gitlab-org--gitlab-foss/app/controllers/groups_controller.rb

class GroupsController < ApplicationController
  respond_to :html
  before_filter :group, except: [:new, :create]

  # Authorize
  before_filter :authorize_read_group!, except: [:new, :create]
  before_filter :authorize_admin_group!, only: [:edit, :update, :destroy]
  before_filter :authorize_create_group!, only: [:new, :create]

  # Load group projects
  before_filter :projects, except: [:new, :create]

  layout :determine_layout

  before_filter :set_title, only: [:new, :create]

  def new
    @group = Group.new
  end

  def create
    @group = Group.new(params[:group])
    @group.path = @group.name.dup.parameterize if @group.name

    if @group.save
      @group.add_owner(current_user)
      redirect_to @group, notice: 'Group was successfully created.'
    else
      render action: "new"
    end
  end

  def show
    @events = Event.in_projects(project_ids)
    @events = event_filter.apply_filter(@events)
    @events = @events.limit(20).offset(params[:offset] || 0)
    @last_push = current_user.recent_push

    respond_to do |format|
      format.html
      format.json { pager_json("events/_events", @events.count) }
      format.atom { render layout: false }
    end
  end

  # Get authored or assigned open merge requests
  def merge_requests
    @merge_requests = FilterContext.new(MergeRequest, current_user, params).execute
    @merge_requests = @merge_requests.of_group(@group)
    @merge_requests = @merge_requests.recent.page(params[:page]).per(20)
  end

  # Get only assigned issues
  def issues
    @issues = FilterContext.new(Issue, current_user, params).execute
    @issues = @issues.of_group(@group)
    @issues = @issues.recent.page(params[:page]).per(20)
    @issues = @issues.includes(:author, :project)

    respond_to do |format|
      format.html
      format.atom { render layout: false }
    end
  end

  def members
    @project = group.projects.find(params[:project_id]) if params[:project_id]
    @members = group.users_groups.order('group_access DESC')
    @users_group = UsersGroup.new
  end

  def edit
  end

  def update
    if @group.update_attributes(params[:group])
      redirect_to @group, notice: 'Group was successfully updated.'
    else
      render action: "edit"
    end
  end

  def destroy
    @group.destroy

    redirect_to root_path, notice: 'Group was removed.'
  end

  protected

  def group
    @group ||= Group.find_by_path(params[:id])
  end

  def projects
    @projects ||= current_user.authorized_projects.where(namespace_id: group.id).sorted_by_activity
  end

  def project_ids
    projects.map(&:id)
  end

  # Dont allow unauthorized access to group
  def authorize_read_group!
    unless @group and (projects.present? or can?(current_user, :read_group, @group))
      return render_404
    end
  end

  def authorize_create_group!
    unless can?(current_user, :create_group, nil)
      return render_404
    end
  end

  def authorize_admin_group!
    unless can?(current_user, :manage_group, group)
      return render_404
    end
  end

  def set_title
    @title = 'New Group'
  end

  def determine_layout
    if [:new, :create].include?(action_name.to_sym)
      'navless'
    else
      'group'
    end
  end
end
Move all stuff to groups controller 2012-10-02 17:42:15 +00:00			`class GroupsController < ApplicationController`
			`respond_to :html`
prevent document unbind since it breaks rails ujs 2013-06-21 20:47:42 +00:00			`before_filter :group, except: [:new, :create]`
Move all stuff to groups controller 2012-10-02 17:42:15 +00:00
authorized_projects and authorized_groups methods for user 2012-11-29 15:17:01 +00:00			`# Authorize`
User can create group 2013-01-24 15:47:09 +00:00			`before_filter :authorize_read_group!, except: [:new, :create]`
Ability to manage and remove group as owner outside of admin area 2013-02-01 17:04:11 +00:00			`before_filter :authorize_admin_group!, only: [:edit, :update, :destroy]`
allow/deny user to create group/team 2013-01-25 09:30:49 +00:00			`before_filter :authorize_create_group!, only: [:new, :create]`
User can create group 2013-01-24 15:47:09 +00:00
			`# Load group projects`
			`before_filter :projects, except: [:new, :create]`

Fix determine of layout for group/team 2013-06-08 13:26:57 +00:00			`layout :determine_layout`

navless layout for new group/team. Proper title for this pages 2013-06-07 14:41:01 +00:00			`before_filter :set_title, only: [:new, :create]`

User can create group 2013-01-24 15:47:09 +00:00			`def new`
			`@group = Group.new`
			`end`

			`def create`
			`@group = Group.new(params[:group])`
			`@group.path = @group.name.dup.parameterize if @group.name`

			`if @group.save`
Group ownership completely based on users_groups relation now Before we have only owner_id to determine group owner With multiple owners per group we should get rid of owner_id in group. So from now @group.owner will always be nil but @group.owners return an actual array of users who can admin this group 2013-09-26 11:49:22 +00:00			`@group.add_owner(current_user)`
User can create group 2013-01-24 15:47:09 +00:00			`redirect_to @group, notice: 'Group was successfully created.'`
			`else`
			`render action: "new"`
			`end`
			`end`
authorized_projects and authorized_groups methods for user 2012-11-29 15:17:01 +00:00
Move all stuff to groups controller 2012-10-02 17:42:15 +00:00			`def show`
Add event filter for group and project show pages 2013-08-26 13:30:03 +00:00			`@events = Event.in_projects(project_ids)`
			`@events = event_filter.apply_filter(@events)`
			`@events = @events.limit(20).offset(params[:offset] \|\| 0)`
Move all stuff to groups controller 2012-10-02 17:42:15 +00:00			`@last_push = current_user.recent_push`

			`respond_to do \|format\|`
			`format.html`
Drop rjs from Infinite scrolling Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-11-28 09:38:20 +00:00			`format.json { pager_json("events/_events", @events.count) }`
Move all stuff to groups controller 2012-10-02 17:42:15 +00:00			`format.atom { render layout: false }`
			`end`
			`end`

			`# Get authored or assigned open merge requests`
			`def merge_requests`
Refactor FilterContext Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-12-25 07:45:53 +00:00			`@merge_requests = FilterContext.new(MergeRequest, current_user, params).execute`
			`@merge_requests = @merge_requests.of_group(@group)`
Common filtering for dashboard and group. Share partial search result partial 2013-01-07 18:48:57 +00:00			`@merge_requests = @merge_requests.recent.page(params[:page]).per(20)`
Move all stuff to groups controller 2012-10-02 17:42:15 +00:00			`end`

			`# Get only assigned issues`
			`def issues`
Refactor FilterContext Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-12-25 07:45:53 +00:00			`@issues = FilterContext.new(Issue, current_user, params).execute`
			`@issues = @issues.of_group(@group)`
Common filtering for dashboard and group. Share partial search result partial 2013-01-07 18:48:57 +00:00			`@issues = @issues.recent.page(params[:page]).per(20)`
Move all stuff to groups controller 2012-10-02 17:42:15 +00:00			`@issues = @issues.includes(:author, :project)`

			`respond_to do \|format\|`
			`format.html`
			`format.atom { render layout: false }`
			`end`
			`end`

Rename Group#people to Group#members 2013-07-12 16:01:39 +00:00			`def members`
Manage team from groups page. Phase 1 2012-11-29 17:14:05 +00:00			`@project = group.projects.find(params[:project_id]) if params[:project_id]`
Restyle project members page to fit both group and personal projects 2013-06-17 18:00:59 +00:00			`@members = group.users_groups.order('group_access DESC')`
Added UsersGroup scaffold. Simplify adding people to group 2013-06-17 13:51:43 +00:00			`@users_group = UsersGroup.new`
Add functional in user section 2012-12-25 22:52:49 +00:00			`end`

Ability to manage and remove group as owner outside of admin area 2013-02-01 17:04:11 +00:00			`def edit`
			`end`

			`def update`
Remove project transfer page since we already have multiple owners for group 2013-09-26 07:33:06 +00:00			`if @group.update_attributes(params[:group])`
Ability to manage and remove group as owner outside of admin area 2013-02-01 17:04:11 +00:00			`redirect_to @group, notice: 'Group was successfully updated.'`
			`else`
			`render action: "edit"`
			`end`
			`end`

			`def destroy`
			`@group.destroy`

			`redirect_to root_path, notice: 'Group was removed.'`
			`end`

Move all stuff to groups controller 2012-10-02 17:42:15 +00:00			`protected`

			`def group`
Fixed some tests and snippet colorize 2012-11-23 19:31:09 +00:00			`@group \|\|= Group.find_by_path(params[:id])`
Move all stuff to groups controller 2012-10-02 17:42:15 +00:00			`end`

			`def projects`
Project has now correct owner and creator. Increased test coverage 2013-01-02 17:00:00 +00:00			`@projects \|\|= current_user.authorized_projects.where(namespace_id: group.id).sorted_by_activity`
Move all stuff to groups controller 2012-10-02 17:42:15 +00:00			`end`

			`def project_ids`
			`projects.map(&:id)`
			`end`
authorized_projects and authorized_groups methods for user 2012-11-29 15:17:01 +00:00
			`# Dont allow unauthorized access to group`
			`def authorize_read_group!`
Fixes 500 error when user types in wrong group name. 2013-11-01 16:29:37 +00:00			`unless @group and (projects.present? or can?(current_user, :read_group, @group))`
authorized_projects and authorized_groups methods for user 2012-11-29 15:17:01 +00:00			`return render_404`
			`end`
			`end`
allow/deny user to create group/team 2013-01-25 09:30:49 +00:00
			`def authorize_create_group!`
Ability to manage and remove group as owner outside of admin area 2013-02-01 17:04:11 +00:00			`unless can?(current_user, :create_group, nil)`
			`return render_404`
			`end`
			`end`

			`def authorize_admin_group!`
			`unless can?(current_user, :manage_group, group)`
			`return render_404`
			`end`
allow/deny user to create group/team 2013-01-25 09:30:49 +00:00			`end`
navless layout for new group/team. Proper title for this pages 2013-06-07 14:41:01 +00:00
			`def set_title`
			`@title = 'New Group'`
			`end`
Fix determine of layout for group/team 2013-06-08 13:26:57 +00:00
			`def determine_layout`
			`if [:new, :create].include?(action_name.to_sym)`
			`'navless'`
			`else`
			`'group'`
			`end`
			`end`
Move all stuff to groups controller 2012-10-02 17:42:15 +00:00			`end`