Move permissions check methods in User model

Author: root

Diff for: app/controllers/download_git_revision_controller.rb

@@ -36,7 +36,7 @@ def set_repository
 
 
     def can_download_git_revision
-      render_403 unless view_context.user_allowed_to(:download_git_revision, @project)
+      render_403 unless User.current.allowed_to_download?(@repository)
     end
 
 

Diff for: app/controllers/gitolite_public_keys_controller.rb

@@ -70,7 +70,7 @@ def set_user_from_params
 
 
     def set_user_from_current_user
-      if User.current.allowed_to?(:create_gitolite_ssh_key, nil, global: true)
+      if User.current.allowed_to_ssh?
         @user = User.current
         @redirect_url = url_for(controller: 'gitolite_public_keys', action: 'index')
         @cancel_url = url_for(controller: 'my', action: 'account')

Diff for: app/controllers/repository_deployment_credentials_controller.rb

@@ -85,17 +85,17 @@ def set_current_tab
 
 
     def can_view_credentials
-      render_403 unless view_context.user_allowed_to(:view_deployment_keys, @project)
+      render_403 unless User.current.git_allowed_to?(:view_deployment_keys, @repository)
     end
 
 
     def can_create_credentials
-      render_403 unless view_context.user_allowed_to(:create_deployment_keys, @project)
+      render_403 unless User.current.git_allowed_to?(:create_deployment_keys, @repository)
     end
 
 
     def can_edit_credentials
-      render_403 unless view_context.user_allowed_to(:edit_deployment_keys, @project)
+      render_403 unless User.current.git_allowed_to?(:edit_deployment_keys, @repository)
     end
 
 
@@ -142,7 +142,7 @@ def other_deployment_keys
 
 
     def users_allowed_to_create_deployment_keys
-      @project.users.select { |user| user != User.current && user.allowed_to?(:create_deployment_keys, @project) }
+      @project.users.select { |user| user != User.current && user.git_allowed_to?(:create_deployment_keys, @repository) }
     end
 
 

Diff for: app/controllers/repository_git_config_keys_controller.rb

@@ -77,17 +77,17 @@ def set_current_tab
 
 
     def can_view_config_keys
-      render_403 unless view_context.user_allowed_to(:view_repository_git_config_keys, @project)
+      render_403 unless User.current.git_allowed_to?(:view_repository_git_config_keys, @repository)
     end
 
 
     def can_create_config_keys
-      render_403 unless view_context.user_allowed_to(:create_repository_git_config_keys, @project)
+      render_403 unless User.current.git_allowed_to?(:create_repository_git_config_keys, @repository)
     end
 
 
     def can_edit_config_keys
-      render_403 unless view_context.user_allowed_to(:edit_repository_git_config_keys, @project)
+      render_403 unless User.current.git_allowed_to?(:edit_repository_git_config_keys, @repository)
     end
 
 

Diff for: app/controllers/repository_git_notifications_controller.rb

@@ -82,17 +82,17 @@ def set_current_tab
 
 
     def can_view_git_notifications
-      render_403 unless view_context.user_allowed_to(:view_repository_git_notifications, @project)
+      render_403 unless User.current.git_allowed_to?(:view_repository_git_notifications, @repository)
     end
 
 
     def can_create_git_notifications
-      render_403 unless view_context.user_allowed_to(:create_repository_git_notifications, @project)
+      render_403 unless User.current.git_allowed_to?(:create_repository_git_notifications, @repository)
     end
 
 
     def can_edit_git_notifications
-      render_403 unless view_context.user_allowed_to(:edit_repository_git_notifications, @project)
+      render_403 unless User.current.git_allowed_to?(:edit_repository_git_notifications, @repository)
     end
 
 

Diff for: app/controllers/repository_mirrors_controller.rb

@@ -74,17 +74,17 @@ def set_current_tab
 
 
     def can_view_mirrors
-      render_403 unless view_context.user_allowed_to(:view_repository_mirrors, @project)
+      render_403 unless User.current.git_allowed_to?(:view_repository_mirrors, @repository)
     end
 
 
     def can_create_mirrors
-      render_403 unless view_context.user_allowed_to(:create_repository_mirrors, @project)
+      render_403 unless User.current.git_allowed_to?(:create_repository_mirrors, @repository)
     end
 
 
     def can_edit_mirrors
-      render_403 unless view_context.user_allowed_to(:edit_repository_mirrors, @project)
+      render_403 unless User.current.git_allowed_to?(:edit_repository_mirrors, @repository)
     end
 
 

