Move permission to create subgroup into GroupPolicy

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2017-04-11 19:36:56 +03:00 · 2017-04-11 19:36:56 +03:00 · 525ea06687
parent c6701fef0e
commit 525ea06687
6 changed files with 8 additions and 28 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -570,10 +570,6 @@ class User < ActiveRecord::Base
    can?(:create_group)
  end

-  def can_create_subgroup?(group)
-    can?(:create_group) && can?(:admin_group, group)
-  end
-
  def can_select_namespace?
    several_namespaces? || admin
  end
--- a/app/policies/group_policy.rb
+++ b/app/policies/group_policy.rb
@ -28,6 +28,7 @@ class GroupPolicy < BasePolicy
      can! :admin_namespace
      can! :admin_group_member
      can! :change_visibility_level
+      can! :create_subgroup if @user.can_create_group
    end

    if globally_viewable && @subject.request_access_enabled && !member
--- a/app/views/groups/subgroups.html.haml
+++ b/app/views/groups/subgroups.html.haml
@ -9,7 +9,7 @@
    .nav-controls
      = form_tag request.path, method: :get do |f|
        = search_field_tag :filter_groups, params[:filter_groups], placeholder: 'Filter by name', class: 'form-control', spellcheck: false
-      - if current_user.can_create_subgroup? @group
+      - if can?(current_user, :create_subgroup, @group)
        = link_to new_group_path(parent_id: @group.id), class: 'btn btn-new pull-right' do
          New Subgroup

--- a/changelogs/unreleased/siemens-gitlab-ce-fix-subgroup-hide-button.yml
+++ b/changelogs/unreleased/siemens-gitlab-ce-fix-subgroup-hide-button.yml
@ -0,0 +1,4 @@
+---
+title: Hide new subgroup button if user has no permission to create one
+merge_request:
+author:
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@ -464,28 +464,6 @@ describe User, models: true do
    it { expect(@user2.several_namespaces?).to be_truthy }
  end

-  describe 'subgroups' do
-    let(:group) { create :group }
-
-    it 'allows if owner' do
-      user = create :user
-      group.add_user(user, GroupMember::OWNER)
-      expect(user.can_create_subgroup?(group)).to be_truthy
-    end
-
-    it 'disallows if missing right' do
-      user = create(:user, can_create_group: false)
-      group.add_user(user, GroupMember::MASTER)
-      expect(user.can_create_subgroup?(group)).to be_falsey
-    end
-
-    it 'disallows if developer' do
-      user = create :user
-      group.add_user(user, GroupMember::DEVELOPER)
-      expect(user.can_create_subgroup?(group)).to be_falsey
-    end
-  end
-
  describe 'namespaced' do
    before do
      @user = create :user
--- a/spec/policies/group_policy_spec.rb
+++ b/spec/policies/group_policy_spec.rb
@ -22,7 +22,8 @@ describe GroupPolicy, models: true do
      :admin_group,
      :admin_namespace,
      :admin_group_member,
-      :change_visibility_level
+      :change_visibility_level,
+      :create_subgroup
    ]
  end