From 737d194c0826beb7783c34e982cea673e3f6a61a Mon Sep 17 00:00:00 2001 From: Sean McGivern Date: Thu, 8 Jun 2017 11:44:33 +0100 Subject: [PATCH] Allow group reporters to promote labels They can admin group labels anyway, we weren't checking the more specific permission. --- app/controllers/projects/labels_controller.rb | 6 +++--- app/views/shared/_label.html.haml | 2 +- .../unreleased/allow-reporters-to-promote-group-labels.yml | 4 ++++ spec/controllers/projects/labels_controller_spec.rb | 6 +++--- 4 files changed, 11 insertions(+), 7 deletions(-) create mode 100644 changelogs/unreleased/allow-reporters-to-promote-group-labels.yml diff --git a/app/controllers/projects/labels_controller.rb b/app/controllers/projects/labels_controller.rb index ac151839f61..1beac202efe 100644 --- a/app/controllers/projects/labels_controller.rb +++ b/app/controllers/projects/labels_controller.rb @@ -8,7 +8,7 @@ class Projects::LabelsController < Projects::ApplicationController before_action :authorize_admin_labels!, only: [:new, :create, :edit, :update, :generate, :destroy, :remove_priority, :set_priorities] - before_action :authorize_admin_group!, only: [:promote] + before_action :authorize_admin_group_labels!, only: [:promote] respond_to :js, :html @@ -161,7 +161,7 @@ class Projects::LabelsController < Projects::ApplicationController return render_404 unless can?(current_user, :admin_label, @project) end - def authorize_admin_group! - return render_404 unless can?(current_user, :admin_group, @project.group) + def authorize_admin_group_labels! + return render_404 unless can?(current_user, :admin_label, @project.group) end end diff --git a/app/views/shared/_label.html.haml b/app/views/shared/_label.html.haml index bd994cdad01..c185e9b73ee 100644 --- a/app/views/shared/_label.html.haml +++ b/app/views/shared/_label.html.haml @@ -64,7 +64,7 @@ %a.js-subscribe-button{ data: { url: toggle_subscription_group_label_path(label.group, label) } } Group level - - if label.is_a?(ProjectLabel) && label.project.group && can?(current_user, :admin_group, label.project.group) + - if label.is_a?(ProjectLabel) && label.project.group && can?(current_user, :admin_label, label.project.group) = link_to promote_namespace_project_label_path(label.project.namespace, label.project, label), title: "Promote to Group Label", class: 'btn btn-transparent btn-action', data: {confirm: "Promoting this label will make this label available to all projects inside this group. Existing project labels with the same name will be merged. Are you sure?", toggle: "tooltip"}, method: :post do %span.sr-only Promote to Group = icon('level-up') diff --git a/changelogs/unreleased/allow-reporters-to-promote-group-labels.yml b/changelogs/unreleased/allow-reporters-to-promote-group-labels.yml new file mode 100644 index 00000000000..2364ce6d068 --- /dev/null +++ b/changelogs/unreleased/allow-reporters-to-promote-group-labels.yml @@ -0,0 +1,4 @@ +--- +title: Allow reporters to promote project labels to group labels +merge_request: +author: diff --git a/spec/controllers/projects/labels_controller_spec.rb b/spec/controllers/projects/labels_controller_spec.rb index 130b0b744b5..bf1776eb320 100644 --- a/spec/controllers/projects/labels_controller_spec.rb +++ b/spec/controllers/projects/labels_controller_spec.rb @@ -117,7 +117,7 @@ describe Projects::LabelsController do let!(:promoted_label_name) { "Promoted Label" } let!(:label_1) { create(:label, title: promoted_label_name, project: project) } - context 'not group owner' do + context 'not group reporters' do it 'denies access' do post :promote, namespace_id: project.namespace.to_param, project_id: project, id: label_1.to_param @@ -125,9 +125,9 @@ describe Projects::LabelsController do end end - context 'group owner' do + context 'group reporter' do before do - GroupMember.add_users(group, [user], :owner) + group.add_reporter(user) end it 'gives access' do