From 22279bc55870435c61d5e8208cc3117ef2268052 Mon Sep 17 00:00:00 2001
From: Dmitry Medvinsky <me@dmedvinsky.name>
Date: Mon, 11 Mar 2013 10:44:45 +0400
Subject: [PATCH] Add settings for user permission defaults
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

“Can create groups” and “Can create teams” had hardcoded defaults to
`true`. Sometimes it is desirable to prohibit these for newly created
users by default.
---
 app/controllers/admin/users_controller.rb   |  2 +-
 app/controllers/registrations_controller.rb |  3 +--
 app/models/user.rb                          |  8 ++++++++
 config/gitlab.yml.example                   |  4 +++-
 config/initializers/1_settings.rb           | 13 ++++++++++++-
 lib/gitlab/auth.rb                          |  3 +--
 spec/features/admin/admin_users_spec.rb     |  8 ++++++++
 spec/lib/auth_spec.rb                       | 10 ++++++++++
 spec/models/user_spec.rb                    | 18 ++++++++++++++++++
 9 files changed, 62 insertions(+), 7 deletions(-)

diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index 3075e7502f3..185ad181b2a 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -29,7 +29,7 @@ class Admin::UsersController < Admin::ApplicationController
 
 
   def new
-    @admin_user = User.new({ projects_limit: Gitlab.config.gitlab.default_projects_limit }, as: :admin)
+    @admin_user = User.new.with_defaults
   end
 
   def edit
diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb
index 507a5c206c6..194dfcd4122 100644
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -16,8 +16,7 @@ class RegistrationsController < Devise::RegistrationsController
 
   def build_resource(hash=nil)
     super
-    self.resource.projects_limit = Gitlab.config.gitlab.default_projects_limit
-    self.resource
+    self.resource.with_defaults
   end
 
   private
diff --git a/app/models/user.rb b/app/models/user.rb
index 55aa5b563c5..17da8569920 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -196,6 +196,14 @@ class User < ActiveRecord::Base
     username
   end
 
+  def with_defaults
+    tap do |u|
+      u.projects_limit = Gitlab.config.gitlab.default_projects_limit
+      u.can_create_group = Gitlab.config.gitlab.default_can_create_group
+      u.can_create_team = Gitlab.config.gitlab.default_can_create_team
+    end
+  end
+
   def notification
     @notification ||= Notification.new(self)
   end
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index 19b58bcc371..1910d766535 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -34,7 +34,9 @@ production: &base
 
     ## Project settings
     default_projects_limit: 10
-    # signup_enabled: true          # default: false - Account passwords are not sent via the email if signup is enabled.
+    # default_can_create_group: false  # default: true
+    # default_can_create_team: false   # default: true
+    # signup_enabled: true             # default: false - Account passwords are not sent via the email if signup is enabled.
     # username_changing_enabled: false # default: true - User can change her username/namespace
 
     ## Default project features settings
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index 27605efddfe..f85b80f5b79 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -48,7 +48,9 @@ Settings['issues_tracker']  ||= {}
 # GitLab
 #
 Settings['gitlab'] ||= Settingslogic.new({})
-Settings.gitlab['default_projects_limit'] ||=  10
+Settings.gitlab['default_projects_limit'] ||= 10
+Settings.gitlab['default_can_create_group'] = true if Settings.gitlab['default_can_create_group'].nil?
+Settings.gitlab['default_can_create_team']  = true if Settings.gitlab['default_can_create_team'].nil?
 Settings.gitlab['host']       ||= 'localhost'
 Settings.gitlab['https']        = false if Settings.gitlab['https'].nil?
 Settings.gitlab['port']       ||= Settings.gitlab.https ? 443 : 80
@@ -111,3 +113,12 @@ Settings.satellites['path'] = File.expand_path(Settings.satellites['path'] || "t
 # Extra customization
 #
 Settings['extra'] ||= Settingslogic.new({})
+
+#
+# Testing settings
+#
+if Rails.env.test?
+  Settings.gitlab['default_projects_limit']   = 42
+  Settings.gitlab['default_can_create_group'] = false
+  Settings.gitlab['default_can_create_team']  = false
+end
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb
index 78d2196fbbe..94212bd544a 100644
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -39,8 +39,7 @@ module Gitlab
         email: email,
         password: password,
         password_confirmation: password,
-        projects_limit: Gitlab.config.gitlab.default_projects_limit,
-      }, as: :admin)
+      }, as: :admin).with_defaults
       @user.save!
 
       if Gitlab.config.omniauth['block_auto_created_users'] && !ldap
diff --git a/spec/features/admin/admin_users_spec.rb b/spec/features/admin/admin_users_spec.rb
index a6cf5299791..bec43e5029c 100644
--- a/spec/features/admin/admin_users_spec.rb
+++ b/spec/features/admin/admin_users_spec.rb
@@ -33,6 +33,14 @@ describe "Admin::Users" do
       expect { click_button "Create user" }.to change {User.count}.by(1)
     end
 
+    it "should apply defaults to user" do
+      click_button "Create user"
+      user = User.last
+      user.projects_limit.should == Gitlab.config.gitlab.default_projects_limit
+      user.can_create_group.should == Gitlab.config.gitlab.default_can_create_group
+      user.can_create_team.should == Gitlab.config.gitlab.default_can_create_team
+    end
+
     it "should create user with valid data" do
       click_button "Create user"
       user = User.last
diff --git a/spec/lib/auth_spec.rb b/spec/lib/auth_spec.rb
index 1e03bc591b4..a7ce97554ea 100644
--- a/spec/lib/auth_spec.rb
+++ b/spec/lib/auth_spec.rb
@@ -91,5 +91,15 @@ describe Gitlab::Auth do
       user.extern_uid.should == @info.uid
       user.provider.should == 'twitter'
     end
+
+    it "should apply defaults to user" do
+      @auth = mock(info: @info, provider: 'ldap')
+      user = gl_auth.create_from_omniauth(@auth, true)
+
+      user.should be_valid
+      user.projects_limit.should == Gitlab.config.gitlab.default_projects_limit
+      user.can_create_group.should == Gitlab.config.gitlab.default_can_create_group
+      user.can_create_team.should == Gitlab.config.gitlab.default_can_create_team
+    end
   end
 end
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 380bbe7351f..7559c4cc3a1 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -178,4 +178,22 @@ describe User do
     it { user.can_create_project?.should be_true }
     it { user.first_name.should == 'John' }
   end
+
+  describe 'without defaults' do
+    let(:user) { User.new }
+    it "should not apply defaults to user" do
+      user.projects_limit.should == 10
+      user.can_create_group.should == true
+      user.can_create_team.should == true
+    end
+  end
+
+  describe 'with defaults' do
+    let(:user) { User.new.with_defaults }
+    it "should apply defaults to user" do
+      user.projects_limit.should == 42
+      user.can_create_group.should == false
+      user.can_create_team.should == false
+    end
+  end
 end