[#446] only admin can share a project

2015-01-26 18:52:09 +05:00 · 2015-01-26 18:52:09 +05:00 · dc2e0114b0
parent 4daa857f2c
commit dc2e0114b0
5 changed files with 41 additions and 10 deletions
--- a/app/controllers/projects/projects_controller.rb
+++ b/app/controllers/projects/projects_controller.rb
@ -114,11 +114,10 @@ class Projects::ProjectsController < Projects::BaseController
    redirect_to @project.owner
  end

-  def fork
+  def fork(is_alias = false)
    owner = (Group.find params[:group] if params[:group].present?) || current_user
    authorize! :write, owner if owner.class == Group

-    is_alias = params[:alias] == 'true'
    if forked = @project.fork(owner, new_name: params[:fork_name], is_alias: is_alias) and forked.valid?
      redirect_to forked, notice: t("flash.project.forked")
    else
@ -128,6 +127,10 @@ class Projects::ProjectsController < Projects::BaseController
    end
  end

+  def alias
+    fork(true)
+  end
+
  def possible_forks
    render partial: 'projects/git/base/forks', layout: false,
      locals: { owner: current_user, name: (params[:name].presence || @project.name) }
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@ -72,8 +72,11 @@ class Ability
        can [:update, :sections, :manage_collaborators, :autocomplete_maintainers, :add_member, :remove_member, :remove_members, :update_member, :members, :schedule], Project do |project|
          local_admin? project
        end
+
        can(:fork, Project) {|project| can? :read, project}
        can(:fork, Project) {|project| project.owner_type == 'Group' and can? :update, project.owner}
+        can(:alias, Project) {|project| local_admin?(project) }
+
        can(:destroy, Project) {|project| owner? project}
        can(:destroy, Project) {|project| project.owner_type == 'Group' and project.owner.actors.exists?(actor_type: 'User', actor_id: user.id, role: 'admin')}
        can :remove_user, Project
--- a/app/views/projects/git/base/_choose_fork.html.slim
+++ b/app/views/projects/git/base/_choose_fork.html.slim
@ -9,14 +9,18 @@
  = form_for @project, url: fork_project_path(@project), html: { class: :form, multipart: true, method: :post } do |f|
    = hidden_field_tag :group, owner.id if owner.class == Group
    = hidden_field_tag :fork_name, name, name: 'fork_name'
-    = hidden_field_tag :alias, '{{create_alias}}'
-    .btn-group.btn-group-justified ng-init='create_alias = false'
+    .btn-group.btn-group-justified
      .btn-group
        = f.submit t('layout.projects.fork_to', to: full_name),
          class: 'btn btn-primary center-block',
          'data-loading-text' => t('layout.processing'), id: 'create_fork'
-      .btn-group
-        = f.submit t('layout.projects.create_alias_for', for: full_name),
-        class: 'btn btn-primary center-block',
-        ng_click: 'create_alias = true',
-        'data-loading-text' => t('layout.processing'), id: 'create_fork'
+
+  - if can? :alias, @project
+    = form_for @project, url: alias_project_path(@project), html: { class: :form, multipart: true, method: :post } do |f|
+      = hidden_field_tag :group, owner.id if owner.class == Group
+      = hidden_field_tag :fork_name, name, name: 'fork_name'
+      .btn-group.btn-group-justified.offset5
+        .btn-group
+          = f.submit t('layout.projects.create_alias_for', for: full_name),
+          class: 'btn btn-primary center-block',
+          'data-loading-text' => t('layout.processing'), id: 'create_fork'
--- a/config/routes.rb
+++ b/config/routes.rb
@ -355,7 +355,8 @@ Rosa::Application.routes.draw do
      patch '/' => 'projects#update'
      delete '/' => 'projects#destroy'
      # Member
-      post '/fork' => 'projects#fork', as: :fork_project
+      post '/fork'  => 'projects#fork',  as: :fork_project
+      post '/alias' => 'projects#alias', as: :alias_project
      get '/possible_forks' => 'projects#possible_forks', as: :possible_forks_project
      get '/sections' => 'projects#sections', as: :sections_project
      patch '/sections' => 'projects#sections'
--- a/spec/controllers/projects/projects_controller_spec.rb
+++ b/spec/controllers/projects/projects_controller_spec.rb
@ -35,6 +35,16 @@ shared_examples_for 'projects user with project admin rights' do
    put :schedule, { name_with_owner: @project.name_with_owner }.merge(repository_id: @project.repositories.first.id)
    response.should be_success
  end
+
+  it 'should be able to create alias for a project' do
+    post :alias, name_with_owner: @project.name_with_owner, fork_name: (@project.name + '_new')
+    response.should redirect_to(project_path(Project.last))
+  end
+
+  it 'should create alias for a project' do
+    lambda { post :alias, name_with_owner: @project.name_with_owner,
+                          fork_name: (@project.name + '_new') }.should change{ Project.count }.by(1)
+  end
 end

 shared_examples_for 'user with destroy rights' do
@ -94,6 +104,16 @@ shared_examples_for 'projects user without project admin rights' do
    create_actor_relation(group, @user, 'reader')
    lambda {post :create, @create_params.merge(who_owns: 'group', owner_id: group.id)}.should change{ Project.count }.by(0)
  end
+
+  it 'should not be able to create alias for a project' do
+    post :alias, name_with_owner: @project.name_with_owner
+    response.should redirect_to(forbidden_path)
+  end
+
+  it 'should not create alias for a project' do
+    lambda { post :alias, name_with_owner: @project.name_with_owner,
+                      fork_name: (@project.name + '_new') }.should change{ Project.count }.by(0)
+  end
 end

 describe Projects::ProjectsController do