Merge pull request #126 from abf/rosa-build:125-ability_create_project_to_group_writers

[refs #125] Add ability to create/fork project in group also for members with "write" access
2013-05-08 18:31:55 +04:00 · 2013-05-08 18:31:55 +04:00 · 90ed22a347
parent effdace7b0 071518da8f
commit 90ed22a347
7 changed files with 62 additions and 13 deletions
--- a/app/assets/stylesheets/design/build_lists_monitoring.scss
+++ b/app/assets/stylesheets/design/build_lists_monitoring.scss
@ -120,9 +120,7 @@ article .all .top form .floatright a img {
  padding: 4px 12px;
  margin-bottom: 0;
  line-height: 20px;
-  color: #333333;
  text-align: center;
-  text-shadow: 0 1px 1px rgba(255, 255, 255, 0.75);
  vertical-align: middle;
  cursor: pointer;
  background-color: #f5f5f5;
@ -148,7 +146,6 @@ article .all .top form .floatright a img {

 /* bootstrap 3190*/
 .btn:hover, .btn:active, .btn.active, .btn.disabled, .btn[disabled] {
-  color: #333333;
  background-color: #e6e6e6;
 }

--- a/app/controllers/api/v1/projects_controller.rb
+++ b/app/controllers/api/v1/projects_controller.rb
@ -42,7 +42,7 @@ class Api::V1::ProjectsController < Api::V1::BaseController
    else
      @project.owner = nil
    end
-    authorize! :update, @project.owner if @project.owner != current_user
+    authorize! :write, @project.owner if @project.owner != current_user
    create_subject @project
  end

@ -63,8 +63,8 @@ class Api::V1::ProjectsController < Api::V1::BaseController
  end

  def fork
-    owner = (Group.find params[:group_id] if params[:group].present?) || current_user
-    authorize! :update, owner if owner.class == Group
+    owner = (Group.find params[:group_id] if params[:group_id].present?) || current_user
+    authorize! :write, owner if owner.class == Group
    if forked = @project.fork(owner) and forked.valid?
      render_json_response forked, 'Project has been forked successfully'
    else
--- a/app/controllers/projects/projects_controller.rb
+++ b/app/controllers/projects/projects_controller.rb
@ -34,7 +34,7 @@ class Projects::ProjectsController < Projects::BaseController
    @project = Project.new params[:project]
    @project.owner = choose_owner
    @who_owns = (@project.owner_type == 'User' ? :me : :group)
-    authorize! :update, @project.owner if @project.owner.class == Group
+    authorize! :write, @project if @project.owner.class == Group

    if @project.save
      flash[:notice] = t('flash.project.saved')
@ -67,7 +67,7 @@ class Projects::ProjectsController < Projects::BaseController

  def fork
    owner = (Group.find params[:group] if params[:group].present?) || current_user
-    authorize! :update, owner if owner.class == Group
+    authorize! :write, owner if owner.class == Group
    if forked = @project.fork(owner) and forked.valid?
      redirect_to forked, :notice => t("flash.project.forked")
    else
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@ -53,6 +53,9 @@ class Ability
        can [:update, :manage_members, :members, :add_member, :remove_member, :update_member], Group do |group|
          group.actors.exists?(:actor_type => 'User', :actor_id => user.id, :role => 'admin') # or group.owner_id = user.id
        end
+        can :write, Group do |group|
+          group.actors.exists?(:actor_type => 'User', :actor_id => user.id, :role => ['writer', 'admin'])
+        end
        can :destroy, Group, :owner_id => user.id
        can :remove_user, Group

--- a/app/models/group.rb
+++ b/app/models/group.rb
@ -19,6 +19,7 @@ class Group < Avatar
  scope :opened, where('1=1')
  scope :by_owner, lambda {|owner| where(:owner_id => owner.id)}
  scope :by_admin, lambda {|admin| joins(:actors).where(:'relations.role' => 'admin', :'relations.actor_id' => admin.id, :'relations.actor_type' => 'User')}
+  scope :by_admin_and_writer, lambda {|actor| joins(:actors).where(:'relations.role' => ['admin', 'writer'], :'relations.actor_id' => actor.id, :'relations.actor_type' => 'User')}

  attr_accessible :uname, :description
  attr_readonly :uname
@ -32,7 +33,7 @@ class Group < Avatar
  # include Modules::Models::Owner

  def self.can_own_project(user)
-    (by_owner(user) | by_admin(user))
+    (by_owner(user) | by_admin_and_writer(user))
  end

