groups_controller.rb

class GroupsController < ApplicationController
  respond_to :html
  layout 'group'

  before_filter :group
  before_filter :projects

  # Authorize
  before_filter :authorize_read_group!

  def show
    @events = Event.in_projects(project_ids).limit(20).offset(params[:offset] || 0)
    @last_push = current_user.recent_push

    respond_to do |format|
      format.html
      format.js
      format.atom { render layout: false }
    end
  end

  # Get authored or assigned open merge requests
  def merge_requests
    @merge_requests = current_user.cared_merge_requests
    @merge_requests = @merge_requests.of_group(@group).recent.page(params[:page]).per(20)
  end

  # Get only assigned issues
  def issues
    @user   = current_user
    @issues = current_user.assigned_issues.opened
    @issues = @issues.of_group(@group).recent.page(params[:page]).per(20)
    @issues = @issues.includes(:author, :project)

    respond_to do |format|
      format.html
      format.atom { render layout: false }
    end
  end

  def search
    result = SearchContext.new(project_ids, params).execute

    @projects       = result[:projects]
    @merge_requests = result[:merge_requests]
    @issues         = result[:issues]
  end

  def people
    @project = group.projects.find(params[:project_id]) if params[:project_id]
    @users = @project ? @project.users : group.users
    @users.sort_by!(&:name)

    if @project
      @team_member = @project.users_projects.new
    end
  end

  protected

  def group
    @group ||= Group.find_by_path(params[:id])
  end

  def projects
    @projects ||= group.projects.authorized_for(current_user).sorted_by_activity
  end

  def project_ids
    projects.map(&:id)
  end

  # Dont allow unauthorized access to group
  def authorize_read_group!
    unless projects.present? or can?(current_user, :manage_group, @group)
      return render_404
    end
  end
end