From dc2e0114b08852e0ecb3d0a223b5961c1dae415e Mon Sep 17 00:00:00 2001 From: Alexander Machehin Date: Mon, 26 Jan 2015 18:52:09 +0500 Subject: [PATCH] [#446] only admin can share a project --- .../projects/projects_controller.rb | 7 +++++-- app/models/ability.rb | 3 +++ .../projects/git/base/_choose_fork.html.slim | 18 ++++++++++------- config/routes.rb | 3 ++- .../projects/projects_controller_spec.rb | 20 +++++++++++++++++++ 5 files changed, 41 insertions(+), 10 deletions(-) diff --git a/app/controllers/projects/projects_controller.rb b/app/controllers/projects/projects_controller.rb index 9a5f5a23f..4f64e4a57 100644 --- a/app/controllers/projects/projects_controller.rb +++ b/app/controllers/projects/projects_controller.rb @@ -114,11 +114,10 @@ class Projects::ProjectsController < Projects::BaseController redirect_to @project.owner end - def fork + def fork(is_alias = false) owner = (Group.find params[:group] if params[:group].present?) || current_user authorize! :write, owner if owner.class == Group - is_alias = params[:alias] == 'true' if forked = @project.fork(owner, new_name: params[:fork_name], is_alias: is_alias) and forked.valid? redirect_to forked, notice: t("flash.project.forked") else @@ -128,6 +127,10 @@ class Projects::ProjectsController < Projects::BaseController end end + def alias + fork(true) + end + def possible_forks render partial: 'projects/git/base/forks', layout: false, locals: { owner: current_user, name: (params[:name].presence || @project.name) } diff --git a/app/models/ability.rb b/app/models/ability.rb index cd07368d6..84e09082e 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -72,8 +72,11 @@ class Ability can [:update, :sections, :manage_collaborators, :autocomplete_maintainers, :add_member, :remove_member, :remove_members, :update_member, :members, :schedule], Project do |project| local_admin? project end + can(:fork, Project) {|project| can? :read, project} can(:fork, Project) {|project| project.owner_type == 'Group' and can? :update, project.owner} + can(:alias, Project) {|project| local_admin?(project) } + can(:destroy, Project) {|project| owner? project} can(:destroy, Project) {|project| project.owner_type == 'Group' and project.owner.actors.exists?(actor_type: 'User', actor_id: user.id, role: 'admin')} can :remove_user, Project diff --git a/app/views/projects/git/base/_choose_fork.html.slim b/app/views/projects/git/base/_choose_fork.html.slim index 68527a2da..716762cc4 100644 --- a/app/views/projects/git/base/_choose_fork.html.slim +++ b/app/views/projects/git/base/_choose_fork.html.slim @@ -9,14 +9,18 @@ = form_for @project, url: fork_project_path(@project), html: { class: :form, multipart: true, method: :post } do |f| = hidden_field_tag :group, owner.id if owner.class == Group = hidden_field_tag :fork_name, name, name: 'fork_name' - = hidden_field_tag :alias, '{{create_alias}}' - .btn-group.btn-group-justified ng-init='create_alias = false' + .btn-group.btn-group-justified .btn-group = f.submit t('layout.projects.fork_to', to: full_name), class: 'btn btn-primary center-block', 'data-loading-text' => t('layout.processing'), id: 'create_fork' - .btn-group - = f.submit t('layout.projects.create_alias_for', for: full_name), - class: 'btn btn-primary center-block', - ng_click: 'create_alias = true', - 'data-loading-text' => t('layout.processing'), id: 'create_fork' \ No newline at end of file + + - if can? :alias, @project + = form_for @project, url: alias_project_path(@project), html: { class: :form, multipart: true, method: :post } do |f| + = hidden_field_tag :group, owner.id if owner.class == Group + = hidden_field_tag :fork_name, name, name: 'fork_name' + .btn-group.btn-group-justified.offset5 + .btn-group + = f.submit t('layout.projects.create_alias_for', for: full_name), + class: 'btn btn-primary center-block', + 'data-loading-text' => t('layout.processing'), id: 'create_fork' diff --git a/config/routes.rb b/config/routes.rb index 6f516f5fe..7a486d7db 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -355,7 +355,8 @@ Rosa::Application.routes.draw do patch '/' => 'projects#update' delete '/' => 'projects#destroy' # Member - post '/fork' => 'projects#fork', as: :fork_project + post '/fork' => 'projects#fork', as: :fork_project + post '/alias' => 'projects#alias', as: :alias_project get '/possible_forks' => 'projects#possible_forks', as: :possible_forks_project get '/sections' => 'projects#sections', as: :sections_project patch '/sections' => 'projects#sections' diff --git a/spec/controllers/projects/projects_controller_spec.rb b/spec/controllers/projects/projects_controller_spec.rb index 82701d439..5df461cd4 100644 --- a/spec/controllers/projects/projects_controller_spec.rb +++ b/spec/controllers/projects/projects_controller_spec.rb @@ -35,6 +35,16 @@ shared_examples_for 'projects user with project admin rights' do put :schedule, { name_with_owner: @project.name_with_owner }.merge(repository_id: @project.repositories.first.id) response.should be_success end + + it 'should be able to create alias for a project' do + post :alias, name_with_owner: @project.name_with_owner, fork_name: (@project.name + '_new') + response.should redirect_to(project_path(Project.last)) + end + + it 'should create alias for a project' do + lambda { post :alias, name_with_owner: @project.name_with_owner, + fork_name: (@project.name + '_new') }.should change{ Project.count }.by(1) + end end shared_examples_for 'user with destroy rights' do @@ -94,6 +104,16 @@ shared_examples_for 'projects user without project admin rights' do create_actor_relation(group, @user, 'reader') lambda {post :create, @create_params.merge(who_owns: 'group', owner_id: group.id)}.should change{ Project.count }.by(0) end + + it 'should not be able to create alias for a project' do + post :alias, name_with_owner: @project.name_with_owner + response.should redirect_to(forbidden_path) + end + + it 'should not create alias for a project' do + lambda { post :alias, name_with_owner: @project.name_with_owner, + fork_name: (@project.name + '_new') }.should change{ Project.count }.by(0) + end end describe Projects::ProjectsController do