Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Tatuya Kamada
gitlab-ce
Commits
11aff97d
Commit
11aff97d
authored
Apr 09, 2017
by
blackst0ne
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Remove the User#is_admin? method
parent
3d1cade1
Changes
24
Show whitespace changes
Inline
Side-by-side
Showing
24 changed files
with
40 additions
and
40 deletions
+40
-40
app/controllers/admin/application_controller.rb
app/controllers/admin/application_controller.rb
+1
-1
app/controllers/admin/impersonations_controller.rb
app/controllers/admin/impersonations_controller.rb
+1
-1
app/helpers/visibility_level_helper.rb
app/helpers/visibility_level_helper.rb
+1
-1
app/models/user.rb
app/models/user.rb
+0
-4
app/policies/ci/runner_policy.rb
app/policies/ci/runner_policy.rb
+1
-1
app/services/users/create_service.rb
app/services/users/create_service.rb
+3
-3
app/views/layouts/header/_default.html.haml
app/views/layouts/header/_default.html.haml
+1
-1
changelogs/unreleased/remove_is_admin.yml
changelogs/unreleased/remove_is_admin.yml
+4
-0
lib/api/entities.rb
lib/api/entities.rb
+3
-3
lib/api/groups.rb
lib/api/groups.rb
+1
-1
lib/api/helpers.rb
lib/api/helpers.rb
+2
-2
lib/api/notes.rb
lib/api/notes.rb
+1
-1
lib/api/runners.rb
lib/api/runners.rb
+4
-4
lib/api/services.rb
lib/api/services.rb
+2
-2
lib/api/users.rb
lib/api/users.rb
+3
-3
lib/api/v3/groups.rb
lib/api/v3/groups.rb
+1
-1
lib/api/v3/notes.rb
lib/api/v3/notes.rb
+1
-1
lib/api/v3/runners.rb
lib/api/v3/runners.rb
+1
-1
lib/api/v3/services.rb
lib/api/v3/services.rb
+1
-1
lib/gitlab/import_export/relation_factory.rb
lib/gitlab/import_export/relation_factory.rb
+1
-1
lib/gitlab/visibility_level.rb
lib/gitlab/visibility_level.rb
+1
-1
spec/features/admin/admin_users_spec.rb
spec/features/admin/admin_users_spec.rb
+1
-1
spec/models/user_spec.rb
spec/models/user_spec.rb
+2
-2
spec/requests/api/session_spec.rb
spec/requests/api/session_spec.rb
+3
-3
No files found.
app/controllers/admin/application_controller.rb
View file @
11aff97d
...
...
@@ -6,6 +6,6 @@ class Admin::ApplicationController < ApplicationController
layout
'admin'
def
authenticate_admin!
render_404
unless
current_user
.
is_
admin?
render_404
unless
current_user
.
admin?
end
end
app/controllers/admin/impersonations_controller.rb
View file @
11aff97d
...
...
@@ -21,6 +21,6 @@ class Admin::ImpersonationsController < Admin::ApplicationController
end
def
authenticate_impersonator!
render_404
unless
impersonator
&&
impersonator
.
is_
admin?
&&
!
impersonator
.
blocked?
render_404
unless
impersonator
&&
impersonator
.
admin?
&&
!
impersonator
.
blocked?
end
end
app/helpers/visibility_level_helper.rb
View file @
11aff97d
...
...
@@ -85,7 +85,7 @@ module VisibilityLevelHelper
end
def
restricted_visibility_levels
(
show_all
=
false
)
return
[]
if
current_user
.
is_
admin?
&&
!
show_all
return
[]
if
current_user
.
admin?
&&
!
show_all
current_application_settings
.
restricted_visibility_levels
||
[]
end
...
...
app/models/user.rb
View file @
11aff97d
...
...
@@ -555,10 +555,6 @@ class User < ActiveRecord::Base
authorized_projects
(
Gitlab
::
Access
::
REPORTER
).
non_archived
.
with_issues_enabled
end
def
is_admin?
admin
end
def
require_ssh_key?
keys
.
count
==
0
&&
Gitlab
::
ProtocolAccess
.
allowed?
