Abiliy to disable 'Share with Group' feature

406587a4 · Valery Sizov · 56fee497 · 406587a4 · 406587a4 · 406587a4
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -135,7 +135,7 @@ def determine_layout
  end

  def group_params
-    params.require(:group).permit(:name, :description, :path, :avatar, :membership_lock)
+    params.require(:group).permit(:name, :description, :path, :avatar, :membership_lock, :share_with_group_lock)
  end

  def load_events

--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -777,4 +777,8 @@ def approver_ids=(value)
      approvers.find_or_create_by(user_id: user_id, target_id: id)
    end
  end
+
+  def allowed_to_share_with_group?
+    !namespace.share_with_group_lock
+  end
 end
--- a/app/models/project_team.rb
+++ b/app/models/project_team.rb
@@ -145,7 +145,7 @@ def max_member_access(user_id)
      access << group.group_members.find_by(user_id: user_id).try(:access_field)
    end

-    if project.invited_groups.any?
+    if project.invited_groups.any? && project.allowed_to_share_with_group?
      access << max_invited_level(user_id)
    end

@@ -175,7 +175,7 @@ def fetch_members(level = nil)
    group_members = group ? group.group_members : []
    invited_members = []

-    if project.invited_groups.any?
+    if project.invited_groups.any? && project.allowed_to_share_with_group?
      project.project_group_links.each do |group_link|
        invited_group = group_link.group
        im = invited_group.group_members

--- a/app/views/groups/edit.html.haml
+++ b/app/views/groups/edit.html.haml
@@ -27,13 +27,22 @@

      .form-group
        %hr
-        = f.label :name, class: 'control-label' do
+        = f.label :membership_lock, class: 'control-label' do
          Member lock
        .col-sm-10
          .checkbox
            = f.check_box :membership_lock
            %span.descr Prevent adding new members to project membership within this group

+      .form-group
+        %hr
+        = f.label :share_with_group_lock, class: 'control-label' do
+          Share with group lock
+        .col-sm-10
+          .checkbox
+            = f.check_box :share_with_group_lock
+            %span.descr Prevent sharing a project with another group within this group
+
      .form-actions
        = f.submit 'Save group', class: "btn btn-save"


--- a/app/views/layouts/nav/_project_settings.html.haml
+++ b/app/views/layouts/nav/_project_settings.html.haml
@@ -13,11 +13,12 @@
        = icon('pencil-square-o fw')
        %span
          Project Settings
-    = nav_link(controller: :group_links) do
-      = link_to namespace_project_group_links_path(@project.namespace, @project) do
-        = icon('share-square-o fw')
-        %span
-          Groups
+    - if @project.allowed_to_share_with_group?
+      = nav_link(controller: :group_links) do
+        = link_to namespace_project_group_links_path(@project.namespace, @project) do
+          = icon('share-square-o fw')
+          %span
+            Groups
    = nav_link(controller: :deploy_keys) do
      = link_to namespace_project_deploy_keys_path(@project.namespace, @project), title: 'Deploy Keys', data: {placement: 'right'} do
        = icon('key fw')

--- a/app/views/projects/project_members/index.html.haml
+++ b/app/views/projects/project_members/index.html.haml
@@ -32,7 +32,7 @@

 - if @group
  = render "group_members", members: @group_members
- if @project_group_links.any?
+- if @project_group_links.any? && @project.allowed_to_share_with_group?
  = render "shared_group_members"

 :coffeescript

--- a/db/migrate/20150930110012_add_group_share_lock.rb
+++ b/db/migrate/20150930110012_add_group_share_lock.rb
+class AddGroupShareLock < ActiveRecord::Migration
+  def change
+    add_column :namespaces, :share_with_group_lock, :boolean, default: false
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 20150920161119) do
+ActiveRecord::Schema.define(version: 20150930110012) do

  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
@@ -549,15 +549,16 @@
  add_index "milestones", ["project_id"], name: "index_milestones_on_project_id", using: :btree

  create_table "namespaces", force: true do |t|
-    t.string   "name",                            null: false
-    t.string   "path",                            null: false
+    t.string   "name",                                  null: false
+    t.string   "path",                                  null: false
    t.integer  "owner_id"
    t.datetime "created_at"
    t.datetime "updated_at"
    t.string   "type"
-    t.string   "description",     default: "",    null: false
+    t.string   "description",           default: "",    null: false
    t.string   "avatar"
-    t.boolean  "membership_lock", default: false
+    t.boolean  "membership_lock",       default: false
+    t.boolean  "share_with_group_lock", default: false
  end

  add_index "namespaces", ["created_at", "id"], name: "index_namespaces_on_created_at_and_id", using: :btree

--- a/lib/api/groups.rb
+++ b/lib/api/groups.rb
@@ -23,15 +23,18 @@ class Groups < Grape::API
      # Create group. Available only for users who can create groups.
      #
      # Parameters:
-      #   name (required) - The name of the group
-      #   path (required) - The path of the group
+      #   name                  (required) - The name of the group
+      #   path                  (required) - The path of the group
+      #   description           (optional) - The details of the group
+      #   membership_lock       (optional, boolean) - Prevent adding new members to project membership within this group
+      #   share_with_group_lock (optional, boolean) - Prevent sharing a project with another group within this group
      # Example Request:
      #   POST /groups
      post do
        authorize! :create_group, current_user
        required_attributes! [:name, :path]

-        attrs = attributes_for_keys [:name, :path, :description]
+        attrs = attributes_for_keys [:name, :path, :description, :membership_lock, :share_with_group_lock]
        @group = Group.new(attrs)

        if @group.save
@@ -51,6 +54,29 @@ class Groups < Grape::API
        end
      end

+      # Update group. Available only for users who can manage this group.
+      #
+      # Parameters:
+      #   id                    (required) - The ID of a group
+      #   name                  (required) - The name of the group
+      #   path                  (required) - The path of the group
+      #   description           (optional) - The details of the group
+      #   membership_lock       (optional, boolean) - Prevent adding new members to project membership within this group
+      #   share_with_group_lock (optional, boolean) - Prevent sharing a project with another group within this group
+      # Example Request:
+      #   PUT /groups/:id
+      put ":id" do
+        attrs = attributes_for_keys [:name, :path, :description, :membership_lock, :share_with_group_lock]
+        @group = find_group(params[:id])
+        authorize! :admin_group, @group
+
+        if @group.update_attributes(attrs)
+          present @group, with: Entities::Group
+        else
+          render_api_error!("Failed to update group #{@group.errors.messages}", 400)
+        end
+      end
+
      # Get a single group, with containing projects
      #
      # Parameters:

--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -264,6 +264,10 @@ def map_public_to_visibility_level(attrs)
      post ":id/share" do
        authorize! :admin_project, user_project
        required_attributes! [:group_id, :group_access]
+        
+        unless user_project.allowed_to_share_with_group?
+          return render_api_error!("The project sharing with group is disabled")
+        end

        link = user_project.project_group_links.new
        link.group_id = params[:group_id]

--- a/spec/requests/api/groups_spec.rb
+++ b/spec/requests/api/groups_spec.rb
@@ -142,6 +142,24 @@
    end
  end

+  describe "PUT /groups" do
+    context "when authenticated as user without group permissions" do
+      it "should not create group" do
+        put api("/groups/#{group2.id}", user1), attributes_for(:group)
+        expect(response.status).to eq(403)
+      end
+    end
+
+    context "when authenticated as user with group permissions" do
+      it "should update group" do
+        group2.update(owner: user2)
+        put api("/groups/#{group2.id}", user2), { name: 'Renamed' }
+        expect(response.status).to eq(200)
+        expect(group2.reload.name).to eq('Renamed')
+      end
+    end
+  end
+
  describe "DELETE /groups/:id" do
    context "when authenticated as user" do
      it "should remove group" do