, only: [:new, :create] before_action :authorize_create_merge_request!, only: [:new, :create]
# Allow modify merge_request # Allow modify merge_request
before_action :authorize_modify_merge_request!, only: [:close, :edit, :update, :sort] before_action :authorize_update_merge_request!, only: [:close, :edit, :update, :sort]
def index def index
terms = params['issue_search'] terms = params['issue_search']
...@@ -218,8 +218,8 @@ class Projects::MergeRequestsController < Projects::ApplicationController ...@@ -218,8 +218,8 @@ class Projects::MergeRequestsController < Projects::ApplicationController
@closes_issues ||= @merge_request.closes_issues @closes_issues ||= @merge_request.closes_issues
end end
def authorize_modify_merge_request! def authorize_update_merge_request!
return render_404 unless can?(current_user, :modify_merge_request, @merge_request) return render_404 unless can?(current_user, :update_merge_request, @merge_request)
end end
def authorize_admin_merge_request! def authorize_admin_merge_request!
......
class Projects::NotesController < Projects::ApplicationController class Projects::NotesController < Projects::ApplicationController
# Authorize # Authorize
before_action :authorize_read_note! before_action :authorize_read_note!
before_action :authorize_write_note!, only: [:create] before_action :authorize_create_note!, only: [:create]
before_action :authorize_admin_note!, only: [:update, :destroy] before_action :authorize_admin_note!, only: [:update, :destroy]
before_action :find_current_user_notes, except: [:destroy, :delete_attachment] before_action :find_current_user_notes, except: [:destroy, :delete_attachment]
......
...@@ -6,10 +6,10 @@ class Projects::SnippetsController < Projects::ApplicationController ...@@ -6,10 +6,10 @@ class Projects::SnippetsController < Projects::ApplicationController
before_action :authorize_read_project_snippet! before_action :authorize_read_project_snippet!
# Allow write(create) snippet # Allow write(create) snippet
before_action :authorize_write_project_snippet!, only: [:new, :create] before_action :authorize_create_project_snippet!, only: [:new, :create]
# Allow modify snippet # Allow modify snippet
before_action :authorize_modify_project_snippet!, only: [:edit, :update] before_action :authorize_update_project_snippet!, only: [:edit, :update]
# Allow destroy snippet # Allow destroy snippet
before_action :authorize_admin_project_snippet!, only: [:destroy] before_action :authorize_admin_project_snippet!, only: [:destroy]
...@@ -75,8 +75,8 @@ class Projects::SnippetsController < Projects::ApplicationController ...@@ -75,8 +75,8 @@ class Projects::SnippetsController < Projects::ApplicationController
@snippet ||= @project.snippets.find(params[:id]) @snippet ||= @project.snippets.find(params[:id])
end end
def authorize_modify_project_snippet! def authorize_update_project_snippet!
return render_404 unless can?(current_user, :modify_project_snippet, @snippet) return render_404 unless can?(current_user, :update_project_snippet, @snippet)
end end
def authorize_admin_project_snippet! def authorize_admin_project_snippet!
......
...@@ -2,7 +2,7 @@ require 'project_wiki' ...@@ -2,7 +2,7 @@ require 'project_wiki'
class Projects::WikisController < Projects::ApplicationController class Projects::WikisController < Projects::ApplicationController
before_action :authorize_read_wiki! before_action :authorize_read_wiki!
before_action :authorize_write_wiki!, only: [:edit, :create, :history] before_action :authorize_create_wiki!, only: [:edit, :create, :history]
before_action :authorize_admin_wiki!, only: :destroy before_action :authorize_admin_wiki!, only: :destroy
before_action :load_project_wiki before_action :load_project_wiki
include WikiHelper include WikiHelper
...@@ -28,7 +28,7 @@ class Projects::WikisController < Projects::ApplicationController ...@@ -28,7 +28,7 @@ class Projects::WikisController < Projects::ApplicationController
) )
end end
else else
return render('empty') unless can?(current_user, :write_wiki, @project) return render('empty') unless can?(current_user, :create_wiki, @project)
@page = WikiPage.new(@project_wiki) @page = WikiPage.new(@project_wiki)
@page.title = params[:id] @page.title = params[:id]
...@@ -43,7 +43,7 @@ class Projects::WikisController < Projects::ApplicationController ...@@ -43,7 +43,7 @@ class Projects::WikisController < Projects::ApplicationController
def update def update
@page = @project_wiki.find_page(params[:id]) @page = @project_wiki.find_page(params[:id])
return render('empty') unless can?(current_user, :write_wiki, @project) return render('empty') unless can?(current_user, :create_wiki, @project)
if @page.update(content, format, message) if @page.update(content, format, message)
redirect_to( redirect_to(
......
