Add specific ability for managing group members
This commit is contained in:
parent
43d1188031
commit
f9bcb9632c
|
@ -21,6 +21,8 @@ class Groups::GroupMembersController < Groups::ApplicationController
|
|||
end
|
||||
|
||||
def create
|
||||
return render_403 unless can?(current_user, :admin_group_member, @group)
|
||||
|
||||
@group.add_users(params[:user_ids].split(','), params[:access_level], current_user)
|
||||
|
||||
redirect_to group_group_members_path(@group), notice: 'Users were successfully added.'
|
||||
|
@ -28,6 +30,9 @@ class Groups::GroupMembersController < Groups::ApplicationController
|
|||
|
||||
def update
|
||||
@member = @group.group_members.find(params[:id])
|
||||
|
||||
return render_403 unless can?(current_user, :update_group_member, @member)
|
||||
|
||||
@member.update_attributes(member_params)
|
||||
end
|
||||
|
||||
|
@ -46,6 +51,8 @@ class Groups::GroupMembersController < Groups::ApplicationController
|
|||
end
|
||||
|
||||
def resend_invite
|
||||
return render_403 unless can?(current_user, :admin_group_member, @group)
|
||||
|
||||
redirect_path = group_group_members_path(@group)
|
||||
|
||||
@group_member = @group.group_members.find(params[:id])
|
||||
|
|
|
@ -233,7 +233,8 @@ class Ability
|
|||
if group.has_owner?(user) || user.admin?
|
||||
rules.push(*[
|
||||
:admin_group,
|
||||
:admin_namespace
|
||||
:admin_namespace,
|
||||
:admin_group_member
|
||||
])
|
||||
end
|
||||
|
||||
|
@ -295,7 +296,7 @@ class Ability
|
|||
rules = []
|
||||
target_user = subject.user
|
||||
group = subject.group
|
||||
can_manage = group_abilities(user, group).include?(:admin_group)
|
||||
can_manage = group_abilities(user, group).include?(:admin_group_member)
|
||||
|
||||
if can_manage && (user != target_user)
|
||||
rules << :update_group_member
|
||||
|
|
|
@ -23,9 +23,10 @@
|
|||
%i.fa.fa-cogs
|
||||
Settings
|
||||
|
||||
= link_to leave_group_group_members_path(group), data: { confirm: leave_group_message(group.name) }, method: :delete, class: "btn-sm btn btn-grouped", title: 'Leave this group' do
|
||||
%i.fa.fa-sign-out
|
||||
Leave
|
||||
- if can?(current_user, :destroy_group_member, group_member)
|
||||
= link_to leave_group_group_members_path(group), data: { confirm: leave_group_message(group.name) }, method: :delete, class: "btn-sm btn btn-grouped", title: 'Leave this group' do
|
||||
%i.fa.fa-sign-out
|
||||
Leave
|
||||
|
||||
= image_tag group_icon(group), class: "avatar s40 avatar-tile hidden-xs"
|
||||
= link_to group, class: 'group-name' do
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
= link_to member.created_by.name, user_path(member.created_by)
|
||||
= time_ago_with_tooltip(member.created_at)
|
||||
|
||||
- if show_controls && can?(current_user, :admin_group, @group)
|
||||
- if show_controls && can?(current_user, :admin_group_member, member)
|
||||
= link_to resend_invite_group_group_member_path(@group, member), method: :post, class: "btn-xs btn", title: 'Resend invite' do
|
||||
Resend invite
|
||||
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
= search_field_tag :search, params[:search], { placeholder: 'Find existing member by name', class: 'form-control search-text-input' }
|
||||
= button_tag 'Search', class: 'btn'
|
||||
|
||||
- if current_user && current_user.can?(:admin_group, @group)
|
||||
- if current_user && current_user.can?(:admin_group_member, @group)
|
||||
.pull-right
|
||||
= button_tag class: 'btn btn-new js-toggle-button', type: 'button' do
|
||||
Add members
|
||||
|
|
Loading…
Reference in New Issue