  def name
--- a/spec/controllers/api/v1/projects_controller_spec.rb
+++ b/spec/controllers/api/v1/projects_controller_spec.rb
@ -236,7 +236,6 @@ shared_examples_for 'api projects user without admin rights' do
      @project.members.should include(member)
    end
  end
-
 end

 shared_examples_for 'api projects user with owner rights' do
@ -314,6 +313,18 @@ describe Api::V1::ProjectsController do
      it 'ensures that project has been created' do
        lambda { post :create, params, :format => :json }.should change{ Project.count }.by(1)
      end
+
+      it 'writer group should be able to create project for their group' do
+        group = FactoryGirl.create(:group)
+        group.actors.create(:actor_type => 'User', :actor_id => @user.id, :role => 'writer')
+        lambda { post :create, params.deep_merge({:project => {:owner_type => 'Group', :owner_id => group.id}})}.should change{ Project.count }.by(1)
+      end
+
+      it 'reader group should not be able to create project for their group' do
+        group = FactoryGirl.create(:group)
+        group.actors.create(:actor_type => 'User', :actor_id => @user.id, :role => 'reader')
+        lambda { post :create, params.deep_merge({:project => {:owner_type => 'Group', :owner_id => group.id}})}.should change{ Project.count }.by(0)
+      end
    end

    it_should_behave_like 'api projects user with reader rights'
@ -322,6 +333,18 @@ describe Api::V1::ProjectsController do
    it_should_behave_like 'api projects user without fork rights for hidden project'
    it_should_behave_like 'api projects user without admin rights'
    it_should_behave_like 'api projects user without owner rights'
+
+    it 'group writer should be able to fork project to their group' do
+      group = FactoryGirl.create(:group)
+      group.actors.create(:actor_type => 'User', :actor_id => @user.id, :role => 'writer')
+      lambda {post :fork, :id => @project.id, :group_id => group.id}.should change{ Project.count }.by(1)
+    end
+
+    it 'group reader should not be able to fork project to their group' do
+      group = FactoryGirl.create(:group)
+      group.actors.create(:actor_type => 'User', :actor_id => @user.id, :role => 'reader')
+      lambda {post :fork, :id => @project.id, :group_id => group.id}.should change{ Project.count }.by(0)
+    end
  end

  context 'for admin' do
--- a/spec/controllers/projects/projects_controller_spec.rb
+++ b/spec/controllers/projects/projects_controller_spec.rb
@ -61,6 +61,32 @@ shared_examples_for 'projects user without project admin rights' do
    @project.reload.has_issues.should == has_issues
    response.should redirect_to(forbidden_path)
  end
+
+  it 'writer group should be able to fork project to their group' do
+    group = FactoryGirl.create(:group)
+    group.actors.create(:actor_type => 'User', :actor_id => @user.id, :role => 'writer')
+    lambda {post :fork, :owner_name => @project.owner.uname, :project_name => @project.name,
+            :group => group.id}.should change{ Project.count }.by(1)
+  end
+
+  it 'reader group should not be able to fork project to their group' do
+    group = FactoryGirl.create(:group)
+    group.actors.create(:actor_type => 'User', :actor_id => @user.id, :role => 'reader')
+    lambda {post :fork, :owner_name => @project.owner.uname, :project_name => @project.name,
+            :group => group.id}.should change{ Project.count }.by(0)
+  end
+
+  it 'writer group should be able to create project to their group' do
+    group = FactoryGirl.create(:group)
+    group.actors.create(:actor_type => 'User', :actor_id => @user.id, :role => 'writer')
+    lambda {post :create, @create_params.merge(:who_owns => 'group', :owner_id => group.id)}.should change{ Project.count }.by(1)
+  end
+
+  it 'reader group should not be able to create project to their group' do
+    group = FactoryGirl.create(:group)
+    group.actors.create(:actor_type => 'User', :actor_id => @user.id, :role => 'reader')
+    lambda {post :create, @create_params.merge(:who_owns => 'group', :owner_id => group.id)}.should change{ Project.count }.by(0)
+  end
 end

 describe Projects::ProjectsController do
@ -77,7 +103,7 @@ describe Projects::ProjectsController do
    set_session_for(@user)
  end

-  context 'for system users' do
+  context 'for users' do

    context 'guest' do

@ -138,11 +164,10 @@ describe Projects::ProjectsController do
          group = FactoryGirl.create(:group, :owner => @user)
          lambda { post :create, @create_params.merge({:who_owns => 'group', :owner_id => group.id})}.should change{ Project.count }.by(1)
        end
-
      end 

    end # context 'registered user'
-  end # context 'for system users'
+  end # context 'for users'

  context 'for project members' do