...@@ -2,7 +2,7 @@ class SnippetsController < ApplicationController ...@@ -2,7 +2,7 @@ class SnippetsController < ApplicationController
before_action :snippet, only: [:show, :edit, :destroy, :update, :raw] before_action :snippet, only: [:show, :edit, :destroy, :update, :raw]
# Allow modify snippet # Allow modify snippet
before_action :authorize_modify_snippet!, only: [:edit, :update] before_action :authorize_update_snippet!, only: [:edit, :update]
# Allow destroy snippet # Allow destroy snippet
before_action :authorize_admin_snippet!, only: [:destroy] before_action :authorize_admin_snippet!, only: [:destroy]
...@@ -87,8 +87,8 @@ class SnippetsController < ApplicationController ...@@ -87,8 +87,8 @@ class SnippetsController < ApplicationController
end end
end end
def authorize_modify_snippet! def authorize_update_snippet!
return render_404 unless can?(current_user, :modify_personal_snippet, @snippet) return render_404 unless can?(current_user, :update_personal_snippet, @snippet)
end end
def authorize_admin_snippet! def authorize_admin_snippet!
......
...@@ -68,6 +68,7 @@ class Ability ...@@ -68,6 +68,7 @@ class Ability
def project_abilities(user, project) def project_abilities(user, project)
rules = [] rules = []
key = "/user/#{user.id}/project/#{project.id}" key = "/user/#{user.id}/project/#{project.id}"
RequestStore.store[key] ||= begin RequestStore.store[key] ||= begin
team = project.team team = project.team
...@@ -144,9 +145,9 @@ class Ability ...@@ -144,9 +145,9 @@ class Ability
:read_project_member, :read_project_member,
:read_merge_request, :read_merge_request,
:read_note, :read_note,
:write_project, :create_project,
:write_issue, :create_issue,
:write_note :create_note
] ]
end end
...@@ -154,15 +155,15 @@ class Ability ...@@ -154,15 +155,15 @@ class Ability
project_guest_rules + [ project_guest_rules + [
:download_code, :download_code,
:fork_project, :fork_project,
:write_project_snippet :create_project_snippet
] ]
end end
def project_dev_rules def project_dev_rules
project_report_rules + [ project_report_rules + [
:write_merge_request, :create_merge_request,
:write_wiki, :create_wiki,
:modify_issue, :update_issue,
:admin_issue, :admin_issue,
:admin_label, :admin_label,
:push_code :push_code
...@@ -171,10 +172,10 @@ class Ability ...@@ -171,10 +172,10 @@ class Ability
def project_archived_rules def project_archived_rules
[ [
:write_merge_request, :create_merge_request,
:push_code, :push_code,
:push_code_to_protected_branches, :push_code_to_protected_branches,
:modify_merge_request, :update_merge_request,
:admin_merge_request :admin_merge_request
] ]
end end
...@@ -182,9 +183,8 @@ class Ability ...@@ -182,9 +183,8 @@ class Ability
def project_master_rules def project_master_rules
project_dev_rules + [ project_dev_rules + [
:push_code_to_protected_branches, :push_code_to_protected_branches,
:modify_issue, :update_project_snippet,
:modify_project_snippet, :update_merge_request,
:modify_merge_request,
:admin_milestone, :admin_milestone,
:admin_project_snippet, :admin_project_snippet,
:admin_project_member, :admin_project_member,
...@@ -244,30 +244,40 @@ class Ability ...@@ -244,30 +244,40 @@ class Ability
rules.flatten rules.flatten
end end
[:issue, :note, :project_snippet, :personal_snippet, :merge_request].each do |name|
[:issue, :merge_request].each do |name|
define_method "#{name}_abilities" do |user, subject| define_method "#{name}_abilities" do |user, subject|
if subject.author == user || user.is_admin? rules = []
rules = [
if subject.author == user || (subject.respond_to?(:assignee) && subject.assignee == user)
rules += [
:"read_#{name}", :"read_#{name}",
:"write_#{name}", :"update_#{name}",
