Add ability rule for creating project in namespace

Signed-off-by: NDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

app/models/ability.rb

@@ -188,6 +188,13 @@ class Ability
         rules << :read_group
       end
 
+      # Only group masters and group owners can create new projects in group
+      if group.has_master?(user) || group.has_owner?(user) || user.admin?
+        rules += [
+          :create_projects,
+        ]
+      end
+
       # Only group owner and administrators can manage group
       if group.has_owner?(user) || user.admin?
         rules += [
@@ -205,6 +212,7 @@ class Ability
       # Only namespace owner and administrators can manage it
       if namespace.owner == user || user.admin?
         rules += [
+          :create_projects,
           :manage_namespace
         ]
       end

app/models/group.rb

@@ -26,7 +26,7 @@ class Group < Namespace
   validates :avatar, file_size: { maximum: 100.kilobytes.to_i }
 
   mount_uploader :avatar, AttachmentUploader
-  
+
   def self.accessible_to(user)
     accessible_ids = Project.accessible_to(user).pluck(:namespace_id)
     accessible_ids += user.groups.pluck(:id) if user
@@ -60,6 +60,10 @@ class Group < Namespace
     owners.include?(user)
   end
 
+  def has_master?(user)
+    members.masters.where(user_id: user).any?
+  end
+
   def last_owner?(user)
     has_owner?(user) && owners.size == 1
   end

app/models/project.rb

@@ -387,10 +387,6 @@ class Project < ActiveRecord::Base
     end
   end
 
-  def transfer(new_namespace)
-    ProjectTransferService.new.transfer(self, new_namespace)
-  end
-
   def execute_hooks(data, hooks_scope = :push_hooks)
     hooks.send(hooks_scope).each do |hook|
       hook.async_execute(data)

app/models/user.rb

@@ -90,6 +90,8 @@ class User < ActiveRecord::Base
   has_many :users_groups, dependent: :destroy
   has_many :groups, through: :users_groups
   has_many :owned_groups, -> { where users_groups: { group_access: UsersGroup::OWNER } }, through: :users_groups, source: :group
+  has_many :masters_groups, -> { where users_groups: { group_access: UsersGroup::MASTER } }, through: :users_groups, source: :group
+
   # Projects
   has_many :groups_projects,          through: :groups, source: :projects
   has_many :personal_projects,        through: :namespace, source: :projects