allow/deny user to create group/team

00e4a479 · Dmitriy Zaporozhets · 585a53c4 · 00e4a479 · 00e4a479 · 00e4a479
Commit 00e4a479 authored Jan 25, 2013 by Dmitriy Zaporozhets
4 changed files
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -6,6 +6,7 @@ class GroupsController < ApplicationController
  # Authorize
  before_filter :authorize_read_group!, except: [:new, :create]
+  before_filter :authorize_create_group!, only: [:new, :create]
  # Load group projects
  before_filter :projects, except: [:new, :create]
@@ -103,4 +104,8 @@ class GroupsController < ApplicationController
      return render_404
    end
  end
+  def authorize_create_group!
+    can?(current_user, :create_group, nil)
+  end
 end
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
 class Ability
  class << self
-    def allowed(object, subject)
+    def allowed(user, subject)
+      return [] unless user.kind_of?(User)
      case subject.class.name
-      when "Project" then project_abilities(object, subject)
+      when "Project" then project_abilities(user, subject)
-      when "Issue" then issue_abilities(object, subject)
+      when "Issue" then issue_abilities(user, subject)
-      when "Note" then note_abilities(object, subject)
+      when "Note" then note_abilities(user, subject)
-      when "Snippet" then snippet_abilities(object, subject)
+      when "Snippet" then snippet_abilities(user, subject)
-      when "MergeRequest" then merge_request_abilities(object, subject)
+      when "MergeRequest" then merge_request_abilities(user, subject)
-      when "Group", "Namespace" then group_abilities(object, subject)
+      when "Group", "Namespace" then group_abilities(user, subject)
-      when "UserTeam" then user_team_abilities(object, subject)
+      when "UserTeam" then user_team_abilities(user, subject)
      else []
+      end.concat(global_abilities(user))
    end
+    def global_abilities(user)
+      rules = []
+      rules << :create_group if user.can_create_group
+      rules << :create_team if user.can_create_team
+      rules
    end
    def project_abilities(user, project)

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -232,7 +232,7 @@ class User < ActiveRecord::Base
  end
  def can_create_group?
-    can_create_project?
+    can?(:create_group, nil)
  end
  def abilities

--- a/app/views/admin/users/_form.html.haml
+++ b/app/views/admin/users/_form.html.haml
@@ -46,6 +46,14 @@
            = f.label :projects_limit
            .input= f.number_field :projects_limit
+          .clearfix
+            = f.label :can_create_group
+            .input= f.check_box :can_create_group
+          .clearfix
+            = f.label :can_create_team
+            .input= f.check_box :can_create_team
          .clearfix
            = f.label :admin do
              %strong.cred Administrator