Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
8c40aab1
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
8c40aab1
编写于
2月 22, 2012
作者:
D
Dmitriy Zaporozhets
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Abilities extended. Resources security improved
上级
af82b677
变更
16
隐藏空白更改
内联
并排
Showing
16 changed file
with
51 addition
and
52 deletion
+51
-52
app/controllers/application_controller.rb
app/controllers/application_controller.rb
+4
-0
app/controllers/commits_controller.rb
app/controllers/commits_controller.rb
+1
-0
app/controllers/issues_controller.rb
app/controllers/issues_controller.rb
+2
-3
app/controllers/merge_requests_controller.rb
app/controllers/merge_requests_controller.rb
+2
-3
app/controllers/refs_controller.rb
app/controllers/refs_controller.rb
+1
-0
app/controllers/repositories_controller.rb
app/controllers/repositories_controller.rb
+1
-0
app/controllers/snippets_controller.rb
app/controllers/snippets_controller.rb
+6
-7
app/controllers/wikis_controller.rb
app/controllers/wikis_controller.rb
+6
-15
app/models/ability.rb
app/models/ability.rb
+11
-5
app/models/project.rb
app/models/project.rb
+1
-1
app/views/help/permissions.html.haml
app/views/help/permissions.html.haml
+4
-1
app/views/issues/_show.html.haml
app/views/issues/_show.html.haml
+1
-2
app/views/layouts/_project_menu.html.haml
app/views/layouts/_project_menu.html.haml
+3
-2
app/views/merge_requests/show.html.haml
app/views/merge_requests/show.html.haml
+1
-2
app/views/widgets/_project_member.html.haml
app/views/widgets/_project_member.html.haml
+4
-8
app/views/wikis/show.html.haml
app/views/wikis/show.html.haml
+3
-3
未找到文件。
app/controllers/application_controller.rb
浏览文件 @
8c40aab1
...
...
@@ -48,6 +48,10 @@ class ApplicationController < ActionController::Base
return
render_404
unless
can?
(
current_user
,
action
,
project
)
end
def
authorize_code_access!
return
render_404
unless
can?
(
current_user
,
:download_code
,
project
)
end
def
access_denied!
render_404
end
...
...
app/controllers/commits_controller.rb
浏览文件 @
8c40aab1
...
...
@@ -7,6 +7,7 @@ class CommitsController < ApplicationController
# Authorize
before_filter
:add_project_abilities
before_filter
:authorize_read_project!
before_filter
:authorize_code_access!
before_filter
:require_non_empty_project
before_filter
:load_refs
,
:only
=>
:index
# load @branch, @tag & @ref
before_filter
:render_full_content
...
...
app/controllers/issues_controller.rb
浏览文件 @
8c40aab1
...
...
@@ -126,12 +126,11 @@ class IssuesController < ApplicationController
end
def
authorize_modify_issue!
can?
(
current_user
,
:modify_issue
,
@issue
)
||
@issue
.
assignee
==
current_user
return
render_404
unless
can?
(
current_user
,
:modify_issue
,
@issue
)
end
def
authorize_admin_issue!
can?
(
current_user
,
:admin_issue
,
@issue
)
return
render_404
unless
can?
(
current_user
,
:admin_issue
,
@issue
)
end
def
module_enabled
...
...
app/controllers/merge_requests_controller.rb
浏览文件 @
8c40aab1
...
...
@@ -112,12 +112,11 @@ class MergeRequestsController < ApplicationController
end
def
authorize_modify_merge_request!
can?
(
current_user
,
:modify_merge_request
,
@merge_request
)
||
@merge_request
.
assignee
==
current_user
return
render_404
unless
can?
(
current_user
,
:modify_merge_request
,
@merge_request
)
end
def
authorize_admin_merge_request!
can?
(
current_user
,
:admin_merge_request
,
@merge_request
)
return
render_404
unless
can?
(
current_user
,
:admin_merge_request
,
@merge_request
)
end
def
module_enabled
...
...
app/controllers/refs_controller.rb
浏览文件 @
8c40aab1
...
...
@@ -4,6 +4,7 @@ class RefsController < ApplicationController
# Authorize
before_filter
:add_project_abilities
before_filter
:authorize_read_project!
before_filter
:authorize_code_access!
before_filter
:require_non_empty_project
before_filter
:ref
...
...
app/controllers/repositories_controller.rb
浏览文件 @
8c40aab1
...
...
@@ -4,6 +4,7 @@ class RepositoriesController < ApplicationController
# Authorize
before_filter
:add_project_abilities
before_filter
:authorize_read_project!
before_filter
:authorize_code_access!
before_filter
:require_non_empty_project
before_filter
:render_full_content
...
...
app/controllers/snippets_controller.rb
浏览文件 @
8c40aab1
class
SnippetsController
<
ApplicationController
before_filter
:authenticate_user!
before_filter
:project
before_filter
:snippet
,
:only
=>
[
:show
,
:edit
,
:destroy
,
:update
]
layout
"project"
# Authorize
...
...
@@ -41,11 +42,9 @@ class SnippetsController < ApplicationController
end
def
edit
@snippet
=
@project
.
snippets
.
find
(
params
[
:id
])
end
def
update
@snippet
=
@project
.
snippets
.
find
(
params
[
:id
])
@snippet
.
update_attributes
(
params
[
:snippet
])
if
@snippet
.
valid?
...
...
@@ -56,15 +55,12 @@ class SnippetsController < ApplicationController
end
def
show
@snippet
=
@project
.
snippets
.
find
(
params
[
:id
])
@notes
=
@snippet
.
notes
@note
=
@project
.
notes
.
new
(
:noteable
=>
@snippet
)
render_full_content
end
def
destroy
@snippet
=
@project
.
snippets
.
find
(
params
[
:id
])
return
access_denied!
unless
can?
(
current_user
,
:admin_snippet
,
@snippet
)
@snippet
.
destroy
...
...
@@ -73,12 +69,15 @@ class SnippetsController < ApplicationController
end
protected
def
snippet
@snippet
||=
@project
.
snippets
.
find
(
params
[
:id
])
end
def
authorize_modify_snippet!
can?
(
current_user
,
:modify_snippet
,
@snippet
)
return
render_404
unless
can?
(
current_user
,
:modify_snippet
,
@snippet
)
end
def
authorize_admin_snippet!
can?
(
current_user
,
:admin_snippet
,
@snippet
)
return
render_404
unless
can?
(
current_user
,
:admin_snippet
,
@snippet
)
end
end
app/controllers/wikis_controller.rb
浏览文件 @
8c40aab1
...
...
@@ -2,7 +2,7 @@ class WikisController < ApplicationController
before_filter
:project
before_filter
:add_project_abilities
before_filter
:authorize_read_wiki!
before_filter
:authorize_write_wiki!
,
:
except
=>
[
:show
,
:destro
y
]
before_filter
:authorize_write_wiki!
,
:
only
=>
[
:edit
,
:create
,
:histor
y
]
before_filter
:authorize_admin_wiki!
,
:only
=>
:destroy
layout
"project"
...
...
@@ -12,6 +12,11 @@ class WikisController < ApplicationController
else
@wiki
=
@project
.
wikis
.
where
(
:slug
=>
params
[
:id
]).
order
(
"created_at"
).
last
end
unless
@wiki
return
render_404
unless
can?
(
current_user
,
:write_wiki
,
@project
)
end
respond_to
do
|
format
|
if
@wiki
format
.
html
...
...
@@ -51,18 +56,4 @@ class WikisController < ApplicationController
format
.
html
{
redirect_to
project_wiki_path
(
@project
,
:index
),
notice:
"Page was successfully deleted"
}
end
end
protected
def
authorize_read_wiki!
can?
(
current_user
,
:read_wiki
,
@project
)
end
def
authorize_write_wiki!
can?
(
current_user
,
:write_wiki
,
@project
)
end
def
authorize_admin_wiki!
can?
(
current_user
,
:admin_wiki
,
@project
)
end
end
app/models/ability.rb
浏览文件 @
8c40aab1
...
...
@@ -5,7 +5,7 @@ class Ability
when
"Issue"
then
issue_abilities
(
object
,
subject
)
when
"Note"
then
note_abilities
(
object
,
subject
)
when
"Snippet"
then
snippet_abilities
(
object
,
subject
)
when
"
Wiki"
then
wiki
_abilities
(
object
,
subject
)
when
"
MergeRequest"
then
merge_request
_abilities
(
object
,
subject
)
else
[]
end
end
...
...
@@ -23,13 +23,13 @@ class Ability
:read_note
,
:write_project
,
:write_issue
,
:write_snippet
,
:write_merge_request
,
:write_note
]
if
project
.
guest_access_for?
(
user
)
rules
<<
[
:download_code
,
:write_merge_request
,
:write_snippet
]
if
project
.
report_access_for?
(
user
)
rules
<<
[
...
...
@@ -39,7 +39,7 @@ class Ability
rules
<<
[
:modify_issue
,
:modify_snippet
,
:modify_
wiki
,
:modify_
merge_request
,
:admin_project
,
:admin_issue
,
:admin_snippet
,
...
...
@@ -47,7 +47,7 @@ class Ability
:admin_merge_request
,
:admin_note
,
:admin_wiki
]
if
project
.
master_access_for?
(
user
)
]
if
project
.
master_access_for?
(
user
)
||
project
.
owner
==
user
rules
.
flatten
...
...
@@ -63,6 +63,12 @@ class Ability
:"modify_
#{
name
}
"
,
:"admin_
#{
name
}
"
]
elsif
subject
.
respond_to?
(
:assignee
)
&&
subject
.
assignee
==
user
[
:"read_
#{
name
}
"
,
:"write_
#{
name
}
"
,
:"modify_
#{
name
}
"
,
]
else
subject
.
respond_to?
(
:project
)
?
project_abilities
(
user
,
subject
.
project
)
:
[]
...
...
app/models/project.rb
浏览文件 @
8c40aab1
...
...
@@ -188,7 +188,7 @@ class Project < ActiveRecord::Base
elsif
access
.
include?
(
:write
)
{
:project_access
=>
UsersProject
::
DEVELOPER
}
else
{
:project_access
=>
UsersProject
::
GUEST
}
{
:project_access
=>
UsersProject
::
REPORTER
}
end
opts
=
{
:user
=>
user
}
opts
.
merge!
(
access
)
...
...
app/views/help/permissions.html.haml
浏览文件 @
8c40aab1
...
...
@@ -4,15 +4,17 @@
%h4
Guest
%ul
%li
Create new issue
%li
Create new merge request
%li
Leave comments
%li
Write on project wall
%h4
Reporter
%ul
%li
Pull project code
%li
Download project
%li
Create new issue
%li
Create new merge request
%li
Write on project wall
%li
Create a code snippets
%h4
Developer
...
...
@@ -25,6 +27,7 @@
%li
Create new issue
%li
Create new merge request
%li
Write on project wall
%li
Write a wiki
%h4
Master
%ul
...
...
app/views/issues/_show.html.haml
浏览文件 @
8c40aab1
%li
.wll
{
:id
=>
dom_id
(
issue
),
:class
=>
"issue #{issue.critical ? "
critical
" : ""}"
,
:url
=>
project_issue_path
(
issue
.
project
,
issue
)
}
.right
-
if
can?
current_user
,
:
write
_issue
,
issue
-
if
can?
current_user
,
:
modify
_issue
,
issue
-
if
issue
.
closed
=
link_to
'Reopen'
,
project_issue_path
(
issue
.
project
,
issue
,
:issue
=>
{
:closed
=>
false
},
:status_only
=>
true
),
:method
=>
:put
,
:class
=>
"btn small"
,
:remote
=>
true
-
else
=
link_to
'Resolve'
,
project_issue_path
(
issue
.
project
,
issue
,
:issue
=>
{
:closed
=>
true
},
:status_only
=>
true
),
:method
=>
:put
,
:class
=>
"success btn small"
,
:remote
=>
true
-
if
can?
current_user
,
:write_issue
,
issue
=
link_to
'Edit'
,
edit_project_issue_path
(
issue
.
project
,
issue
),
:class
=>
"btn small edit-issue-link"
,
:remote
=>
true
-#- if can?(current_user, :admin_issue, @project) || issue.author == current_user
= link_to 'Remove', [issue.project, issue], :confirm => 'Are you sure?', :method => :delete, :remote => true, :class => "danger btn small delete-issue", :id => "destroy_issue_#{issue.id}"
...
...
app/views/layouts/_project_menu.html.haml
浏览文件 @
8c40aab1
...
...
@@ -4,8 +4,9 @@
Project
-
if
@project
.
repo_exists?
=
link_to
"Files"
,
tree_project_ref_path
(
@project
,
@project
.
root_ref
),
:class
=>
tree_tab_class
=
link_to
"Commits"
,
project_commits_path
(
@project
),
:class
=>
commit_tab_class
-
if
can?
current_user
,
:download_code
,
@project
=
link_to
"Files"
,
tree_project_ref_path
(
@project
,
@project
.
root_ref
),
:class
=>
tree_tab_class
=
link_to
"Commits"
,
project_commits_path
(
@project
),
:class
=>
commit_tab_class
=
link_to
"Network"
,
graph_project_path
(
@project
),
:class
=>
current_page?
(
:controller
=>
"projects"
,
:action
=>
"graph"
,
:id
=>
@project
)
?
"current"
:
nil
-
if
@project
.
issues_enabled
...
...
app/views/merge_requests/show.html.haml
浏览文件 @
8c40aab1
...
...
@@ -10,12 +10,11 @@
=
@merge_request
.
created_at
.
stamp
(
"Aug 21, 2011"
)
%span
.right
-
if
can?
(
current_user
,
:
admin_project
,
@project
)
||
@merge_request
.
author
==
current_user
-
if
can?
(
current_user
,
:
modify_merge_request
,
@merge_request
)
-
if
@merge_request
.
closed
=
link_to
'Reopen'
,
project_merge_request_path
(
@project
,
@merge_request
,
:merge_request
=>
{
:closed
=>
false
},
:status_only
=>
true
),
:method
=>
:put
,
:class
=>
"btn"
-
else
=
link_to
'Close'
,
project_merge_request_path
(
@project
,
@merge_request
,
:merge_request
=>
{
:closed
=>
true
},
:status_only
=>
true
),
:method
=>
:put
,
:class
=>
"btn"
,
:title
=>
"Close merge request"
-
if
can?
(
current_user
,
:admin_project
,
@project
)
||
@merge_request
.
author
==
current_user
=
link_to
edit_project_merge_request_path
(
@project
,
@merge_request
),
:class
=>
"btn small"
do
Edit
...
...
app/views/widgets/_project_member.html.haml
浏览文件 @
8c40aab1
...
...
@@ -11,23 +11,19 @@
%p
-
if
@project
.
issues_enabled
%span
Assigned
i
ssues:
Assigned
I
ssues:
=
current_user
.
assigned_issues
.
opened
.
count
%br
-
if
@project
.
merge_requests_enabled
%span
Assigned merge request:
=
current_user
.
assigned_merge_requests
.
opened
.
count
%br
%span
Your merge requests:
Assigned Requests:
=
current_user
.
assigned_merge_requests
.
opened
.
count
%br
%br
-
if
@project
.
merge_requests_enabled
-
if
@project
.
merge_requests_enabled
&&
can?
(
current_user
,
:write_merge_request
,
@project
)
=
link_to
new_project_merge_request_path
(
@project
),
:title
=>
"New Merge Request"
,
:class
=>
"btn small padded"
do
Merge Request
-
if
@project
.
issues_enabled
-
if
@project
.
issues_enabled
&&
can?
(
current_user
,
:write_issue
,
@project
)
=
link_to
new_project_issue_path
(
@project
),
:title
=>
"New Issue"
,
:class
=>
"btn small"
do
Issue
...
...
app/views/wikis/show.html.haml
浏览文件 @
8c40aab1
...
...
@@ -4,13 +4,13 @@
-
if
can?
current_user
,
:write_wiki
,
@project
=
link_to
history_project_wiki_path
(
@project
,
@wiki
),
:class
=>
"btn small padded"
do
History
=
link_to
edit_project_wiki_path
(
@project
,
@wiki
),
:class
=>
"btn small"
do
Edit
=
link_to
edit_project_wiki_path
(
@project
,
@wiki
),
:class
=>
"btn small"
do
Edit
%hr
=
markdown_to_html
@wiki
.
content
%p
.time
Last edited by
#{
@wiki
.
user
.
name
}
, in
#{
time_ago_in_words
@wiki
.
created_at
}
-
if
can?
current_user
,
:
write
_wiki
,
@project
-
if
can?
current_user
,
:
admin
_wiki
,
@project
=
link_to
project_wiki_path
(
@project
,
@wiki
),
:confirm
=>
"Are you sure you want to delete this page?"
,
:method
=>
:delete
do
Delete this page
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录