:"modify_#{name}",
:"admin_#{name}"
] ]
rules.push(:change_visibility_level) if subject.is_a?(Snippet) end
rules += project_abilities(user, subject.project)
rules rules
elsif subject.respond_to?(:assignee) && subject.assignee == user end
[ end
[:note, :project_snippet, :personal_snippet].each do |name|
define_method "#{name}_abilities" do |user, subject|
rules = []
if subject.author == user
rules += [
:"read_#{name}", :"read_#{name}",
:"write_#{name}", :"update_#{name}",
:"modify_#{name}", :"admin_#{name}"
] ]
else
if subject.respond_to?(:project) && subject.project
project_abilities(user, subject.project)
else
[]
end end
if subject.respond_to?(:project) && subject.project
rules += project_abilities(user, subject.project)
end end
rules
end end
end end
...@@ -276,13 +286,16 @@ class Ability ...@@ -276,13 +286,16 @@ class Ability
target_user = subject.user target_user = subject.user
group = subject.group group = subject.group
can_manage = group_abilities(user, group).include?(:admin_group) can_manage = group_abilities(user, group).include?(:admin_group)
if can_manage && (user != target_user) if can_manage && (user != target_user)
rules << :modify_group_member rules << :update_group_member
rules << :destroy_group_member rules << :destroy_group_member
end end
if !group.last_owner?(user) && (can_manage || (user == target_user)) if !group.last_owner?(user) && (can_manage || (user == target_user))
rules << :destroy_group_member rules << :destroy_group_member
end end
rules rules
end end
...@@ -299,8 +312,8 @@ class Ability ...@@ -299,8 +312,8 @@ class Ability
def named_abilities(name) def named_abilities(name)
[ [
:"read_#{name}", :"read_#{name}",
:"write_#{name}", :"create_#{name}",
:"modify_#{name}", :"update_#{name}",
:"admin_#{name}" :"admin_#{name}"
] ]
end end
......
...@@ -10,7 +10,7 @@ module Issues ...@@ -10,7 +10,7 @@ module Issues
issues = Issue.where(id: issues_ids) issues = Issue.where(id: issues_ids)
issues.each do |issue| issues.each do |issue|
next unless can?(current_user, :modify_issue, issue) next unless can?(current_user, :update_issue, issue)
Issues::UpdateService.new(issue.project, current_user, issue_params).execute(issue) Issues::UpdateService.new(issue.project, current_user, issue_params).execute(issue)
end end
......
...@@ -9,9 +9,9 @@ class UpdateSnippetService < BaseService ...@@ -9,9 +9,9 @@ class UpdateSnippetService < BaseService
def execute def execute
# check that user is allowed to set specified visibility_level # check that user is allowed to set specified visibility_level
new_visibility = params[:visibility_level] new_visibility = params[:visibility_level]
if new_visibility && new_visibility.to_i != snippet.visibility_level if new_visibility && new_visibility.to_i != snippet.visibility_level
unless can?(current_user, :change_visibility_level, snippet) && unless Gitlab::VisibilityLevel.allowed_for?(current_user, new_visibility)
Gitlab::VisibilityLevel.allowed_for?(current_user, new_visibility)
deny_visibility_level(snippet, new_visibility) deny_visibility_level(snippet, new_visibility)
return snippet return snippet
end end
......
...@@ -32,7 +32,7 @@ ...@@ -32,7 +32,7 @@
%span.pull-right %span.pull-right
%strong= member.human_access %strong= member.human_access
- if show_controls - if show_controls
- if can?(current_user, :modify_group_member, member) - if can?(current_user, :update_group_member, member)
= button_tag class: "btn-xs btn js-toggle-button", = button_tag class: "btn-xs btn js-toggle-button",
title: 'Edit access level', type: 'button' do title: 'Edit access level', type: 'button' do
%i.fa.fa-pencil-square-o %i.fa.fa-pencil-square-o
......
