[#465] fix best_role; fix projects api; fix project api specs

This commit is contained in:
Alexander Machehin 2015-03-31 21:49:02 +05:00 committed by Vokhmin Alexey V
parent d002cfc81b
commit 2c0817c662
5 changed files with 13 additions and 4 deletions

View File

@ -39,7 +39,7 @@ class Api::V1::ProjectsController < Api::V1::BaseController
else
@project.owner = nil
end
authorize @project.owner, :write? if @project.owner != current_user
authorize @project
create_subject @project
end
@ -61,7 +61,9 @@ class Api::V1::ProjectsController < Api::V1::BaseController
def fork(is_alias = false)
owner = (Group.find params[:group_id] if params[:group_id].present?) || current_user
authorize @project, :show?
authorize owner, :write? if owner.is_a?(Group)
if forked = @project.fork(owner, new_name: params[:fork_name], is_alias: is_alias) and forked.valid?
render_json_response forked, 'Project has been forked successfully'
else
@ -70,6 +72,7 @@ class Api::V1::ProjectsController < Api::V1::BaseController
end
def alias
authorize @project
fork(true)
end

View File

@ -19,7 +19,7 @@ class ApplicationController < ActionController::Base
only: [:create, :destroy, :open_id, :cancel, :publish, :change_visibility] # :update
before_action :banned?
after_action -> { EventLog.current_controller = nil }
after_action :verify_authorized
after_action :verify_authorized, unless: :devise_controller?
helper_method :get_owner

View File

@ -1,5 +1,6 @@
class HomeController < ApplicationController
before_action :authenticate_user!, only: [:activity, :issues, :pull_requests]
after_action :verify_authorized, :except => [:root, :activity, :issues, :pull_requests]
def root
respond_to do |format|

View File

@ -180,8 +180,13 @@ class User < Avatar
gr = gr.where('groups.id != ?', target.owner.id) # exclude target owner group from users group list
end
roles += rel.where(actor_id: self.id, actor_type: 'User') # user is member
if target.class == Group
roles += target.actors.where(actor_id: self.id, actor_type: 'User') # user is member of a target group
else
roles += rel.where(actor_id: gr.pluck('DISTINCT groups.id'), actor_type: 'Group') # user group is member
end
roles += rel.where(actor_id: self.id, actor_type: 'User') # user is member
roles.map(&:role).uniq
end

View File

@ -22,7 +22,7 @@ class ProjectPolicy < ApplicationPolicy
def create?
return true if is_admin?
return false if user.guest?
!record.try(:owner) || owner_policy.write?
owner_policy.write?
end
def update?