Merge pull request #953 from ZmagoD/zd_SCI_1960

update user settings controllers to new permission system [fixes SCI-…
2025-02-06 15:05:26 +08:00 · 2018-02-01 16:18:54 +01:00 · 2018-02-01 16:18:54 +01:00 · f67f633562
commit f67f633562
parent 82c651b3cb 25dcfe66ae
6 changed files with 39 additions and 34 deletions
--- a/app/controllers/users/invitations_controller.rb
+++ b/app/controllers/users/invitations_controller.rb
@ -195,7 +195,7 @@ module Users
      @role = params['role']

      render_403 if @emails && @emails.empty?
-      render_403 if @team && !is_admin_of_team(@team)
+      render_403 if @team && !can_manage_team_users?(@team)
      render_403 if @role && !UserTeam.roles.keys.include?(@role)
    end
  end
--- a/app/controllers/users/settings/teams_controller.rb
+++ b/app/controllers/users/settings/teams_controller.rb
@ -147,7 +147,7 @@ module Users

      def load_team
        @team = Team.find_by_id(params[:id])
-        render_403 unless is_admin_of_team(@team)
+        render_403 unless can_update_team?(@team)
      end

      def create_params
--- a/app/controllers/users/settings/user_teams_controller.rb
+++ b/app/controllers/users/settings/user_teams_controller.rb
@ -150,7 +150,7 @@ module Users
        # Don't allow the user to modify UserTeam-s if he's not admin,
        # unless he/she is modifying his/her UserTeam
        if current_user != @user_t.user &&
-           !is_admin_of_team(@user_t.team)
+           !can_manage_team_users?(@user_t.team)
          render_403
        end
      end
--- a/app/permissions/team.rb
+++ b/app/permissions/team.rb
@ -117,3 +117,4 @@ Canaid::Permissions.register_for(RepositoryColumn) do
    can_create_repository_columns?(user, repository_column.repository.team)
  end
 end
+
--- a/app/views/shared/_navigation.html.erb
+++ b/app/views/shared/_navigation.html.erb
@ -99,8 +99,8 @@
            </span>
          </a>

-          <ul class="dropdown-menu"
-              data-hook="teams-dropdown">
+          <% if current_user.teams.length > 1 || can_create_teams? %>
+          <ul class="dropdown-menu">
            <%= form_for(current_user,
                         url: user_current_team_path,
                         method: :post) do |f| %>
@ -116,18 +116,18 @@
                </li>
              <% end %>
            <% end %>
-            <% if current_user.teams.length > 1 %>
-            <li data-hook="new-team-btn"
-                role="separator"
-                class="divider"></li>
+            <% if current_user.teams.length > 1 && can_create_teams? %>
+              <li role="separator"
+                  class="divider"></li>
+              <li>
+                <%= link_to new_team_path do %>
+                  <span class="glyphicon glyphicon-plus"></span>
+                  <%= t('users.settings.teams.index.new_team') %>
+                <% end %>
+              </li>
            <% end %>
-            <li data-hook="new-team-btn">
-              <%= link_to new_team_path do %>
-                <span class="glyphicon glyphicon-plus"></span>
-                <%= t('users.settings.teams.index.new_team') %>
-              <% end %>
-            </li>
          </ul>
+          <% end %>
        </li>
        <% end %>

@ -258,17 +258,19 @@
            <%= image_tag avatar_path(current_user, :icon_small),
                          class: "avatar" %>
          </a>
-          <ul class="dropdown-menu" data-hook="navigation-user-menu">
-            <li>
-              <%= link_to t('nav.user.settings'), edit_user_registration_path, data: { turbolinks: false }%>
-            </li>
-            <li role="separator" class="divider"></li>
-            <li>
-              <%= link_to t('nav.user.logout'),
-                          destroy_user_session_path,
-                          method: :delete %>
-            </li>
-          </ul>
+          <% if current_user.teams.length > 1 || can_create_teams? %>
+            <ul class="dropdown-menu">
+              <li>
+                <%= link_to t('nav.user.settings'), edit_user_registration_path, data: { turbolinks: false } %>
+              </li>
+              <li role="separator" class="divider"></li>
+              <li>
+                <%= link_to t('nav.user.logout'),
+                            destroy_user_session_path,
+                            method: :delete %>
+              </li>
+            </ul>
+          <% end %>
        </li>
      </ul>
    </div>
--- a/app/views/users/settings/teams/index.html.erb
+++ b/app/views/users/settings/teams/index.html.erb
@ -13,14 +13,16 @@
      <% else %>
        <em><%= t("users.settings.teams.index.no_teams") %></em>
      <% end %>
-      <span id="new-team-button">
-        <%= link_to new_team_path, class: "btn btn-default", style: "margin-left: 30px;" do %>
-          <span class="glyphicon glyphicon-plus"></span>
-          <span class="hidden-xs">
-            <%= t("users.settings.teams.index.new_team") %>
-          </span>
-        <% end %>
-      </span>
+      <% if can_create_teams? %>
+        <span id="new-team-button">
+          <%= link_to new_team_path, class: "btn btn-default", style: "margin-left: 30px;" do %>
+            <span class="glyphicon glyphicon-plus"></span>
+            <span class="hidden-xs">
+              <%= t("users.settings.teams.index.new_team") %>
+            </span>
+          <% end %>
+        </span>
+      <% end %>
    </div>

    <% if @member_of > 0 %>