...@@ -22,11 +22,11 @@ ...@@ -22,11 +22,11 @@
Contribution guide Contribution guide
.actions .actions
- if can? current_user, :write_issue, @project - if can? current_user, :create_issue, @project
= link_to url_for_new_issue(@project, only_path: true), title: "New Issue", class: 'btn btn-sm append-right-10' do = link_to url_for_new_issue(@project, only_path: true), title: "New Issue", class: 'btn btn-sm append-right-10' do
New Issue New Issue
- if can? current_user, :write_merge_request, @project - if can? current_user, :create_merge_request, @project
= link_to new_namespace_project_merge_request_path(@project.namespace, @project), class: "btn btn-sm", title: "New Merge Request" do = link_to new_namespace_project_merge_request_path(@project.namespace, @project), class: "btn btn-sm", title: "New Merge Request" do
New Merge Request New Merge Request
......
...@@ -18,7 +18,7 @@ ...@@ -18,7 +18,7 @@
- elsif type_left == 'old' || type_left.nil? - elsif type_left == 'old' || type_left.nil?
%td.old_line{id: line_code_left, class: "#{type_left}"} %td.old_line{id: line_code_left, class: "#{type_left}"}
= link_to raw(line_number_left), "##{line_code_left}", id: line_code_left = link_to raw(line_number_left), "##{line_code_left}", id: line_code_left
- if @comments_allowed && can?(current_user, :write_note, @project) - if @comments_allowed && can?(current_user, :create_note, @project)
= link_to_new_diff_note(line_code_left, 'old') = link_to_new_diff_note(line_code_left, 'old')
%td.line_content{class: "parallel noteable_line #{type_left} #{line_code_left}", "line_code" => line_code_left }= raw line_content_left %td.line_content{class: "parallel noteable_line #{type_left} #{line_code_left}", "line_code" => line_code_left }= raw line_content_left
...@@ -31,7 +31,7 @@ ...@@ -31,7 +31,7 @@
%td.new_line{id: new_line_code, class: "#{new_line_class}", data: { linenumber: line_number_right }} %td.new_line{id: new_line_code, class: "#{new_line_class}", data: { linenumber: line_number_right }}
= link_to raw(line_number_right), "##{new_line_code}", id: new_line_code = link_to raw(line_number_right), "##{new_line_code}", id: new_line_code
- if @comments_allowed && can?(current_user, :write_note, @project) - if @comments_allowed && can?(current_user, :create_note, @project)
= link_to_new_diff_note(line_code_right, 'new') = link_to_new_diff_note(line_code_right, 'new')
%td.line_content.parallel{class: "noteable_line #{new_line_class} #{new_line_code}", "line_code" => new_line_code}= raw line_content_right %td.line_content.parallel{class: "noteable_line #{new_line_class} #{new_line_code}", "line_code" => new_line_code}= raw line_content_right
......
...@@ -16,7 +16,7 @@ ...@@ -16,7 +16,7 @@
- else - else
%td.old_line %td.old_line
= link_to raw(type == "new" ? "&nbsp;" : line_old), "##{line_code}", id: line_code = link_to raw(type == "new" ? "&nbsp;" : line_old), "##{line_code}", id: line_code
- if @comments_allowed && can?(current_user, :write_note, @project) - if @comments_allowed && can?(current_user, :create_note, @project)
= link_to_new_diff_note(line_code) = link_to_new_diff_note(line_code)
%td.new_line{data: {linenumber: line.new_pos}} %td.new_line{data: {linenumber: line.new_pos}}
= link_to raw(type == "old" ? "&nbsp;" : line.new_pos) , "##{line_code}", id: line_code = link_to raw(type == "old" ? "&nbsp;" : line.new_pos) , "##{line_code}", id: line_code
......
- content_for :note_actions do - content_for :note_actions do
- if can?(current_user, :modify_issue, @issue) - if can?(current_user, :update_issue, @issue)
- if @issue.closed? - if @issue.closed?
= link_to 'Reopen Issue', issue_path(@issue, issue: {state_event: :reopen}, status_only: true), method: :put, class: 'btn btn-grouped btn-reopen js-note-target-reopen', title: 'Reopen Issue' = link_to 'Reopen Issue', issue_path(@issue, issue: {state_event: :reopen}, status_only: true), method: :put, class: 'btn btn-grouped btn-reopen js-note-target-reopen', title: 'Reopen Issue'
- else - else
......
