BigW Consortium Gitlab

group_members_controller.rb 2.71 KB
Newer Older
1
class Groups::GroupMembersController < Groups::ApplicationController
2 3
  skip_before_action :authenticate_user!, only: [:index]
  before_action :group
4 5

  # Authorize
6 7
  before_action :authorize_read_group!
  before_action :authorize_admin_group!, except: [:index, :leave]
Douwe Maan committed
8
  before_action :authorize_admin_group_member!, only: [:create, :resend_invite]
9

10 11 12
  def index
    @project = @group.projects.find(params[:project_id]) if params[:project_id]
    @members = @group.group_members
13
    @members = @members.non_invite unless can?(current_user, :admin_group, @group)
14 15 16 17 18 19 20 21 22

    if params[:search].present?
      users = @group.users.search(params[:search]).to_a
      @members = @members.where(user_id: users)
    end

    @members = @members.order('access_level DESC').page(params[:page]).per(50)
    @group_member = GroupMember.new
  end
23 24

  def create
25
    @group.add_users(params[:user_ids].split(','), params[:access_level], current_user)
26

27
    redirect_to group_group_members_path(@group), notice: 'Users were successfully added.'
28 29 30
  end

  def update
31
    @member = @group.group_members.find(params[:id])
32 33 34

    return render_403 unless can?(current_user, :update_group_member, @member)

35
    @member.update_attributes(member_params)
36 37 38
  end

  def destroy
39
    @group_member = @group.group_members.find(params[:id])
40

41 42
    if can?(current_user, :destroy_group_member, @group_member)  # May fail if last owner.
      @group_member.destroy
43
      respond_to do |format|
44
        format.html { redirect_to group_group_members_path(@group), notice: 'User was successfully removed from group.' }
45 46 47 48
        format.js { render nothing: true }
      end
    else
      return render_403
49 50 51
    end
  end

52
  def resend_invite
53
    redirect_path = group_group_members_path(@group)
54

55
    @group_member = @group.group_members.find(params[:id])
56

57 58 59
    if @group_member.invite?
      @group_member.resend_invite

60
      redirect_to redirect_path, notice: 'The invitation was successfully resent.'
61
    else
62
      redirect_to redirect_path, alert: 'The invitation has already been accepted.'
63 64 65
    end
  end

66 67
  def leave
    @group_member = @group.group_members.where(user_id: current_user.id).first
68

69 70
    if can?(current_user, :destroy_group_member, @group_member)
      @group_member.destroy
71
      redirect_to(dashboard_groups_path, notice: "You left #{group.name} group.")
72
    else
73 74 75 76 77
      if @group.last_owner?(current_user)
        redirect_to(dashboard_groups_path, alert: "You can not leave #{group.name} group because you're the last owner. Transfer or delete the group.")
      else
        return render_403
      end
78 79 80
    end
  end

81 82 83
  protected

  def group
skv committed
84
    @group ||= Group.find_by(path: params[:group_id])
85 86
  end

87
  def member_params
88
    params.require(:group_member).permit(:access_level, :user_id)
89
  end
90
end