Merge branch 'master' into fixes/api

author: Sebastian Ziebell <sebastian.ziebell@asquera.de> 2013-02-08 10:32:42 +0100
committer: Sebastian Ziebell <sebastian.ziebell@asquera.de> 2013-02-08 10:32:42 +0100
commit: 8045a81bcf5822f1992442750e1484a93c368229 (patch)
tree: 94ce2b257f3ba002ac1a0fde70b69b622304810d /app/controllers
parent: 5d8a99f10429168e6471fdd1843f5045a10a84b3 (diff)
parent: 2f0a75ab77af430f682d67aa9bb865007d832795 (diff)
download: gitlab-ce-8045a81bcf5822f1992442750e1484a93c368229.tar.gz
5 files changed, 60 insertions, 16 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 74125e3308a..1f211bac9c2 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -4,16 +4,12 @@ class ApplicationController < ActionController::Base
   before_filter :set_current_user_for_observers
   before_filter :add_abilities
   before_filter :dev_tools if Rails.env == 'development'
+  before_filter :default_headers
 
   protect_from_forgery
 
   helper_method :abilities, :can?
 
-  rescue_from Gitlab::Gitolite::AccessDenied do |exception|
-    log_exception(exception)
-    render "errors/gitolite", layout: "errors", status: 500
-  end
-
   rescue_from Encoding::CompatibilityError do |exception|
     log_exception(exception)
     render "errors/encoding", layout: "errors", status: 500
@@ -148,4 +144,8 @@ class ApplicationController < ActionController::Base
     Rack::MiniProfiler.authorize_request
   end
 
+  def default_headers
+    headers['X-Frame-Options'] = 'DENY'
+    headers['X-XSS-Protection'] = '1; mode=block'
+  end
 end
diff --git a/app/controllers/graph_controller.rb b/app/controllers/graph_controller.rb
new file mode 100644
index 00000000000..30ec5e89db2
--- /dev/null
+++ b/app/controllers/graph_controller.rb
@@ -0,0 +1,18 @@
+class GraphController < ProjectResourceController
+  include ExtractsPath
+
+  # Authorize
+  before_filter :authorize_read_project!
+  before_filter :authorize_code_access!
+  before_filter :require_non_empty_project
+
+  def show
+    respond_to do |format|
+      format.html
+      format.json do
+        graph = Gitlab::Graph::JsonBuilder.new(project, @ref)
+        render :json => graph.to_json
+      end
+    end
+  end
+end
diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb
index 72df170f1fd..7b8649a6bdf 100644
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -6,6 +6,7 @@ class GroupsController < ApplicationController
 
   # Authorize
   before_filter :authorize_read_group!, except: [:new, :create]
+  before_filter :authorize_admin_group!, only: [:edit, :update, :destroy]
   before_filter :authorize_create_group!, only: [:new, :create]
 
   # Load group projects
@@ -84,6 +85,31 @@ class GroupsController < ApplicationController
     redirect_to people_group_path(@group), notice: 'Users was successfully added.'
   end
 
+  def edit
+  end
+
+  def update
+    group_params = params[:group].dup
+    owner_id =group_params.delete(:owner_id)
+
+    if owner_id
+      @group.owner = User.find(owner_id)
+    end
+
+    if @group.update_attributes(group_params)
+      redirect_to @group, notice: 'Group was successfully updated.'
+    else
+      render action: "edit"
+    end
+  end
+
+  def destroy
+    @group.truncate_teams
+    @group.destroy
+
+    redirect_to root_path, notice: 'Group was removed.'
+  end
+
   protected
 
   def group
@@ -106,6 +132,14 @@ class GroupsController < ApplicationController
   end
 
   def authorize_create_group!
-    can?(current_user, :create_group, nil)
+    unless can?(current_user, :create_group, nil)
+      return render_404
+    end
+  end
+
+  def authorize_admin_group!
+    unless can?(current_user, :manage_group, group)
+      return render_404
+    end
   end
 end
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 6e5e1f91381..7978ea6222c 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -90,16 +90,6 @@ class ProjectsController < ProjectResourceController
     end
   end
 
-  def graph
-    respond_to do |format|
-      format.html
-      format.json do
-        graph = Gitlab::Graph::JsonBuilder.new(project)
-        render :json => graph.to_json
-      end
-    end
-  end
-
   def destroy
     return access_denied! unless can?(current_user, :remove_project, project)
 
diff --git a/app/controllers/refs_controller.rb b/app/controllers/refs_controller.rb
index 09d9eb51b82..0e4dba3dc4b 100644
--- a/app/controllers/refs_controller.rb
+++ b/app/controllers/refs_controller.rb
@@ -13,6 +13,8 @@ class RefsController < ProjectResourceController
       format.html do
         new_path = if params[:destination] == "tree"
                      project_tree_path(@project, (@ref + "/" + params[:path]))
+                   elsif params[:destination] == "graph"
+                     project_graph_path(@project, @ref)
                    else
                      project_commits_path(@project, @ref)
                    end
author	Sebastian Ziebell <sebastian.ziebell@asquera.de>	2013-02-08 10:32:42 +0100
committer	Sebastian Ziebell <sebastian.ziebell@asquera.de>	2013-02-08 10:32:42 +0100
commit	8045a81bcf5822f1992442750e1484a93c368229 (patch)
tree	94ce2b257f3ba002ac1a0fde70b69b622304810d /app/controllers
parent	5d8a99f10429168e6471fdd1843f5045a10a84b3 (diff)
parent	2f0a75ab77af430f682d67aa9bb865007d832795 (diff)
download	gitlab-ce-8045a81bcf5822f1992442750e1484a93c368229.tar.gz