...@@ -13,7 +13,7 @@ ...@@ -13,7 +13,7 @@
= render 'shared/issuable/search_form', path: namespace_project_issues_path(@project.namespace, @project) = render 'shared/issuable/search_form', path: namespace_project_issues_path(@project.namespace, @project)
- if can? current_user, :write_issue, @project - if can? current_user, :create_issue, @project
= link_to new_namespace_project_issue_path(@project.namespace, @project, issue: { assignee_id: @issuable_finder.assignee.try(:id), milestone_id: @issuable_finder.milestones.try(:first).try(:id) }), class: "btn btn-new pull-left", title: "New Issue", id: "new_issue_link" do = link_to new_namespace_project_issue_path(@project.namespace, @project, issue: { assignee_id: @issuable_finder.assignee.try(:id), milestone_id: @issuable_finder.milestones.try(:first).try(:id) }), class: "btn btn-new pull-left", title: "New Issue", id: "new_issue_link" do
%i.fa.fa-plus %i.fa.fa-plus
New Issue New Issue
......
...@@ -12,11 +12,11 @@ ...@@ -12,11 +12,11 @@
&middot; created by #{link_to_member(@project, @issue.author)} #{issue_timestamp(@issue)} &middot; created by #{link_to_member(@project, @issue.author)} #{issue_timestamp(@issue)}
.pull-right .pull-right
- if can?(current_user, :write_issue, @project) - if can?(current_user, :create_issue, @project)
= link_to new_namespace_project_issue_path(@project.namespace, @project), class: 'btn btn-grouped new-issue-link', title: 'New Issue', id: 'new_issue_link' do = link_to new_namespace_project_issue_path(@project.namespace, @project), class: 'btn btn-grouped new-issue-link', title: 'New Issue', id: 'new_issue_link' do
= icon('plus') = icon('plus')
New Issue New Issue
- if can?(current_user, :modify_issue, @issue) - if can?(current_user, :update_issue, @issue)
- if @issue.closed? - if @issue.closed?
= link_to 'Reopen', issue_path(@issue, issue: {state_event: :reopen}, status_only: true), method: :put, class: 'btn btn-grouped btn-reopen' = link_to 'Reopen', issue_path(@issue, issue: {state_event: :reopen}, status_only: true), method: :put, class: 'btn btn-grouped btn-reopen'
- else - else
...@@ -31,7 +31,7 @@ ...@@ -31,7 +31,7 @@
= gfm escape_once(@issue.title) = gfm escape_once(@issue.title)
%div %div
- if @issue.description.present? - if @issue.description.present?
.description{class: can?(current_user, :modify_issue, @issue) ? 'js-task-list-container' : ''} .description{class: can?(current_user, :update_issue, @issue) ? 'js-task-list-container' : ''}
.wiki .wiki
= preserve do = preserve do
= markdown(@issue.description) = markdown(@issue.description)
......
- content_for :note_actions do - content_for :note_actions do
- if can?(current_user, :modify_merge_request, @merge_request) - if can?(current_user, :update_merge_request, @merge_request)
- if @merge_request.open? - if @merge_request.open?
= link_to 'Close', merge_request_path(@merge_request, merge_request: {state_event: :close }), method: :put, class: "btn btn-grouped btn-close close-mr-link js-note-target-close", title: "Close merge request" = link_to 'Close', merge_request_path(@merge_request, merge_request: {state_event: :close }), method: :put, class: "btn btn-grouped btn-close close-mr-link js-note-target-close", title: "Close merge request"
- if @merge_request.closed? - if @merge_request.closed?
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
.pull-right .pull-right
= render 'shared/issuable/search_form', path: namespace_project_merge_requests_path(@project.namespace, @project) = render 'shared/issuable/search_form', path: namespace_project_merge_requests_path(@project.namespace, @project)
- if can? current_user, :write_merge_request, @project - if can? current_user, :create_merge_request, @project
.pull-left.hidden-xs .pull-left.hidden-xs
= link_to new_namespace_project_merge_request_path(@project.namespace, @project), class: "btn btn-new", title: "New Merge Request" do = link_to new_namespace_project_merge_request_path(@project.namespace, @project), class: "btn btn-new", title: "New Merge Request" do
%i.fa.fa-plus %i.fa.fa-plus
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
%div %div
- if @merge_request.description.present? - if @merge_request.description.present?
.description{class: can?(current_user, :modify_merge_request, @merge_request) ? 'js-task-list-container' : ''} .description{class: can?(current_user, :update_merge_request, @merge_request) ? 'js-task-list-container' : ''}
.wiki .wiki
= preserve do = preserve do
= markdown(@merge_request.description) = markdown(@merge_request.description)
......
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
created by #{link_to_member(@project, @merge_request.author)} #{time_ago_with_tooltip(@merge_request.created_at)} created by #{link_to_member(@project, @merge_request.author)} #{time_ago_with_tooltip(@merge_request.created_at)}
.issue-btn-group.pull-right .issue-btn-group.pull-right
- if can?(current_user, :modify_merge_request, @merge_request) - if can?(current_user, :update_merge_request, @merge_request)
- if @merge_request.open? - if @merge_request.open?
= link_to 'Close', merge_request_path(@merge_request, merge_request: { state_event: :close }), method: :put, class: "btn btn-grouped btn-close", title: "Close merge request" = link_to 'Close', merge_request_path(@merge_request, merge_request: { state_event: :close }), method: :put, class: "btn btn-grouped btn-close", title: "Close merge request"
= link_to edit_namespace_project_merge_request_path(@project.namespace, @project, @merge_request), class: "btn btn-grouped issuable-edit", id: "edit_merge_request" do = link_to edit_namespace_project_merge_request_path(@project.namespace, @project, @merge_request), class: "btn btn-grouped issuable-edit", id: "edit_merge_request" do
......
...@@ -62,7 +62,7 @@ ...@@ -62,7 +62,7 @@
%span.badge= @users.count %span.badge= @users.count
.pull-right .pull-right
- if can?(current_user, :write_issue, @project) - if can?(current_user, :create_issue, @project)
= link_to new_namespace_project_issue_path(@project.namespace, @project, issue: { milestone_id: @milestone.id }), class: "btn btn-grouped", title: "New Issue" do = link_to new_namespace_project_issue_path(@project.namespace, @project, issue: { milestone_id: @milestone.id }), class: "btn btn-grouped", title: "New Issue" do
%i.fa.fa-plus %i.fa.fa-plus
New Issue New Issue
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
.js-notes-busy .js-notes-busy
.js-main-target-form .js-main-target-form
- if can? current_user, :write_note, @project - if can? current_user, :create_note, @project
= render "projects/notes/form", view: params[:view] = render "projects/notes/form", view: params[:view]
:javascript :javascript
......
- page_title "Snippets" - page_title "Snippets"
%h3.page-title %h3.page-title
Snippets Snippets
- if can? current_user, :write_project_snippet, @project - if can? current_user, :create_project_snippet, @project
= link_to new_namespace_project_snippet_path(@project.namespace, @project), class: "btn btn-new pull-right", title: "New Snippet" do = link_to new_namespace_project_snippet_path(@project.namespace, @project), class: "btn btn-new pull-right", title: "New Snippet" do
Add new snippet Add new snippet
......
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
= @snippet.file_name = @snippet.file_name
.file-actions .file-actions
.btn-group .btn-group
- if can?(current_user, :modify_project_snippet, @snippet) - if can?(current_user, :update_project_snippet, @snippet)
= link_to "edit", edit_namespace_project_snippet_path(@project.namespace, @project, @snippet), class: "btn btn-sm", title: 'Edit Snippet' = link_to "edit", edit_namespace_project_snippet_path(@project.namespace, @project, @snippet), class: "btn btn-sm", title: 'Edit Snippet'
= link_to "raw", raw_namespace_project_snippet_path(@project.namespace, @project, @snippet), class: "btn btn-sm", target: "_blank" = link_to "raw", raw_namespace_project_snippet_path(@project.namespace, @project, @snippet), class: "btn btn-sm", target: "_blank"
- if can?(current_user, :admin_project_snippet, @snippet) - if can?(current_user, :admin_project_snippet, @snippet)
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
- if (@page && @page.persisted?) - if (@page && @page.persisted?)