(
'ssh'
)
end
...
...
app/policies/ci/runner_policy.rb
View file @
11aff97d
...
...
@@ -3,7 +3,7 @@ module Ci
def
rules
return
unless
@user
can!
:assign_runner
if
@user
.
is_
admin?
can!
:assign_runner
if
@user
.
admin?
return
if
@subject
.
is_shared?
||
@subject
.
locked?
...
...
app/services/users/create_service.rb
View file @
11aff97d
...
...
@@ -11,7 +11,7 @@ module Users
user
=
User
.
new
(
build_user_params
)
if
current_user
&
.
is_
admin?
if
current_user
&
.
admin?
if
params
[
:reset_password
]
@reset_token
=
user
.
generate_reset_token
params
[
:force_random_password
]
=
true
...
...
@@ -47,7 +47,7 @@ module Users
private
def
can_create_user?
(
current_user
.
nil?
&&
current_application_settings
.
signup_enabled?
)
||
current_user
&
.
is_
admin?
(
current_user
.
nil?
&&
current_application_settings
.
signup_enabled?
)
||
current_user
&
.
admin?
end
# Allowed params for creating a user (admins only)
...
...
@@ -94,7 +94,7 @@ module Users
end
def
build_user_params
if
current_user
&
.
is_
admin?
if
current_user
&
.
admin?
user_params
=
params
.
slice
(
*
admin_create_params
)
user_params
[
:created_by_id
]
=
current_user
&
.
id
...
...
app/views/layouts/header/_default.html.haml
View file @
11aff97d
...
...
@@ -31,7 +31,7 @@
%li
.impersonation
=
link_to
admin_impersonation_path
,
method: :delete
,
title:
"Stop impersonation"
,
aria:
{
label:
'Stop impersonation'
},
data:
{
toggle:
'tooltip'
,
placement:
'bottom'
,
container:
'body'
}
do
=
icon
(
'user-secret fw'
)
-
if
current_user
.
is_
admin?
-
if
current_user
.
admin?
%li
=
link_to
admin_root_path
,
title:
'Admin area'
,
aria:
{
label:
"Admin area"
},
data:
{
toggle:
'tooltip'
,
placement:
'bottom'
,
container:
'body'
}
do
=
icon
(
'wrench fw'
)
...
...
changelogs/unreleased/remove_is_admin.yml
0 → 100644
View file @
11aff97d
---
title
:
Remove the User#is_admin? method
merge_request
:
10520
author
:
blackst0ne
lib/api/entities.rb
View file @
11aff97d
...
...
@@ -14,7 +14,7 @@ module API
class
User
<
UserBasic
expose
:created_at
expose
:
is_
admin?
,
as: :is_admin
expose
:admin?
,
as: :is_admin
expose
:bio
,
:location
,
:skype
,
:linkedin
,
:twitter
,
:website_url
,
:organization
end
...
...
@@ -611,9 +611,9 @@ module API
expose
:locked
expose
:version
,
:revision
,
:platform
,
:architecture
expose
:contacted_at
expose
:token
,
if:
lambda
{
|
runner
,
options
|
options
[
:current_user
].
is_
admin?
||
!
runner
.
is_shared?
}
expose
:token
,
if:
lambda
{
|
runner
,
options
|
options
[
:current_user
].
admin?
||
!
runner
.
is_shared?
}
expose
:projects
,
with:
Entities
::
BasicProjectDetails
do
|
runner
,
options
|
if
options
[
:current_user
].
is_
admin?
if
options
[
:current_user
].
admin?
runner
.
projects
else
options
[
:current_user
].
authorized_projects
.
where
(
id:
runner
.
projects
)
...
...
lib/api/groups.rb
View file @
11aff97d
...
...
@@ -56,7 +56,7 @@ module API
groups
=
groups
.
where
.
not
(
id:
params
[
:skip_groups
])
if
params
[
:skip_groups
].
present?
groups
=
groups
.
reorder
(
params
[
:order_by
]
=>
params
[
:sort
])
present_groups
groups
,
statistics:
params
[
:statistics
]
&&
current_user
.
is_
admin?
present_groups
groups
,
statistics:
params
[
:statistics
]
&&
current_user
.
admin?
end
desc
'Create a group. Available only for users who can create groups.'
do
...
...
lib/api/helpers.rb
View file @
11aff97d
...
...
@@ -118,7 +118,7 @@ module API
def
authenticated_as_admin!
authenticate!
forbidden!
unless
current_user
.
is_
admin?
forbidden!
unless
current_user
.
admin?
end
def
authorize!
(
action
,
subject
=
:global
)
...
...
@@ -358,7 +358,7 @@ module API
return
unless
sudo_identifier
return
unless
initial_current_user
unless
initial_current_user
.
is_
admin?
unless
initial_current_user
.
admin?
forbidden!
(
'Must be admin to use sudo'
)
end
...
...
lib/api/notes.rb
View file @
11aff97d
...
...
@@ -78,7 +78,7 @@ module API
}
if
can?
(
current_user
,
noteable_read_ability_name
(
noteable
),
noteable
)
if
params
[
:created_at
]
&&
(
current_user
.
is_
admin?
||
user_project
.
owner
==
current_user
)
if
params
[
:created_at
]
&&
(
current_user
.
admin?
||
user_project
.
owner
==
current_user
)
opts
[
:created_at
]
=
params
[
:created_at
]
end
...
...
lib/api/runners.rb
View file @
11aff97d
...
...
@@ -161,18 +161,18 @@ module API
end
def
authenticate_show_runner!
(
runner
)
return
if
runner
.
is_shared
||
current_user
.
is_
admin?
return
if
runner
.
is_shared
||
current_user
.
admin?
forbidden!
(
"No access granted"
)
unless
user_can_access_runner?
(
runner
)
end
def
authenticate_update_runner!
(
runner
)
return
if
current_user
.
is_
admin?
return
if
current_user
.
admin?
forbidden!
(
"Runner is shared"
)
if
runner
.
is_shared?
forbidden!
(
"No access granted"
)
unless
user_can_access_runner?
(
runner
)
end
def
authenticate_delete_runner!
(
runner
)
return
if
current_user
.
is_
admin?
return
if
current_user
.
admin?
forbidden!
(
"Runner is shared"
)
if
runner
.
is_shared?
forbidden!
(
"Runner associated with more than one project"
)
if
runner
.
projects
.
count
>
1
forbidden!
(
"No access granted"
)
unless
user_can_access_runner?
(
runner
)
...
...
@@ -181,7 +181,7 @@ module API
def
authenticate_enable_runner!
(
runner
)
forbidden!
(
"Runner is shared"
)
if
runner
.
is_shared?
forbidden!
(
"Runner is locked"
)
if
runner
.
locked?
return
if
current_user
.
is_
admin?
return
if
current_user
.
admin?
forbidden!
(
"No access granted"
)
unless
user_can_access_runner?
(
runner
)
end
...
...
lib/api/services.rb
View file @
11aff97d
...
...
@@ -642,7 +642,7 @@ module API
service_params
=
declared_params
(
include_missing:
false
).
merge
(
active:
true
)
if
service
.
update_attributes
(
service_params
)
present
service
,
with:
Entities
::
ProjectService
,
include_passwords:
current_user
.
is_
admin?
present
service
,
with:
Entities
::
ProjectService
,
include_passwords:
current_user
.
admin?
else
render_api_error!
(
'400 Bad Request'
,
400
)
end
...
...
@@ -673,7 +673,7 @@ module API
end
get
":id/services/:service_slug"
do
service
=
user_project
.
find_or_initialize_service
(
params
[
:service_slug
].
underscore
)
present
service
,
with:
Entities
::
ProjectService
,
include_passwords:
current_user
.
is_
admin?
present
service
,
with:
Entities
::
ProjectService
,
include_passwords:
current_user
.
admin?
end
end
...
...
lib/api/users.rb
View file @
11aff97d
...
...
@@ -56,10 +56,10 @@ module API
users
=
users
.
active
if
params
[
:active
]
users
=
users
.
search
(
params
[
:search
])
if
params
[
:search
].
present?
users
=
users
.
blocked
if
params
[
:blocked
]
users
=
users
.
external
if
params
[
:external
]
&&
current_user
.
is_
admin?
users
=
users
.
external
if
params
[
:external
]
&&
current_user
.
admin?
end
entity
=
current_user
.
is_
admin?
?
Entities
::
UserPublic
:
Entities
::
UserBasic
entity
=
current_user
.
admin?
?
Entities
::
UserPublic
:
Entities
::
UserBasic
present
paginate
(
users
),
with:
entity
end
...
...
@@ -73,7 +73,7 @@ module API
user
=
User
.
find_by
(
id:
params
[
:id
])
not_found!
(
'User'
)
unless
user
if
current_user
&&
current_user
.
is_
admin?
if
current_user
&&
current_user
.
admin?
present
user
,
with:
Entities
::
UserPublic
elsif
can?
(
current_user
,
:read_user
,
user
)
present
user
,
with:
Entities
::
User
...
...
lib/api/v3/groups.rb
View file @
11aff97d
...
...
@@ -54,7 +54,7 @@ module API
groups
=
groups
.
where
.
not
(
id:
params
[
:skip_groups
])
if
params
[
:skip_groups
].
present?
groups
=
groups
.
reorder
(
params
[
:order_by
]
=>
params
[
:sort
])
present_groups
groups
,
statistics:
params
[
:statistics
]
&&
current_user
.
is_
admin?
present_groups
groups
,
statistics:
params
[
:statistics
]
&&
current_user
.
admin?
end
desc
'Get list of owned groups for authenticated user'
do
...
...
lib/api/v3/notes.rb
View file @
11aff97d
...
...
@@ -79,7 +79,7 @@ module API
noteable
=
user_project
.
send
(
noteables_str
.
to_sym
).
find
(
params
[
:noteable_id
])
if
can?
(
current_user
,
noteable_read_ability_name
(
noteable
),
noteable
)
if
params
[
:created_at
]
&&
(
current_user
.
is_
admin?
||
user_project
.
owner
==
current_user
)
if
params
[
:created_at
]
&&
(
current_user
.
admin?
||
user_project
.
owner
==
current_user
)
opts
[
:created_at
]
=
params
[
:created_at
]
end
...
...
lib/api/v3/runners.rb
View file @
11aff97d
...
...
@@ -50,7 +50,7 @@ module API
helpers
do
def
authenticate_delete_runner!
(
runner
)
return
if
current_user
.
is_
admin?
return
if
current_user
.
admin?
forbidden!
(
"Runner is shared"
)
if
runner
.
is_shared?
forbidden!
(
"Runner associated with more than one project"
)
if
runner
.
projects
.
count
>
1
forbidden!
(
"No access granted"
)
unless
user_can_access_runner?
(
runner
)
...
...
lib/api/v3/services.rb
View file @
11aff97d
...
...
@@ -602,7 +602,7 @@ module API
end
get
":id/services/:service_slug"
do
service
=
user_project
.
find_or_initialize_service
(
params
[
:service_slug
].
underscore
)
present
service
,
with:
Entities
::
ProjectService
,
include_passwords:
current_user
.
is_
admin?
present
service
,
with:
Entities
::
ProjectService
,
include_passwords:
current_user
.
admin?
end
end
...
...
lib/gitlab/import_export/relation_factory.rb
View file @
11aff97d
...
...
@@ -186,7 +186,7 @@ module Gitlab
end
def
admin_user?
@user
.
is_
admin?
@user
.
admin?
end
def
parsed_relation_hash
...
...
lib/gitlab/visibility_level.rb
View file @
11aff97d
...
...
@@ -63,7 +63,7 @@ module Gitlab
end
def
allowed_for?
(
user
,
level
)
user
.
is_
admin?
||
allowed_level?
(
level
.
to_i
)
user
.
admin?
||
allowed_level?
(
level
.
to_i
)
end
# Return true if the specified level is allowed for the current user.
...
...
spec/features/admin/admin_users_spec.rb
View file @
11aff97d
...
...
@@ -223,7 +223,7 @@ describe "Admin::Users", feature: true do
it
"changes user entry"
do
user
.
reload
expect
(
user
.
name
).
to
eq
(
'Big Bang'
)
expect
(
user
.
is_
admin?
).
to
be_truthy
expect
(
user
.
admin?
).
to
be_truthy
expect
(
user
.
password_expires_at
).
to
be
<=
Time
.
now
end
end
...
...
spec/models/user_spec.rb
View file @
11aff97d
...
...
@@ -315,7 +315,7 @@ describe User, models: true do
end
describe
"Respond to"
do
it
{
is_expected
.
to
respond_to
(
:
is_
admin?
)
}
it
{
is_expected
.
to
respond_to
(
:admin?
)
}
it
{
is_expected
.
to
respond_to
(
:name
)
}
it
{
is_expected
.
to
respond_to
(
:private_token
)
}
it
{
is_expected
.
to
respond_to
(
:external?
)
}
...
...
@@ -586,7 +586,7 @@ describe User, models: true do
describe
'normal user'
do
let
(
:user
)
{
create
(
:user
,
name:
'John Smith'
)
}
it
{
expect
(
user
.
is_
admin?
).
to
be_falsey
}
it
{
expect
(
user
.
admin?
).
to
be_falsey
}
it
{
expect
(
user
.
require_ssh_key?
).
to
be_truthy
}
it
{
expect
(
user
.
can_create_group?
).
to
be_truthy
}
it
{
expect
(
user
.
can_create_project?
).
to
be_truthy
}
...
...
spec/requests/api/session_spec.rb
View file @
11aff97d
...
...
@@ -13,7 +13,7 @@ describe API::Session, api: true do
expect
(
json_response
[
'email'
]).
to
eq
(
user
.
email
)
expect
(
json_response
[
'private_token'
]).
to
eq
(
user
.
private_token
)
expect
(
json_response
[
'is_admin'
]).
to
eq
(
user
.
is_
admin?
)
expect
(
json_response
[
'is_admin'
]).
to
eq
(
user
.
admin?
)
expect
(
json_response
[
'can_create_project'
]).
to
eq
(
user
.
can_create_project?
)
expect
(
json_response
[
'can_create_group'
]).
to
eq
(
user
.
can_create_group?
)
end
...
...
@@ -37,7 +37,7 @@ describe API::Session, api: true do
expect
(
json_response
[
'email'
]).
to
eq
user
.
email
expect
(
json_response
[
'private_token'
]).
to
eq
user
.
private_token
expect
(
json_response
[
'is_admin'
]).
to
eq
user
.
is_
admin?
expect
(
json_response
[
'is_admin'
]).
to
eq
user
.
admin?
expect
(
json_response
[
'can_create_project'
]).
to
eq
user
.
can_create_project?
expect
(
json_response
[
'can_create_group'
]).
to
eq
user
.
can_create_group?
end
...
...
@@ -50,7 +50,7 @@ describe API::Session, api: true do
expect
(
json_response
[
'email'
]).
to
eq
user
.
email
expect
(
json_response
[
'private_token'
]).
to
eq
user
.
private_token
expect
(
json_response
[
'is_admin'
]).
to
eq
user
.
is_
admin?
expect
(
json_response
[
'is_admin'
]).
to
eq
user
.
admin?
expect
(
json_response
[
'can_create_project'
]).
to
eq
user
.
can_create_project?
expect
(
json_response
[
'can_create_group'
]).
to
eq
user
.
can_create_group?
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment