moved fork checks into policies

This commit is contained in:
Phil Hughes 2017-09-29 12:14:39 +01:00
parent 8585ae61e7
commit 93aa6d04c2
No known key found for this signature in database
GPG key ID: 32245528C52E0F9F
6 changed files with 61 additions and 9 deletions

View file

@ -11,6 +11,8 @@ class GlobalPolicy < BasePolicy
with_options scope: :user, score: 0 with_options scope: :user, score: 0
condition(:access_locked) { @user.access_locked? } condition(:access_locked) { @user.access_locked? }
condition(:can_create_fork, scope: :user) { @user.manageable_namespaces.any? { |namespace| @user.can?(:create_projects, namespace) } }
rule { anonymous }.policy do rule { anonymous }.policy do
prevent :log_in prevent :log_in
prevent :access_api prevent :access_api
@ -40,6 +42,10 @@ class GlobalPolicy < BasePolicy
enable :create_group enable :create_group
end end
rule { can_create_fork }.policy do
enable :create_fork
end
rule { access_locked }.policy do rule { access_locked }.policy do
prevent :log_in prevent :log_in
end end

View file

@ -1,10 +1,14 @@
class NamespacePolicy < BasePolicy class NamespacePolicy < BasePolicy
rule { anonymous }.prevent_all rule { anonymous }.prevent_all
condition(:personal_project, scope: :subject) { @subject.kind == 'user' }
condition(:can_create_personal_project, scope: :user) { @user.can_create_project? }
condition(:owner) { @subject.owner == @user } condition(:owner) { @subject.owner == @user }
rule { owner | admin }.policy do rule { owner | admin }.policy do
enable :create_projects enable :create_projects
enable :admin_namespace enable :admin_namespace
end end
rule { personal_project & ~can_create_personal_project }.prevent :create_projects
end end

View file

@ -5,10 +5,10 @@
= custom_icon('icon_fork') = custom_icon('icon_fork')
%span= s_('GoToYourFork|Fork') %span= s_('GoToYourFork|Fork')
- else - else
- can_fork = current_user.can_create_project? || current_user.manageable_namespaces.count > 1 - can_create_fork = current_user.can?(:create_fork)
= link_to new_project_fork_path(@project), = link_to new_project_fork_path(@project),
class: "btn btn-default #{'has-tooltip disabled' unless can_fork}", class: "btn btn-default #{'has-tooltip disabled' unless can_create_fork}",
title: (_('You have reached your project limit') unless can_fork) do title: (_('You have reached your project limit') unless can_create_fork) do
= custom_icon('icon_fork') = custom_icon('icon_fork')
%span= s_('CreateNewFork|Fork') %span= s_('CreateNewFork|Fork')
.count-with-arrow .count-with-arrow

View file

@ -1,5 +1,4 @@
- page_title "Fork project" - page_title "Fork project"
- can_create_project = current_user.can_create_project?
.row.prepend-top-default .row.prepend-top-default
.col-lg-3 .col-lg-3
@ -14,7 +13,7 @@
- if @namespaces.present? - if @namespaces.present?
%label.label-light %label.label-light
%span %span
#{ "Click to fork the project to a #{'user or' if can_create_project} group" } Click to fork the project
- @namespaces.in_groups_of(6, false) do |group| - @namespaces.in_groups_of(6, false) do |group|
.row .row
- group.each do |namespace| - group.each do |namespace|
@ -30,12 +29,12 @@
.caption .caption
= namespace.human_name = namespace.human_name
- else - else
- is_disabled = namespace.kind === 'user' && !can_create_project - can_create_project = current_user.can?(:create_projects, namespace)
.fork-thumbnail{ class: ("disabled" if is_disabled) } .fork-thumbnail{ class: ("disabled" unless can_create_project) }
= link_to project_forks_path(@project, namespace_key: namespace.id), = link_to project_forks_path(@project, namespace_key: namespace.id),
method: "POST", method: "POST",
class: ("disabled has-tooltip" if is_disabled), class: ("disabled has-tooltip" unless can_create_project),
title: (_('You have reached your project limit') if is_disabled) do title: (_('You have reached your project limit') unless can_create_project) do
- if /no_((\w*)_)*avatar/.match(avatar) - if /no_((\w*)_)*avatar/.match(avatar)
.no-avatar .no-avatar
= icon 'question' = icon 'question'

View file

@ -52,6 +52,29 @@ describe GlobalPolicy do
end end
end end
describe "create fork" do
context "when user has not exceeded project limit" do
it { is_expected.to be_allowed(:create_fork) }
end
context "when user has exceeded project limit" do
let(:current_user) { create(:user, projects_limit: 0) }
it { is_expected.not_to be_allowed(:create_fork) }
end
context "when user is a master in a group" do
let(:group) { create(:group) }
let(:current_user) { create(:user, projects_limit: 0) }
before do
group.add_master(current_user)
end
it { is_expected.to be_allowed(:create_fork) }
end
end
describe 'custom attributes' do describe 'custom attributes' do
context 'regular user' do context 'regular user' do
it { is_expected.not_to be_allowed(:read_custom_attribute) } it { is_expected.not_to be_allowed(:read_custom_attribute) }

View file

@ -0,0 +1,20 @@
require 'spec_helper'
describe NamespacePolicy do
let(:current_user) { create(:user) }
let(:namespace) { current_user.namespace }
subject { described_class.new(current_user, namespace) }
context "create projects" do
context "user namespace" do
it { is_expected.to be_allowed(:create_projects) }
end
context "user who has exceeded project limit" do
let(:current_user) { create(:user, projects_limit: 0) }
it { is_expected.not_to be_allowed(:create_projects) }
end
end
end