= link_to history_namespace_project_wiki_path(@project.namespace, @project, @page), class: "btn btn-grouped" do = link_to history_namespace_project_wiki_path(@project.namespace, @project, @page), class: "btn btn-grouped" do
Page History Page History
- if can?(current_user, :write_wiki, @project) - if can?(current_user, :create_wiki, @project)
= link_to edit_namespace_project_wiki_path(@project.namespace, @project, @page), class: "btn btn-grouped" do = link_to edit_namespace_project_wiki_path(@project.namespace, @project, @page), class: "btn btn-grouped" do
%i.fa.fa-pencil-square-o %i.fa.fa-pencil-square-o
Edit Edit
...@@ -10,7 +10,7 @@ ...@@ -10,7 +10,7 @@
%i.fa.fa-download %i.fa.fa-download
Git Access Git Access
- if can?(current_user, :write_wiki, @project) - if can?(current_user, :create_wiki, @project)
.pull-right .pull-right
= link_to '#modal-new-wiki', class: "add-new-wiki btn btn-new", "data-toggle" => "modal" do = link_to '#modal-new-wiki', class: "add-new-wiki btn btn-new", "data-toggle" => "modal" do
%i.fa.fa-plus %i.fa.fa-plus
......
...@@ -36,7 +36,7 @@ ...@@ -36,7 +36,7 @@
= @snippet.file_name = @snippet.file_name
.file-actions .file-actions
.btn-group .btn-group
- if can?(current_user, :modify_personal_snippet, @snippet) - if can?(current_user, :update_personal_snippet, @snippet)
= link_to "edit", edit_snippet_path(@snippet), class: "btn btn-sm", title: 'Edit Snippet' = link_to "edit", edit_snippet_path(@snippet), class: "btn btn-sm", title: 'Edit Snippet'
= link_to "raw", raw_snippet_path(@snippet), class: "btn btn-sm", target: "_blank" = link_to "raw", raw_snippet_path(@snippet), class: "btn btn-sm", target: "_blank"
- if can?(current_user, :admin_personal_snippet, @snippet) - if can?(current_user, :admin_personal_snippet, @snippet)
......
...@@ -144,7 +144,7 @@ module API ...@@ -144,7 +144,7 @@ module API
# PUT /projects/:id/issues/:issue_id # PUT /projects/:id/issues/:issue_id
put ":id/issues/:issue_id" do put ":id/issues/:issue_id" do
issue = user_project.issues.find(params[:issue_id]) issue = user_project.issues.find(params[:issue_id])
authorize! :modify_issue, issue authorize! :update_issue, issue
attrs = attributes_for_keys [:title, :description, :assignee_id, :milestone_id, :state_event] attrs = attributes_for_keys [:title, :description, :assignee_id, :milestone_id, :state_event]
# Validate label names in advance # Validate label names in advance
......
...@@ -109,7 +109,7 @@ module API ...@@ -109,7 +109,7 @@ module API
# POST /projects/:id/merge_requests # POST /projects/:id/merge_requests
# #
post ":id/merge_requests" do post ":id/merge_requests" do
authorize! :write_merge_request, user_project authorize! :create_merge_request, user_project
required_attributes! [:source_branch, :target_branch, :title] required_attributes! [:source_branch, :target_branch, :title]
attrs = attributes_for_keys [:source_branch, :target_branch, :assignee_id, :title, :target_project_id, :description] attrs = attributes_for_keys [:source_branch, :target_branch, :assignee_id, :title, :target_project_id, :description]
...@@ -149,7 +149,7 @@ module API ...@@ -149,7 +149,7 @@ module API
put ":id/merge_request/:merge_request_id" do put ":id/merge_request/:merge_request_id" do
attrs = attributes_for_keys [:target_branch, :assignee_id, :title, :state_event, :description] attrs = attributes_for_keys [:target_branch, :assignee_id, :title, :state_event, :description]
merge_request = user_project.merge_requests.find(params[:merge_request_id]) merge_request = user_project.merge_requests.find(params[:merge_request_id])
authorize! :modify_merge_request, merge_request authorize! :update_merge_request, merge_request
# Ensure source_branch is not specified # Ensure source_branch is not specified
if params[:source_branch].present? if params[:source_branch].present?
