# Authorize
before_filter :add_project_abilities
+
+ # Allow read any issue
before_filter :authorize_read_issue!
- before_filter :authorize_write_issue!, :only => [:new, :create, :close, :edit, :update, :sort]
+
+ # Allow write(create) issue
+ before_filter :authorize_write_issue!, :only => [:new, :create]
+
+ # Allow modify issue
+ before_filter :authorize_modify_issue!, :only => [:close, :edit, :update, :sort]
+
+ # Allow destroy issue
+ before_filter :authorize_admin_issue!, :only => [:destroy]
respond_to :js, :html
def issue
@issue ||= @project.issues.find(params[:id])
end
+
+ def authorize_modify_issue!
+ can?(current_user, :modify_issue, @issue) ||
+ @issue.assignee == current_user
+ end
+
+ def authorize_admin_issue!
+ can?(current_user, :admin_issue, @issue)
+ end
end
# Authorize
before_filter :add_project_abilities
- before_filter :authorize_read_project!
- before_filter :authorize_write_project!, :only => [:new, :create, :edit, :update]
+
+ # Allow read any merge_request
+ before_filter :authorize_read_merge_request!
+
+ # Allow write(create) merge_request
+ before_filter :authorize_write_merge_request!, :only => [:new, :create]
+
+ # Allow modify merge_request
+ before_filter :authorize_modify_merge_request!, :only => [:close, :edit, :update, :sort]
+
+ # Allow destroy merge_request
+ before_filter :authorize_admin_merge_request!, :only => [:destroy]
def index
@merge_requests = @project.merge_requests
def merge_request
@merge_request ||= @project.merge_requests.find(params[:id])
end
+
+ def authorize_modify_merge_request!
+ can?(current_user, :modify_merge_request, @merge_request) ||
+ @merge_request.assignee == current_user
+ end
+
+ def authorize_admin_merge_request!
+ can?(current_user, :admin_merge_request, @merge_request)
+ end
end
# Authorize
before_filter :add_project_abilities
+
+ before_filter :authorize_read_note!
before_filter :authorize_write_note!, :only => [:create]
respond_to :js
# Authorize
before_filter :add_project_abilities
+
+ # Allow read any snippet
before_filter :authorize_read_snippet!
- before_filter :authorize_write_snippet!, :only => [:new, :create, :close, :edit, :update, :sort]
+
+ # Allow write(create) snippet
+ before_filter :authorize_write_snippet!, :only => [:new, :create]
+
+ # Allow modify snippet
+ before_filter :authorize_modify_snippet!, :only => [:edit, :update]
+
+ # Allow destroy snippet
+ before_filter :authorize_admin_snippet!, :only => [:destroy]
respond_to :html
redirect_to project_snippets_path(@project)
end
+
+ protected
+
+ def authorize_modify_snippet!
+ can?(current_user, :modify_snippet, @snippet)
+ end
+
+ def authorize_admin_snippet!
+ can?(current_user, :admin_snippet, @snippet)
+ end
end
# Authorize
before_filter :add_project_abilities
before_filter :authorize_read_project!
- before_filter :authorize_admin_project!, :only => [:new, :create, :destroy, :update]
+ before_filter :authorize_admin_project!, :except => [:show]
def show
@team_member = project.users_projects.find(params[:id])
:read_team_member,
:read_merge_request,
:read_note
- ] if project.readers.include?(user)
+ ] if project.allow_read_for?(user)
rules << [
:write_project,
:write_snippet,
:write_merge_request,
:write_note
- ] if project.writers.include?(user)
+ ] if project.allow_write_for?(user)
rules << [
+ :modify_issue,
+ :modify_snippet,
:admin_project,
:admin_issue,
:admin_snippet,
:admin_team_member,
:admin_merge_request,
:admin_note
- ] if project.admins.include?(user)
+ ] if project.allow_admin_for?(user)
rules.flatten
end
[
:"read_#{name}",
:"write_#{name}",
+ :"modify_#{name}",
:"admin_#{name}"
]
else
@admins ||= users_projects.includes(:user).where(:project_access => PROJECT_RWA).map(&:user)
end
+ def allow_read_for?(user)
+ !users_projects.where(:user_id => user.id, :project_access => [PROJECT_R, PROJECT_RW, PROJECT_RWA]).empty?
+ end
+
+ def allow_write_for?(user)
+ !users_projects.where(:user_id => user.id, :project_access => [PROJECT_RW, PROJECT_RWA]).empty?
+ end
+
+ def allow_admin_for?(user)
+ !users_projects.where(:user_id => user.id, :project_access => [PROJECT_RWA]).empty? || owner_id == user.id
+ end
+
def root_ref
default_branch || "master"
end
OSDN Git Service