Diff for: app/controllers/repository_post_receive_urls_controller.rb

@@ -68,17 +68,17 @@ def set_current_tab
 
 
     def can_view_post_receive_urls
-      render_403 unless view_context.user_allowed_to(:view_repository_post_receive_urls, @project)
+      render_403 unless User.current.git_allowed_to?(:view_repository_post_receive_urls, @repository)
     end
 
 
     def can_create_post_receive_urls
-      render_403 unless view_context.user_allowed_to(:create_repository_post_receive_urls, @project)
+      render_403 unless User.current.git_allowed_to?(:create_repository_post_receive_urls, @repository)
     end
 
 
     def can_edit_post_receive_urls
-      render_403 unless view_context.user_allowed_to(:edit_repository_post_receive_urls, @project)
+      render_403 unless User.current.git_allowed_to?(:edit_repository_post_receive_urls, @repository)
     end
 
 

Diff for: app/controllers/repository_protected_branches_controller.rb

@@ -96,17 +96,17 @@ def set_current_tab
 
 
     def can_view_protected_branches
-      render_403 unless view_context.user_allowed_to(:view_repository_protected_branches, @project)
+      render_403 unless User.current.git_allowed_to?(:view_repository_protected_branches, @repository)
     end
 
 
     def can_create_protected_branches
-      render_403 unless view_context.user_allowed_to(:create_repository_protected_branches, @project)
+      render_403 unless User.current.git_allowed_to?(:create_repository_protected_branches, @repository)
     end
 
 
     def can_edit_protected_branches
-      render_403 unless view_context.user_allowed_to(:edit_repository_protected_branches, @project)
+      render_403 unless User.current.git_allowed_to?(:edit_repository_protected_branches, @repository)
     end
 
 

Diff for: app/helpers/git_hosting_helper.rb

@@ -24,15 +24,6 @@ def label_with_icon(label, icon, opts = {})
   end
 
 
-  def user_allowed_to(permission, project)
-    if project.active?
-      return User.current.allowed_to?(permission, project)
-    else
-      return User.current.allowed_to?(permission, nil, global: true)
-    end
-  end
-
-
   def plugin_asset_link(plugin_name, asset_name)
     File.join(Redmine::Utils.relative_url_root, 'plugin_assets', plugin_name, 'images', asset_name)
   end

Diff for: app/models/concerns/gitolitable_permissions.rb

@@ -64,10 +64,8 @@ def pushable_via_http?
   def downloadable?
     if git_annex_enabled?
       false
-    elsif project.active?
-      User.current.allowed_to?(:download_git_revision, project)
     else
-      User.current.allowed_to?(:download_git_revision, nil, global: true)
+      User.current.allowed_to_download?(self)
     end
   end
 

Diff for: app/models/concerns/gitolitable_urls.rb

@@ -65,7 +65,7 @@ def go_url
 
 
   def ssh_access
-    { url: ssh_url, committer: User.current.allowed_to_commit?(project).to_s }
+    { url: ssh_url, committer: User.current.allowed_to_commit?(self).to_s }
   end
 
 
@@ -76,7 +76,7 @@ def http_access
 
 
   def https_access
-    { url: https_url, committer: User.current.allowed_to_commit?(project).to_s }
+    { url: https_url, committer: User.current.allowed_to_commit?(self).to_s }
   end
 
 
@@ -86,7 +86,7 @@ def git_access
 
 
   def git_annex_access
-    { url: git_annex_url, committer: User.current.allowed_to_commit?(project).to_s }
+    { url: git_annex_url, committer: User.current.allowed_to_commit?(self).to_s }
   end
 
 

Diff for: app/views/repositories/_edit_bottom.html.haml

@@ -2,22 +2,22 @@
 
   #repository-tabs
     %ul
-      - if user_allowed_to(:view_deployment_keys, @repository.project)
+      - if User.current.git_allowed_to?(:view_deployment_keys, @repository)
         %li{ id: 'tab-repository_deployment_credentials' }= link_to label_with_icon(l(:label_deployment_credentials), 'fa-lock'), repository_deployment_credentials_path(@repository)
 
-      - if user_allowed_to(:view_repository_git_notifications, @repository.project)
+      - if User.current.git_allowed_to?(:view_repository_git_notifications, @repository)
         %li{ id: 'tab-repository_git_notifications' }= link_to label_with_icon(l(:label_git_notifications), 'fa-bullhorn'), repository_git_notifications_path(@repository)
 
-      - if user_allowed_to(:view_repository_mirrors, @repository.project)
+      - if User.current.git_allowed_to?(:view_repository_mirrors, @repository)
         %li{ id: 'tab-repository_mirrors' }= link_to label_with_icon(l(:label_repository_mirrors), 'fa-cloud-upload'), repository_mirrors_path(@repository)
 
-      - if user_allowed_to(:view_repository_post_receive_urls, @repository.project)
+      - if User.current.git_allowed_to?(:view_repository_post_receive_urls, @repository)
         %li{ id: 'tab-repository_post_receive_urls' }= link_to label_with_icon(l(:label_post_receive_urls), 'fa-external-link'), repository_post_receive_urls_path(@repository)
 
-      - if user_allowed_to(:view_repository_git_config_keys, @repository.project)
+      - if User.current.git_allowed_to?(:view_repository_git_config_keys, @repository)
         %li{ id: 'tab-repository_git_config_keys' }= link_to label_with_icon(l(:label_git_config_keys), 'fa-th-list'), repository_git_config_keys_path(@repository)
 
-      - if user_allowed_to(:view_repository_protected_branches, @repository.project)
+      - if User.current.git_allowed_to?(:view_repository_protected_branches, @repository)
         %li{ id: 'tab-repository_protected_branches' }= link_to label_with_icon(l(:label_protected_branches), 'fa-shield'), repository_protected_branches_path(@repository)
 
   = render 'javascript'

Diff for: app/views/repositories/_xitolite_options.html.haml

@@ -15,12 +15,12 @@
                 = label_tag 'repository_git_extra[git_daemon]', l(:label_enable_git_daemon)
                 = f.check_box :git_daemon, disabled: (!repository.public_project? && !repository.public_repo?)
 
-              - if user_allowed_to(:create_repository_git_notifications, repository.project)
+              - if User.current.git_allowed_to?(:create_repository_git_notifications, repository)
                 %p
                   = label_tag 'repository_git_extra[git_notify]', l(:label_enable_git_notify)
                   = f.check_box :git_notify
 
-              - if user_allowed_to(:create_repository_protected_branches, repository.project)
+              - if User.current.git_allowed_to?(:create_repository_protected_branches, repository)
                 %p
                   = label_tag 'repository_git_extra[protected_branch]', l(:label_enable_protected_branches)
                   = f.check_box :protected_branch

Diff for: app/views/repository_deployment_credentials/index.html.haml

@@ -1,6 +1,6 @@
 %div
 
-  - if user_allowed_to(:create_deployment_keys, @project)
+  - if User.current.git_allowed_to?(:create_deployment_keys, @repository)
     .contextual
       - css_class = (!@user_keys.empty? || !@other_keys.empty?) ? 'modal-box' : 'modal-box-close-only'
       = link_to l(:label_deployment_credential_add), new_repository_deployment_credential_path(@repository), class: "icon icon-add #{css_class}"
@@ -38,7 +38,7 @@
             %td= checked_image2 credential.active?
 
             %td{ class: 'buttons' }
-              - if user_allowed_to(:edit_deployment_keys, @project) && (User.current.admin? || User.current == credential.user)
+              - if User.current.git_allowed_to?(:edit_deployment_keys, @repository) && (User.current.admin? || User.current == credential.user)
                 = link_to l(:button_edit), edit_repository_deployment_credential_path(@repository, credential), class: 'icon icon-edit modal-box'
                 = link_to l(:button_delete), repository_deployment_credential_path(@repository, credential), remote: true, method: :delete, confirm: l(:text_are_you_sure), class: 'icon icon-del'
   - else

Diff for: app/views/repository_git_config_keys/index.html.haml

@@ -1,6 +1,6 @@
 %div
 
-  - if user_allowed_to(:create_repository_git_config_keys, @project)
+  - if User.current.git_allowed_to?(:create_repository_git_config_keys, @repository)
     .contextual= link_to l(:label_git_config_key_add), new_repository_git_config_key_path(@repository), class: 'icon icon-add modal-box'
 
   %h3= l(:label_git_config_keys)
@@ -24,7 +24,7 @@
               %span{ class: 'label label-success' }= git_config_key.value
 
             %td{ class: 'buttons' }
-              - if user_allowed_to(:edit_repository_git_config_keys, @project)
+              - if User.current.git_allowed_to?(:edit_repository_git_config_keys, @repository)
                 = link_to l(:button_edit), edit_repository_git_config_key_path(@repository, git_config_key), class: 'icon icon-edit modal-box'
                 = link_to l(:button_delete), repository_git_config_key_path(@repository, git_config_key), remote: true, method: :delete, confirm: l(:text_are_you_sure), class: 'icon icon-del'
 

Diff for: app/views/repository_git_notifications/show.html.haml

@@ -2,12 +2,12 @@
 
   - if @repository.git_notification_enabled?
     - unless @git_notification.nil?
-      - if user_allowed_to(:edit_repository_git_notifications, @project)
+      - if User.current.git_allowed_to?(:edit_repository_git_notifications, @repository)
         .contextual
           = link_to l(:label_git_notifications_edit), edit_repository_git_notifications_path(@repository), class: 'icon icon-edit modal-box'
           = link_to l(:label_git_notifications_delete), repository_git_notifications_path(@repository), remote: true, method: :delete, confirm: l(:text_are_you_sure), class: 'icon icon-del'
     - else
-      - if user_allowed_to(:create_repository_git_notifications, @project)
+      - if User.current.git_allowed_to?(:create_repository_git_notifications, @repository)
         .contextual= link_to l(:label_git_notifications_add), new_repository_git_notifications_path(@repository), class: 'icon icon-add modal-box'
 
   %h3{ class: 'git' }= l(:label_git_notifications)

Diff for: app/views/repository_mirrors/index.html.haml

@@ -1,6 +1,6 @@
 %div
 
-  - if user_allowed_to(:create_repository_mirrors, @project)
+  - if User.current.git_allowed_to?(:create_repository_mirrors, @repository)
     .contextual= link_to l(:label_mirror_add), new_repository_mirror_path(@repository), class: 'icon icon-add modal-box'
 
   %h3= l(:label_repository_mirrors)
@@ -25,7 +25,7 @@
             %td= checked_image2 mirror.active?
 
             %td{ class: 'buttons' }
-              - if user_allowed_to(:edit_repository_mirrors, @project)
+              - if User.current.git_allowed_to?(:edit_repository_mirrors, @repository)
                 = link_to label_with_icon(l(:label_mirror_push), 'fa-rocket', class: 'fa-align'), push_repository_mirror_path(@repository, mirror), class: 'modal-box-close-only'
                 = link_to l(:button_edit), edit_repository_mirror_path(@repository, mirror), class: 'icon icon-edit modal-box'
                 = link_to l(:button_delete), repository_mirror_path(@repository, mirror), remote: true, method: :delete, confirm: l(:text_are_you_sure), class: 'icon icon-del'

Diff for: app/views/repository_post_receive_urls/index.html.haml

@@ -1,6 +1,6 @@
 %div
 
-  - if user_allowed_to(:create_repository_post_receive_urls, @project)
+  - if User.current.git_allowed_to?(:create_repository_post_receive_urls, @repository)
     .contextual= link_to l(:label_post_receive_url_add), new_repository_post_receive_url_path(@repository), class: 'icon icon-add modal-box'
 
   %h3= l(:label_post_receive_urls)
@@ -29,7 +29,7 @@
                 %span{ class: 'label label-info' }= trigger
 
             %td{ class: 'buttons' }
-              - if user_allowed_to(:edit_repository_post_receive_urls, @project)
+              - if User.current.git_allowed_to?(:edit_repository_post_receive_urls, @repository)
                 = link_to l(:button_edit), edit_repository_post_receive_url_path(@repository, post_receive_url), class: 'icon icon-edit modal-box'
                 = link_to l(:button_delete), repository_post_receive_url_path(@repository, post_receive_url), remote: true, method: :delete, confirm: l(:text_are_you_sure), class: 'icon icon-del'
 

Diff for: app/views/repository_protected_branches/index.html.haml

@@ -1,6 +1,6 @@
 %div
 
-  - if user_allowed_to(:create_repository_protected_branches, @project)
+  - if User.current.git_allowed_to?(:create_repository_protected_branches, @repository)
     .contextual= link_to l(:label_protected_branch_add), new_repository_protected_branch_path(@repository), class: 'icon icon-add modal-box'
 
   %h3= l(:label_protected_branches)
@@ -34,7 +34,7 @@
                 %span{ class: 'label label-info' }= user
 
             %td{ class: 'buttons' }
-              - if user_allowed_to(:edit_repository_protected_branches, @project)
+              - if User.current.git_allowed_to?(:edit_repository_protected_branches, @repository)
                 = link_to l(:button_edit), edit_repository_protected_branch_path(@repository, protected_branch), class: 'icon icon-edit modal-box'
                 = link_to l(:button_clone), clone_repository_protected_branch_path(@repository, protected_branch), class: 'icon icon-clone modal-box'
                 = link_to l(:button_delete), repository_protected_branch_path(@repository, protected_branch), remote: true, method: :delete, confirm: l(:text_are_you_sure), class: 'icon icon-del'

Diff for: lib/redmine_git_hosting/git_access.rb

@@ -32,7 +32,7 @@ def upload_access_check(actor, repository)
 
 
     def user_download_access_check(user, repository)
-      if user && user.allowed_to?(:view_changesets, repository.project)
+      if user && user.allowed_to_clone?(repository)
         build_status_object(true)
       else
         build_status_object(false, "You don't have access")
@@ -41,7 +41,7 @@ def user_download_access_check(user, repository)
 
 
     def user_upload_access_check(user, repository)
-      if user && user.allowed_to?(:commit_access, repository.project)
+      if user && user.allowed_to_commit?(repository)
         build_status_object(true)
       else
         build_status_object(false, "You don't have access")