Allow project creation in scope of group for non-admin but group owners

diff --git a/app/models/project.rb b/app/models/project.rb
index 89618a1..680633f 100644 (file)
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -95,7 +95,6 @@ class Project < ActiveRecord::Base
 
     def create_by_user(params, user)
       namespace_id = params.delete(:namespace_id)
-      namespace_id ||= user.namespace.try(:id)
 
       project = Project.new params
 
@@ -109,7 +108,18 @@ class Project < ActiveRecord::Base
         project.path = project.name.dup.parameterize
 
         project.owner = user
-        project.namespace_id = namespace_id
+
+        # Apply namespace if user has access to it
+        # else fallback to user namespace
+        project.namespace_id = user.namespace_id
+
+        if namespace_id
+          group = Group.find_by_id(namespace_id)
+          if user.can? :manage_group, group
+            project.namespace_id = namespace_id
+          end
+        end
+
         project.save!
 
         # Add user as project master

diff --git a/app/models/user.rb b/app/models/user.rb
index bd7f50e..5559f84 100644 (file)
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -48,6 +48,7 @@ class User < ActiveRecord::Base
 
   # Namespace for personal projects
   has_one :namespace, class_name: "Namespace", foreign_key: :owner_id, conditions: 'type IS NULL', dependent: :destroy
+  has_many :groups, class_name: "Group", foreign_key: :owner_id
 
   has_many :keys, dependent: :destroy
   has_many :projects, through: :users_projects
@@ -120,15 +121,4 @@ class User < ActiveRecord::Base
       self.password = self.password_confirmation = Devise.friendly_token.first(8)
     end
   end
-
-  def namespaces
-    namespaces = []
-    namespaces << self.namespace if self.namespace
-    namespaces = namespaces + Group.all if admin
-    namespaces
-  end
-
-  def several_namespaces?
-    namespaces.size > 1
-  end
 end

diff --git a/app/roles/account.rb b/app/roles/account.rb
index b80fbba..6df11d6 100644 (file)
--- a/app/roles/account.rb
+++ b/app/roles/account.rb
@@ -26,6 +26,18 @@ module Account
     is_admin?
   end
 
+  def abilities
+    @abilities ||= begin
+                     abilities = Six.new
+                     abilities << Ability
+                     abilities
+                   end
+  end
+
+  def can? action, subject
+    abilities.allowed?(self, action, subject)
+  end
+
   def last_activity_project
     projects.first
   end
@@ -70,4 +82,27 @@ module Account
   def projects_sorted_by_activity
     projects.order("(SELECT max(events.created_at) FROM events WHERE events.project_id = projects.id) DESC")
   end
+
+  def namespaces
+    namespaces = []
+
+    # Add user account namespace
+    namespaces << self.namespace if self.namespace
+
+    # Add groups you can manage
+    namespaces += if admin
+                    Group.all
+                  else
+                    groups.all
+                  end
+    namespaces
+  end
+
+  def several_namespaces?
+    namespaces.size > 1
+  end
+
+  def namespace_id
+    namespace.try :id
+  end
 end

diff --git a/app/views/groups/people.html.haml b/app/views/groups/people.html.haml
index 2581080..0d176e1 100644 (file)
--- a/app/views/groups/people.html.haml
+++ b/app/views/groups/people.html.haml
@@ -9,4 +9,6 @@
         = image_tag gravatar_icon(user.email, 16), class: "avatar s16"
         %strong= user.name
         %span.cgray= user.email
+        - if @group.owner == user
+          %span.btn.btn-small.disabled.right Owner
 

diff --git a/spec/models/namespace_spec.rb b/spec/models/namespace_spec.rb
index c2509d2..16ab1b6 100644 (file)
--- a/spec/models/namespace_spec.rb
+++ b/spec/models/namespace_spec.rb
@@ -22,4 +22,14 @@ describe Namespace do
   it { should validate_presence_of :path }
   it { should validate_uniqueness_of(:path) }
   it { should validate_presence_of :owner }
+
+  describe "Mass assignment" do
+    it { should allow_mass_assignment_of(:name) }
+    it { should allow_mass_assignment_of(:path) }
+  end
+
+  describe "Respond to" do
+    it { should respond_to(:human_name) }
+    it { should respond_to(:to_param) }
+  end
 end

diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb
index 4fb5f50..db0d307 100644 (file)
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -40,6 +40,7 @@ describe Project do
   end
 
   describe "Mass assignment" do
+    it { should_not allow_mass_assignment_of(:namespace_id) }
     it { should_not allow_mass_assignment_of(:owner_id) }
     it { should_not allow_mass_assignment_of(:private_flag) }
   end

diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 13fa4d1..824e8cf 100644 (file)
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -40,6 +40,7 @@ describe User do
     it { should have_one(:namespace) }
     it { should have_many(:users_projects).dependent(:destroy) }
     it { should have_many(:projects) }
+    it { should have_many(:groups) }
     it { should have_many(:my_own_projects).class_name('Project') }
     it { should have_many(:keys).dependent(:destroy) }
     it { should have_many(:events).class_name('Event').dependent(:destroy) }