gitlab-org--gitlab-foss/app/controllers/groups_controller.rb

class GroupsController < ApplicationController
  respond_to :html
  before_filter :group, except: [:new, :create]

  # Authorize
  before_filter :authorize_read_group!, except: [:new, :create]
  before_filter :authorize_admin_group!, only: [:edit, :update, :destroy]
  before_filter :authorize_create_group!, only: [:new, :create]

  # Load group projects
  before_filter :projects, except: [:new, :create]

  layout :determine_layout

  before_filter :set_title, only: [:new, :create]

  def new
    @group = Group.new
  end

  def create
    @group = Group.new(params[:group])
    @group.path = @group.name.dup.parameterize if @group.name
    @group.owner = current_user

    if @group.save
      redirect_to @group, notice: 'Group was successfully created.'
    else
      render action: "new"
    end
  end

  def show
    @events = Event.in_projects(project_ids).limit(20).offset(params[:offset] || 0)
    @last_push = current_user.recent_push

    respond_to do |format|
      format.html
      format.js
      format.atom { render layout: false }
    end
  end

  # Get authored or assigned open merge requests
  def merge_requests
    @merge_requests = current_user.cared_merge_requests.of_group(@group)
    @merge_requests = FilterContext.new(@merge_requests, params).execute
    @merge_requests = @merge_requests.recent.page(params[:page]).per(20)
  end

  # Get only assigned issues
  def issues
    @issues = current_user.assigned_issues.of_group(@group)
    @issues = FilterContext.new(@issues, params).execute
    @issues = @issues.recent.page(params[:page]).per(20)
    @issues = @issues.includes(:author, :project)

    respond_to do |format|
      format.html
      format.atom { render layout: false }
    end
  end

  def members
    @project = group.projects.find(params[:project_id]) if params[:project_id]
    @members = group.users_groups.order('group_access DESC')
    @users_group = UsersGroup.new
  end

  def edit
  end

  def update
    group_params = params[:group].dup
    owner_id = group_params.delete(:owner_id)

    if owner_id
      @group.owner = User.find(owner_id)
      @group.save
    end

    if @group.update_attributes(group_params)
      redirect_to @group, notice: 'Group was successfully updated.'
    else
      render action: "edit"
    end
  end

  def destroy
    @group.truncate_teams
    @group.destroy

    redirect_to root_path, notice: 'Group was removed.'
  end

  protected

  def group
    @group ||= Group.find_by_path(params[:id])
  end

  def projects
    @projects ||= current_user.authorized_projects.where(namespace_id: group.id).sorted_by_activity
  end

  def project_ids
    projects.map(&:id)
  end

  # Dont allow unauthorized access to group
  def authorize_read_group!
    unless projects.present? or can?(current_user, :manage_group, @group)
      return render_404
    end
  end

  def authorize_create_group!
    unless can?(current_user, :create_group, nil)
      return render_404
    end
  end

  def authorize_admin_group!
    unless can?(current_user, :manage_group, group)
      return render_404
    end
  end

  def set_title
    @title = 'New Group'
  end

  def determine_layout
    if [:new, :create].include?(action_name.to_sym)
      'navless'
    else
      'group'
    end
  end
end
Move all stuff to groups controller 2012-10-02 13:42:15 -04:00			`class GroupsController < ApplicationController`
			`respond_to :html`
prevent document unbind since it breaks rails ujs 2013-06-21 16:47:42 -04:00			`before_filter :group, except: [:new, :create]`
Move all stuff to groups controller 2012-10-02 13:42:15 -04:00
authorized_projects and authorized_groups methods for user 2012-11-29 10:17:01 -05:00			`# Authorize`
User can create group 2013-01-24 10:47:09 -05:00			`before_filter :authorize_read_group!, except: [:new, :create]`
Ability to manage and remove group as owner outside of admin area 2013-02-01 12:04:11 -05:00			`before_filter :authorize_admin_group!, only: [:edit, :update, :destroy]`
allow/deny user to create group/team 2013-01-25 04:30:49 -05:00			`before_filter :authorize_create_group!, only: [:new, :create]`
User can create group 2013-01-24 10:47:09 -05:00
			`# Load group projects`
			`before_filter :projects, except: [:new, :create]`

Fix determine of layout for group/team 2013-06-08 09:26:57 -04:00			`layout :determine_layout`

navless layout for new group/team. Proper title for this pages 2013-06-07 10:41:01 -04:00			`before_filter :set_title, only: [:new, :create]`

User can create group 2013-01-24 10:47:09 -05:00			`def new`
			`@group = Group.new`
			`end`

			`def create`
			`@group = Group.new(params[:group])`
			`@group.path = @group.name.dup.parameterize if @group.name`
			`@group.owner = current_user`

			`if @group.save`
			`redirect_to @group, notice: 'Group was successfully created.'`
			`else`
			`render action: "new"`
			`end`
			`end`
authorized_projects and authorized_groups methods for user 2012-11-29 10:17:01 -05:00
Move all stuff to groups controller 2012-10-02 13:42:15 -04:00			`def show`
Context refactoring. Move Issues list, Search logic to context 2012-10-09 15:09:46 -04:00			`@events = Event.in_projects(project_ids).limit(20).offset(params[:offset] \|\| 0)`
Move all stuff to groups controller 2012-10-02 13:42:15 -04:00			`@last_push = current_user.recent_push`

			`respond_to do \|format\|`
			`format.html`
			`format.js`
			`format.atom { render layout: false }`
			`end`
			`end`

			`# Get authored or assigned open merge requests`
			`def merge_requests`
Common filtering for dashboard and group. Share partial search result partial 2013-01-07 13:48:57 -05:00			`@merge_requests = current_user.cared_merge_requests.of_group(@group)`
			`@merge_requests = FilterContext.new(@merge_requests, params).execute`
			`@merge_requests = @merge_requests.recent.page(params[:page]).per(20)`
Move all stuff to groups controller 2012-10-02 13:42:15 -04:00			`end`

			`# Get only assigned issues`
			`def issues`
Common filtering for dashboard and group. Share partial search result partial 2013-01-07 13:48:57 -05:00			`@issues = current_user.assigned_issues.of_group(@group)`
			`@issues = FilterContext.new(@issues, params).execute`
			`@issues = @issues.recent.page(params[:page]).per(20)`
Move all stuff to groups controller 2012-10-02 13:42:15 -04:00			`@issues = @issues.includes(:author, :project)`

			`respond_to do \|format\|`
			`format.html`
			`format.atom { render layout: false }`
			`end`
			`end`

Rename Group#people to Group#members 2013-07-12 12:01:39 -04:00			`def members`
Manage team from groups page. Phase 1 2012-11-29 12:14:05 -05:00			`@project = group.projects.find(params[:project_id]) if params[:project_id]`
Restyle project members page to fit both group and personal projects 2013-06-17 14:00:59 -04:00			`@members = group.users_groups.order('group_access DESC')`
Added UsersGroup scaffold. Simplify adding people to group 2013-06-17 09:51:43 -04:00			`@users_group = UsersGroup.new`
Add functional in user section 2012-12-25 17:52:49 -05:00			`end`

Ability to manage and remove group as owner outside of admin area 2013-02-01 12:04:11 -05:00			`def edit`
			`end`

			`def update`
			`group_params = params[:group].dup`
Add owner to group members after group create 2013-06-18 09:56:31 -04:00			`owner_id = group_params.delete(:owner_id)`
Ability to manage and remove group as owner outside of admin area 2013-02-01 12:04:11 -05:00
			`if owner_id`
			`@group.owner = User.find(owner_id)`
Restyled group -> edit area. Use select2 for transfer autocomplete 2013-03-14 05:31:33 -04:00			`@group.save`
Ability to manage and remove group as owner outside of admin area 2013-02-01 12:04:11 -05:00			`end`

			`if @group.update_attributes(group_params)`
			`redirect_to @group, notice: 'Group was successfully updated.'`
			`else`
			`render action: "edit"`
			`end`
			`end`

			`def destroy`
			`@group.truncate_teams`
			`@group.destroy`

			`redirect_to root_path, notice: 'Group was removed.'`
			`end`

Move all stuff to groups controller 2012-10-02 13:42:15 -04:00			`protected`

			`def group`
Fixed some tests and snippet colorize 2012-11-23 14:31:09 -05:00			`@group \|\|= Group.find_by_path(params[:id])`
Move all stuff to groups controller 2012-10-02 13:42:15 -04:00			`end`

			`def projects`
Project has now correct owner and creator. Increased test coverage 2013-01-02 12:00:00 -05:00			`@projects \|\|= current_user.authorized_projects.where(namespace_id: group.id).sorted_by_activity`
Move all stuff to groups controller 2012-10-02 13:42:15 -04:00			`end`

			`def project_ids`
			`projects.map(&:id)`
			`end`
authorized_projects and authorized_groups methods for user 2012-11-29 10:17:01 -05:00
			`# Dont allow unauthorized access to group`
			`def authorize_read_group!`
			`unless projects.present? or can?(current_user, :manage_group, @group)`
			`return render_404`
			`end`
			`end`
allow/deny user to create group/team 2013-01-25 04:30:49 -05:00
			`def authorize_create_group!`
Ability to manage and remove group as owner outside of admin area 2013-02-01 12:04:11 -05:00			`unless can?(current_user, :create_group, nil)`
			`return render_404`
			`end`
			`end`

			`def authorize_admin_group!`
			`unless can?(current_user, :manage_group, group)`
			`return render_404`
			`end`
allow/deny user to create group/team 2013-01-25 04:30:49 -05:00			`end`
navless layout for new group/team. Proper title for this pages 2013-06-07 10:41:01 -04:00
			`def set_title`
			`@title = 'New Group'`
			`end`
Fix determine of layout for group/team 2013-06-08 09:26:57 -04:00
			`def determine_layout`
			`if [:new, :create].include?(action_name.to_sym)`
			`'navless'`
			`else`
			`'group'`
			`end`
			`end`
Move all stuff to groups controller 2012-10-02 13:42:15 -04:00			`end`