(refs #198)Allow group editing by group members.

src/main/scala/app/AccountController.scala

@@ -51,14 +51,20 @@ trait AccountControllerBase extends AccountManagementControllerBase {
             getActivitiesByUser(userName, true))
 
         // Members
-        case "members" if(account.isGroupAccount) =>
+        case "members" if(account.isGroupAccount) => {
-          _root_.account.html.members(account, getGroupMembers(account.userName))
+          val members = getGroupMembers(account.userName)
+          _root_.account.html.members(account, members,
+            context.loginAccount.exists(x => members.contains(x.userName)))
+        }
 
         // Repositories
-        case _ =>
+        case _ => {
+          val members = getGroupMembers(account.userName)
           _root_.account.html.repositories(account,
             if(account.isGroupAccount) Nil else getGroupsByUserName(userName),
-            getVisibleRepositories(context.loginAccount, baseUrl, Some(userName)))
+            getVisibleRepositories(context.loginAccount, baseUrl, Some(userName)),
+            context.loginAccount.exists(x => members.contains(x.userName)))
+        }
       }
     } getOrElse NotFound
   }

src/main/scala/app/CreateController.scala

@@ -13,14 +13,14 @@ import org.apache.commons.io.FileUtils
 
 class CreateController extends CreateControllerBase
   with RepositoryService with AccountService with WikiService with LabelsService with ActivityService
-  with UsersAuthenticator with ReadableUsersAuthenticator
+  with UsersAuthenticator with ReadableUsersAuthenticator with GroupMemberAuthenticator
 
 /**
  * Creates new repository or group.
  */
 trait CreateControllerBase extends AccountManagementControllerBase {
   self: RepositoryService with AccountService with WikiService with LabelsService with ActivityService
-    with UsersAuthenticator with ReadableUsersAuthenticator =>
+    with UsersAuthenticator with ReadableUsersAuthenticator with GroupMemberAuthenticator =>
 
   case class RepositoryCreationForm(owner: String, name: String, description: Option[String],
                                     isPrivate: Boolean, createReadme: Boolean)
@@ -207,13 +207,13 @@ trait CreateControllerBase extends AccountManagementControllerBase {
     redirect(s"/${form.groupName}")
   })
 
-  get("/:groupName/_edit")(usersOnly { // TODO group manager only
+  get("/:groupName/_edit")(membersOnly {
     defining(params("groupName")){ groupName =>
       html.group(getAccountByUserName(groupName, true), getGroupMembers(groupName))
     }
   })
 
-  post("/:groupName/_edit", editGroupForm)(usersOnly { form => // TODO group manager only
+  post("/:groupName/_edit", editGroupForm)(membersOnly { form =>
     defining(params("groupName"), form.memberNames.map(_.split(",").toList).getOrElse(Nil)){ case (groupName, memberNames) =>
       getAccountByUserName(groupName, true).map { account =>
         updateGroup(groupName, form.url, form.isRemoved)

src/main/scala/util/Authenticator.scala

@@ -155,3 +155,22 @@ trait ReadableUsersAuthenticator { self: ControllerBase with RepositoryService =
     }
   }
 }
+
+/**
+ * Allows only the group members.
+ */
+trait GroupMemberAuthenticator { self: ControllerBase with AccountService =>
+  protected def membersOnly(action: => Any) = { authenticate(action) }
+  protected def membersOnly[T](action: T => Any) = (form: T) => { authenticate(action(form)) }
+
+  private def authenticate(action: => Any) = {
+    {
+      defining(request.paths){ paths =>
+        context.loginAccount match {
+          case Some(x) if(getGroupMembers(paths(0)).contains(x.userName)) => action
+          case _ => Unauthorized()
+        }
+      }
+    }
+  }
+}

src/main/twirl/account/main.scala.html

@@ -1,4 +1,5 @@
-@(account: model.Account, groupNames: List[String], active: String)(body: Html)(implicit context: app.Context)
+@(account: model.Account, groupNames: List[String], active: String,
+  isGroupMember: Boolean = false)(body: Html)(implicit context: app.Context)
 @import context._
 @import view.helpers._
 @html.main(account.userName){
@@ -41,7 +42,7 @@
               </div>
             </li>
           }
-          @if(loginAccount.isDefined && account.isGroupAccount){
+          @if(loginAccount.isDefined && account.isGroupAccount && isGroupMember){
             <li class="pull-right">
               <div class="button-group">
                 <a href="@url(account.userName)/_edit" class="btn">Edit Group</a>

src/main/twirl/account/members.scala.html

@@ -1,7 +1,7 @@
-@(account: model.Account, members: List[String])(implicit context: app.Context)
+@(account: model.Account, members: List[String], isGroupMember: Boolean)(implicit context: app.Context)
 @import context._
 @import view.helpers._
-@main(account, Nil, "members"){
+@main(account, Nil, "members", isGroupMember){
   @if(members.isEmpty){
     No members
   } else {

src/main/twirl/account/repositories.scala.html

@@ -1,7 +1,9 @@
-@(account: model.Account, groupNames: List[String], repositories: List[service.RepositoryService.RepositoryInfo])(implicit context: app.Context)
+@(account: model.Account, groupNames: List[String],
+  repositories: List[service.RepositoryService.RepositoryInfo],
+  isGroupMember: Boolean)(implicit context: app.Context)
 @import context._
 @import view.helpers._
-@main(account, groupNames, "repositories"){
+@main(account, groupNames, "repositories", isGroupMember){
   @if(repositories.isEmpty){
     No repositories
   } else {

src/main/twirl/group.scala.html

@@ -3,7 +3,7 @@
 @import view.helpers._
 @main("Create a group"){
 <div style="width: 700px; margin: 10px auto;">
-  <form id="form" method="post" action="@path/groups/new" validate="true">
+  <form id="form" method="post" action="@if(account.isEmpty){@path/groups/new} else {@path/@account.get.userName/_edit}" validate="true">
       <div class="row-fluid">
         <div class="span7">
           <fieldset>