Group owner or admin can remove other group owners

02cf9aa6 · Dmitriy Zaporozhets · 8674e1c2 · 02cf9aa6 · 02cf9aa6
Commit 02cf9aa6 authored Sep 26, 2013 by Dmitriy Zaporozhets
Showing with 3 additions and 3 deletions

app/controllers/users_groups_controller.rb app/controllers/users_groups_controller.rb +1 -1

app/views/users_groups/_users_group.html.haml app/views/users_groups/_users_group.html.haml +2 -2

No files found.
--- a/app/controllers/users_groups_controller.rb
+++ b/app/controllers/users_groups_controller.rb
@@ -19,7 +19,7 @@ class UsersGroupsController < ApplicationController

  def destroy
    @users_group = @group.users_groups.find(params[:id])
-    @users_group.destroy unless @users_group.user == @group.owner
+    @users_group.destroy

    respond_to do |format|
      format.html { redirect_to members_group_path(@group), notice: 'User was  successfully removed from group.' }

--- a/app/views/users_groups/_users_group.html.haml
+++ b/app/views/users_groups/_users_group.html.haml
@@ -10,7 +10,7 @@
  %span.pull-right
    %strong= member.human_access

-    - if show_controls && user != @group.owner && user != current_user
+    - if show_controls && can?(current_user, :manage_group, @group) && current_user != user
      = link_to '#', class: "btn-tiny btn js-toggle-button", title: 'Edit access level' do
        %i.icon-edit
      = link_to group_users_group_path(@group, member), confirm: remove_user_from_group_message(@group, user), method: :delete, remote: true, class: "btn-tiny btn btn-remove", title: 'Remove user from group' do
@@ -20,4 +20,4 @@
    = form_for [@group, member], remote: true do |f|
      .alert.prepend-top-20
        = f.select :group_access, options_for_select(UsersGroup.group_access_roles, member.group_access)
-        = f.submit 'Save', class: 'btn btn-save'
+        = f.submit 'Save', class: 'btn btn-save btn-small'