kimus · November 23, 2015 22:48
diff --git a/gitlab-collaborator.diff b/gitlab-collaborator.diff
 diff --git a/app/models/ability.rb b/app/models/ability.rb
 index 38bc208..bd21b82 100644
 --- a/app/models/ability.rb
 +++ b/app/models/ability.rb
 @@ -83,6 +83,9 @@ class Ability
         elsif team.developer?(user)
           rules.push(*project_dev_rules)

 +        elsif team.collaborator?(user)
 +          rules.push(*project_collab_rules)
 +
         elsif team.reporter?(user)
           rules.push(*project_report_rules)

 @@ -148,13 +151,21 @@ class Ability
       ]
     end

 +    def project_collab_rules
 +      project_report_rules + [
 +        :create_merge_request,
 +        :push_code
 +      ]
 +    end
 +
     def project_dev_rules
       project_report_rules + [
         :admin_merge_request,
         :create_merge_request,
         :create_wiki,
         :manage_builds,
 -        :push_code
 +        :push_code,
 +        :push_code_dev
       ]
     end

 diff --git a/app/models/member.rb b/app/models/member.rb
 index cae8caa..36107bf 100644
 --- a/app/models/member.rb
 +++ b/app/models/member.rb
 @@ -42,6 +42,7 @@ class Member < ActiveRecord::Base
   scope :non_invite, -> { where("user_id IS NOT NULL") }
   scope :guests, -> { where(access_level: GUEST) }
   scope :reporters, -> { where(access_level: REPORTER) }
 +  scope :collaborator, -> { where(access_level: COLLABORATOR) }
   scope :developers, -> { where(access_level: DEVELOPER) }
   scope :masters,  -> { where(access_level: MASTER) }
   scope :owners,  -> { where(access_level: OWNER) }
 diff --git a/app/models/project_team.rb b/app/models/project_team.rb
 index 9f380a3..a502aeb 100644
 --- a/app/models/project_team.rb
 +++ b/app/models/project_team.rb
 @@ -77,6 +77,10 @@ class ProjectTeam
     @reporters ||= fetch_members(:reporters)
   end

 +  def collaborators
 +    @collaborators ||= fetch_members(:collaborators)
 +  end
 +
   def developers
     @developers ||= fetch_members(:developers)
   end
 @@ -123,6 +127,10 @@ class ProjectTeam
     max_member_access(user.id) == Gitlab::Access::REPORTER
   end

 +  def collaborator?(user)
 +    max_member_access(user.id) == Gitlab::Access::COLLABORATOR
 +  end
 +
   def developer?(user)
     max_member_access(user.id) == Gitlab::Access::DEVELOPER
   end
 diff --git a/lib/gitlab/access.rb b/lib/gitlab/access.rb
 index 6d0e30e..5d74259 100644
 --- a/lib/gitlab/access.rb
 +++ b/lib/gitlab/access.rb
 @@ -7,6 +7,7 @@ module Gitlab
   module Access
     GUEST     = 10
     REPORTER  = 20
 +    COLLABORATOR = 25
     DEVELOPER = 30
     MASTER    = 40
     OWNER     = 50
 @@ -29,6 +30,7 @@ module Gitlab
         {
           "Guest"     => GUEST,
           "Reporter"  => REPORTER,
 +          "Collaborator"  => COLLABORATOR,
           "Developer" => DEVELOPER,
           "Master"    => MASTER,
         }
 @@ -44,6 +46,7 @@ module Gitlab
         {
           guest:     GUEST,
           reporter:  REPORTER,
 +          collaborator: COLLABORATOR,
           developer: DEVELOPER,
           master:    MASTER,
         }
 diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb
 index c90184d..0ee82ce 100644
 --- a/lib/gitlab/git_access.rb
 +++ b/lib/gitlab/git_access.rb
 @@ -34,7 +34,7 @@ module Gitlab
       if project.protected_branch?(ref) && !project.developers_can_push_to_protected_branch?(ref)
         user.can?(:push_code_to_protected_branches, project)
       else
 -        user.can?(:push_code, project)
 +        user.can?(:push_code_dev, project)
       end
     end

 @@ -169,7 +169,7 @@ module Gitlab
         # and we dont allow remove of protected branch
         :remove_protected_branches
       elsif project.developers_can_push_to_protected_branch?(branch_name)
 -        :push_code
 +        :push_code_dev
       else
         :push_code_to_protected_branches
       end
 diff --git a/spec/models/project_security_spec.rb b/spec/models/project_security_spec.rb
 index f600a24..e0ba00a 100644
 --- a/spec/models/project_security_spec.rb
 +++ b/spec/models/project_security_spec.rb
 @@ -16,6 +16,7 @@ describe Project do

     let(:guest_actions) { Ability.project_guest_rules }
     let(:report_actions) { Ability.project_report_rules }
 +    let(:collab_actions) { Ability.project_collab_rules }
     let(:dev_actions) { Ability.project_dev_rules }
     let(:master_actions) { Ability.project_master_rules }
     let(:admin_actions) { Ability.project_admin_rules }
 @@ -52,6 +53,25 @@ describe Project do
       end
     end

 +    describe "Collaborate Rules" do
 +      before do
 +        @p1.project_members.create(project: @p1, user: @u2, access_level: ProjectMember::REPORTER)
 +        @p1.project_members.create(project: @p1, user: @u3, access_level: ProjectMember::COLLABORATOR)
 +      end
 +
 +      it "should deny for collaborator master-specific actions" do
 +        [collab_actions - report_actions].each do |action|
 +          expect(@abilities.allowed?(@u2, action, @p1)).to be_falsey
 +        end
 +      end
 +
 +      it "should allow for project user any collab actions" do
 +        collab_actions.each do |action|
 +          expect(@abilities.allowed?(@u3, action, @p1)).to be_truthy
 +        end
 +      end
 +    end
 +
     describe "Developer Rules" do
       before do
         @p1.project_members.create(project: @p1, user: @u2, access_level: ProjectMember::REPORTER)
	diff --git a/app/models/ability.rb b/app/models/ability.rb
	index 38bc208..bd21b82 100644
	--- a/app/models/ability.rb
	+++ b/app/models/ability.rb
	@@ -83,6 +83,9 @@ class Ability
	elsif team.developer?(user)
	rules.push(*project_dev_rules)

	+ elsif team.collaborator?(user)
	+ rules.push(*project_collab_rules)
	+
	elsif team.reporter?(user)
	rules.push(*project_report_rules)

	@@ -148,13 +151,21 @@ class Ability
	]
	end

	+ def project_collab_rules
	+ project_report_rules + [
	+ :create_merge_request,
	+ :push_code
	+ ]
	+ end
	+
	def project_dev_rules
	project_report_rules + [
	:admin_merge_request,
	:create_merge_request,
	:create_wiki,
	:manage_builds,
	- :push_code
	+ :push_code,
	+ :push_code_dev
	]
	end

	diff --git a/app/models/member.rb b/app/models/member.rb
	index cae8caa..36107bf 100644
	--- a/app/models/member.rb
	+++ b/app/models/member.rb
	@@ -42,6 +42,7 @@ class Member < ActiveRecord::Base
	scope :non_invite, -> { where("user_id IS NOT NULL") }
	scope :guests, -> { where(access_level: GUEST) }
	scope :reporters, -> { where(access_level: REPORTER) }
	+ scope :collaborator, -> { where(access_level: COLLABORATOR) }
	scope :developers, -> { where(access_level: DEVELOPER) }
	scope :masters, -> { where(access_level: MASTER) }
	scope :owners, -> { where(access_level: OWNER) }
	diff --git a/app/models/project_team.rb b/app/models/project_team.rb
	index 9f380a3..a502aeb 100644
	--- a/app/models/project_team.rb
	+++ b/app/models/project_team.rb
	@@ -77,6 +77,10 @@ class ProjectTeam
	@reporters \|\|= fetch_members(:reporters)
	end

	+ def collaborators
	+ @collaborators \|\|= fetch_members(:collaborators)
	+ end
	+
	def developers
	@developers \|\|= fetch_members(:developers)
	end
	@@ -123,6 +127,10 @@ class ProjectTeam
	max_member_access(user.id) == Gitlab::Access::REPORTER
	end

	+ def collaborator?(user)
	+ max_member_access(user.id) == Gitlab::Access::COLLABORATOR
	+ end
	+
	def developer?(user)
	max_member_access(user.id) == Gitlab::Access::DEVELOPER
	end
	diff --git a/lib/gitlab/access.rb b/lib/gitlab/access.rb
	index 6d0e30e..5d74259 100644
	--- a/lib/gitlab/access.rb
	+++ b/lib/gitlab/access.rb
	@@ -7,6 +7,7 @@ module Gitlab
	module Access
	GUEST = 10
	REPORTER = 20
	+ COLLABORATOR = 25
	DEVELOPER = 30
	MASTER = 40
	OWNER = 50
	@@ -29,6 +30,7 @@ module Gitlab
	{
	"Guest" => GUEST,
	"Reporter" => REPORTER,
	+ "Collaborator" => COLLABORATOR,
	"Developer" => DEVELOPER,
	"Master" => MASTER,
	}
	@@ -44,6 +46,7 @@ module Gitlab
	{
	guest: GUEST,
	reporter: REPORTER,
	+ collaborator: COLLABORATOR,
	developer: DEVELOPER,
	master: MASTER,
	}
	diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb
	index c90184d..0ee82ce 100644
	--- a/lib/gitlab/git_access.rb
	+++ b/lib/gitlab/git_access.rb
	@@ -34,7 +34,7 @@ module Gitlab
	if project.protected_branch?(ref) && !project.developers_can_push_to_protected_branch?(ref)
	user.can?(:push_code_to_protected_branches, project)
	else
	- user.can?(:push_code, project)
	+ user.can?(:push_code_dev, project)
	end
	end

	@@ -169,7 +169,7 @@ module Gitlab
	# and we dont allow remove of protected branch
	:remove_protected_branches
	elsif project.developers_can_push_to_protected_branch?(branch_name)
	- :push_code
	+ :push_code_dev
	else
	:push_code_to_protected_branches
	end
	diff --git a/spec/models/project_security_spec.rb b/spec/models/project_security_spec.rb
	index f600a24..e0ba00a 100644
	--- a/spec/models/project_security_spec.rb
	+++ b/spec/models/project_security_spec.rb
	@@ -16,6 +16,7 @@ describe Project do

	let(:guest_actions) { Ability.project_guest_rules }
	let(:report_actions) { Ability.project_report_rules }
	+ let(:collab_actions) { Ability.project_collab_rules }
	let(:dev_actions) { Ability.project_dev_rules }
	let(:master_actions) { Ability.project_master_rules }
	let(:admin_actions) { Ability.project_admin_rules }
	@@ -52,6 +53,25 @@ describe Project do
	end
	end

	+ describe "Collaborate Rules" do
	+ before do
	+ @p1.project_members.create(project: @p1, user: @u2, access_level: ProjectMember::REPORTER)
	+ @p1.project_members.create(project: @p1, user: @u3, access_level: ProjectMember::COLLABORATOR)
	+ end
	+
	+ it "should deny for collaborator master-specific actions" do
	+ [collab_actions - report_actions].each do \|action\|
	+ expect(@abilities.allowed?(@u2, action, @p1)).to be_falsey
	+ end
	+ end
	+
	+ it "should allow for project user any collab actions" do
	+ collab_actions.each do \|action\|
	+ expect(@abilities.allowed?(@u3, action, @p1)).to be_truthy
	+ end
	+ end
	+ end
	+
	describe "Developer Rules" do
	before do
	@p1.project_members.create(project: @p1, user: @u2, access_level: ProjectMember::REPORTER)