......
...@@ -46,7 +46,7 @@ module API ...@@ -46,7 +46,7 @@ module API
# Example Request: # Example Request:
# POST /projects/:id/snippets # POST /projects/:id/snippets
post ":id/snippets" do post ":id/snippets" do
authorize! :write_project_snippet, user_project authorize! :create_project_snippet, user_project
required_attributes! [:title, :file_name, :code, :visibility_level] required_attributes! [:title, :file_name, :code, :visibility_level]
attrs = attributes_for_keys [:title, :file_name, :visibility_level] attrs = attributes_for_keys [:title, :file_name, :visibility_level]
...@@ -74,7 +74,7 @@ module API ...@@ -74,7 +74,7 @@ module API
# PUT /projects/:id/snippets/:snippet_id # PUT /projects/:id/snippets/:snippet_id
put ":id/snippets/:snippet_id" do put ":id/snippets/:snippet_id" do
@snippet = user_project.snippets.find(params[:snippet_id]) @snippet = user_project.snippets.find(params[:snippet_id])
authorize! :modify_project_snippet, @snippet authorize! :update_project_snippet, @snippet
attrs = attributes_for_keys [:title, :file_name, :visibility_level] attrs = attributes_for_keys [:title, :file_name, :visibility_level]
attrs[:content] = params[:code] if params[:code].present? attrs[:content] = params[:code] if params[:code].present?
...@@ -98,7 +98,7 @@ module API ...@@ -98,7 +98,7 @@ module API
delete ":id/snippets/:snippet_id" do delete ":id/snippets/:snippet_id" do
begin begin
@snippet = user_project.snippets.find(params[:snippet_id]) @snippet = user_project.snippets.find(params[:snippet_id])
authorize! :modify_project_snippet, @snippet authorize! :update_project_snippet, @snippet
@snippet.destroy @snippet.destroy
rescue rescue
not_found!('Snippet') not_found!('Snippet')
......
module Gitlab module Gitlab
class GitAccessWiki < GitAccess class GitAccessWiki < GitAccess
def change_access_check(change) def change_access_check(change)
if user.can?(:write_wiki, project) if user.can?(:create_wiki, project)
build_status_object(true) build_status_object(true)
else else
build_status_object(false, "You are not allowed to write to this project's wiki.") build_status_object(false, "You are not allowed to write to this project's wiki.")
......
...@@ -43,7 +43,7 @@ describe ProjectMember do ...@@ -43,7 +43,7 @@ describe ProjectMember do
it { expect(@project_2.users).to include(@user_1) } it { expect(@project_2.users).to include(@user_1) }
it { expect(@project_2.users).to include(@user_2) } it { expect(@project_2.users).to include(@user_2) }
it { expect(@abilities.allowed?(@user_1, :write_project, @project_2)).to be_truthy } it { expect(@abilities.allowed?(@user_1, :create_project, @project_2)).to be_truthy }
it { expect(@abilities.allowed?(@user_2, :read_project, @project_2)).to be_truthy } it { expect(@abilities.allowed?(@user_2, :read_project, @project_2)).to be_truthy }
end end
......
...@@ -172,9 +172,9 @@ describe Note do ...@@ -172,9 +172,9 @@ describe Note do
@p2.project_members.create(user: @u3, access_level: ProjectMember::DEVELOPER) @p2.project_members.create(user: @u3, access_level: ProjectMember::DEVELOPER)
end end
it { expect(@abilities.allowed?(@u1, :write_note, @p1)).to be_falsey } it { expect(@abilities.allowed?(@u1, :create_note, @p1)).to be_falsey }
it { expect(@abilities.allowed?(@u2, :write_note, @p1)).to be_truthy } it { expect(@abilities.allowed?(@u2, :create_note, @p1)).to be_truthy }
it { expect(@abilities.allowed?(@u3, :write_note, @p1)).to be_falsey } it { expect(@abilities.allowed?(@u3, :create_note, @p1)).to be_falsey }
end end
describe 'admin' do describe 'admin' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment