Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Added Collaborator role to GitLab instance
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 38bc208..bd21b82 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -83,6 +83,9 @@ class Ability
elsif team.developer?(user)
rules.push(*project_dev_rules)
+ elsif team.collaborator?(user)
+ rules.push(*project_collab_rules)
+
elsif team.reporter?(user)
rules.push(*project_report_rules)
@@ -148,13 +151,21 @@ class Ability
]
end
+ def project_collab_rules
+ project_report_rules + [
+ :create_merge_request,
+ :push_code
+ ]
+ end
+
def project_dev_rules
project_report_rules + [
:admin_merge_request,
:create_merge_request,
:create_wiki,
:manage_builds,
- :push_code
+ :push_code,
+ :push_code_dev
]
end
diff --git a/app/models/member.rb b/app/models/member.rb
index cae8caa..36107bf 100644
--- a/app/models/member.rb
+++ b/app/models/member.rb
@@ -42,6 +42,7 @@ class Member < ActiveRecord::Base
scope :non_invite, -> { where("user_id IS NOT NULL") }
scope :guests, -> { where(access_level: GUEST) }
scope :reporters, -> { where(access_level: REPORTER) }
+ scope :collaborator, -> { where(access_level: COLLABORATOR) }
scope :developers, -> { where(access_level: DEVELOPER) }
scope :masters, -> { where(access_level: MASTER) }
scope :owners, -> { where(access_level: OWNER) }
diff --git a/app/models/project_team.rb b/app/models/project_team.rb
index 9f380a3..a502aeb 100644
--- a/app/models/project_team.rb
+++ b/app/models/project_team.rb
@@ -77,6 +77,10 @@ class ProjectTeam
@reporters ||= fetch_members(:reporters)
end
+ def collaborators
+ @collaborators ||= fetch_members(:collaborators)
+ end
+
def developers
@developers ||= fetch_members(:developers)
end
@@ -123,6 +127,10 @@ class ProjectTeam
max_member_access(user.id) == Gitlab::Access::REPORTER
end
+ def collaborator?(user)
+ max_member_access(user.id) == Gitlab::Access::COLLABORATOR
+ end
+
def developer?(user)
max_member_access(user.id) == Gitlab::Access::DEVELOPER
end
diff --git a/lib/gitlab/access.rb b/lib/gitlab/access.rb
index 6d0e30e..5d74259 100644
--- a/lib/gitlab/access.rb
+++ b/lib/gitlab/access.rb
@@ -7,6 +7,7 @@ module Gitlab
module Access
GUEST = 10
REPORTER = 20
+ COLLABORATOR = 25
DEVELOPER = 30
MASTER = 40
OWNER = 50
@@ -29,6 +30,7 @@ module Gitlab
{
"Guest" => GUEST,
"Reporter" => REPORTER,
+ "Collaborator" => COLLABORATOR,
"Developer" => DEVELOPER,
"Master" => MASTER,
}
@@ -44,6 +46,7 @@ module Gitlab
{
guest: GUEST,
reporter: REPORTER,
+ collaborator: COLLABORATOR,
developer: DEVELOPER,
master: MASTER,
}
diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb
index c90184d..0ee82ce 100644
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -34,7 +34,7 @@ module Gitlab
if project.protected_branch?(ref) && !project.developers_can_push_to_protected_branch?(ref)
user.can?(:push_code_to_protected_branches, project)
else
- user.can?(:push_code, project)
+ user.can?(:push_code_dev, project)
end
end
@@ -169,7 +169,7 @@ module Gitlab
# and we dont allow remove of protected branch
:remove_protected_branches
elsif project.developers_can_push_to_protected_branch?(branch_name)
- :push_code
+ :push_code_dev
else
:push_code_to_protected_branches
end
diff --git a/spec/models/project_security_spec.rb b/spec/models/project_security_spec.rb
index f600a24..e0ba00a 100644
--- a/spec/models/project_security_spec.rb
+++ b/spec/models/project_security_spec.rb
@@ -16,6 +16,7 @@ describe Project do
let(:guest_actions) { Ability.project_guest_rules }
let(:report_actions) { Ability.project_report_rules }
+ let(:collab_actions) { Ability.project_collab_rules }
let(:dev_actions) { Ability.project_dev_rules }
let(:master_actions) { Ability.project_master_rules }
let(:admin_actions) { Ability.project_admin_rules }
@@ -52,6 +53,25 @@ describe Project do
end
end
+ describe "Collaborate Rules" do
+ before do
+ @p1.project_members.create(project: @p1, user: @u2, access_level: ProjectMember::REPORTER)
+ @p1.project_members.create(project: @p1, user: @u3, access_level: ProjectMember::COLLABORATOR)
+ end
+
+ it "should deny for collaborator master-specific actions" do
+ [collab_actions - report_actions].each do |action|
+ expect(@abilities.allowed?(@u2, action, @p1)).to be_falsey
+ end
+ end
+
+ it "should allow for project user any collab actions" do
+ collab_actions.each do |action|
+ expect(@abilities.allowed?(@u3, action, @p1)).to be_truthy
+ end
+ end
+ end
+
describe "Developer Rules" do
before do
@p1.project_members.create(project: @p1, user: @u2, access_level: ProjectMember::REPORTER)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment