Move public access setting to its own end point

services/web/Gruntfile.coffee

@@ -143,6 +143,7 @@ module.exports = (grunt) ->
 			acceptance:
 				src: ["test/acceptance/js/#{grunt.option('feature') or '**'}/*.js"]
 				options:
+					timeout: 10000
 					reporter: grunt.option('reporter') or 'spec'
 					grep: grunt.option("grep")
 

services/web/app/coffee/Features/Project/ProjectController.coffee

@@ -42,6 +42,14 @@ module.exports = ProjectController =
 			jobs.push (callback) ->
 				editorController.setRootDoc project_id, req.body.rootDocId, callback
 
+		async.series jobs, (error) ->
+			return next(error) if error?
+			res.sendStatus(204)
+			
+	updateProjectAdminSettings: (req, res, next) ->
+		project_id = req.params.Project_id
+		
+		jobs = []
 		if req.body.publicAccessLevel?
 			jobs.push (callback) ->
 				editorController.setPublicAccessLevel project_id, req.body.publicAccessLevel, callback

services/web/app/coffee/router.coffee

@@ -103,6 +103,7 @@ module.exports = class Router
 		}), SecurityManager.requestCanAccessProject, ProjectController.loadEditor
 		webRouter.get  '/Project/:Project_id/file/:File_id', SecurityManager.requestCanAccessProject, FileStoreController.getFile
 		webRouter.post '/project/:Project_id/settings', SecurityManager.requestCanModifyProject, ProjectController.updateProjectSettings
+		webRouter.post '/project/:Project_id/settings/admin', SecurityManager.requestIsOwner, ProjectController.updateProjectAdminSettings
 
 		webRouter.post '/project/:Project_id/compile', SecurityManager.requestCanAccessProject, CompileController.compile
 		webRouter.get  '/Project/:Project_id/output/output.pdf', SecurityManager.requestCanAccessProject, CompileController.downloadPdf

services/web/public/coffee/ide/settings/services/settings.coffee

@@ -10,5 +10,10 @@ define [
 			saveProjectSettings: (data) ->
 				data._csrf = window.csrfToken
 				ide.$http.post "/project/#{ide.project_id}/settings", data
+				
+			saveProjectAdminSettings: (data) ->
+				data._csrf = window.csrfToken
+				ide.$http.post "/project/#{ide.project_id}/settings/admin", data
+				
 		}
 	]

services/web/public/coffee/ide/share/controllers/ShareProjectModalController.coffee

@@ -143,7 +143,7 @@ define [
 
 		$scope.makePublic = () ->
 			$scope.project.publicAccesLevel = $scope.inputs.privileges
-			settings.saveProjectSettings({publicAccessLevel: $scope.inputs.privileges})
+			settings.saveProjectAdminSettings({publicAccessLevel: $scope.inputs.privileges})
 			$modalInstance.close()
 
 		$scope.cancel = () ->
@@ -153,7 +153,7 @@ define [
 	App.controller "MakePrivateModalController", ["$scope", "$modalInstance", "settings", ($scope, $modalInstance, settings) ->
 		$scope.makePrivate = () ->
 			$scope.project.publicAccesLevel = "private"
-			settings.saveProjectSettings({publicAccessLevel: "private"})
+			settings.saveProjectAdminSettings({publicAccessLevel: "private"})
 			$modalInstance.close()
 
 		$scope.cancel = () ->

services/web/test/UnitTests/coffee/Project/ProjectControllerTests.coffee

@@ -126,18 +126,6 @@ describe "ProjectController", ->
 				done()
 			@ProjectController.updateProjectSettings @req, @res
 
-		it "should update the public access level", (done) ->
-			@EditorController.setPublicAccessLevel = sinon.stub().callsArg(2)
-			@req.body =
-				publicAccessLevel: @publicAccessLevel = "readonly"
-			@res.sendStatus = (code) =>
-				@EditorController.setPublicAccessLevel
-					.calledWith(@project_id, @publicAccessLevel)
-					.should.equal true
-				code.should.equal 204
-				done()
-			@ProjectController.updateProjectSettings @req, @res
-
 		it "should update the root doc", (done) ->
 			@EditorController.setRootDoc = sinon.stub().callsArg(2)
 			@req.body =
@@ -149,6 +137,19 @@ describe "ProjectController", ->
 				code.should.equal 204
 				done()
 			@ProjectController.updateProjectSettings @req, @res
+	
+	describe "updateProjectAdminSettings", ->
+		it "should update the public access level", (done) ->
+			@EditorController.setPublicAccessLevel = sinon.stub().callsArg(2)
+			@req.body =
+				publicAccessLevel: @publicAccessLevel = "readonly"
+			@res.sendStatus = (code) =>
+				@EditorController.setPublicAccessLevel
+					.calledWith(@project_id, @publicAccessLevel)
+					.should.equal true
+				code.should.equal 204
+				done()
+			@ProjectController.updateProjectAdminSettings @req, @res
 
 	describe "deleteProject", ->
 		it "should tell the project deleter to archive when forever=false", (done)->

services/web/test/acceptance/coffee/AuthorizationTests.coffee

@@ -56,7 +56,7 @@ class User
 	
 	makePublic: (project_id, level, callback = (error) ->) ->
 		@request.post {
-			url: "/project/#{project_id}/settings",
+			url: "/project/#{project_id}/settings/admin",
 			json:
 				publicAccessLevel: level
 		}, (error, response, body) ->
@@ -78,7 +78,7 @@ class User
 			callback()
 
 try_read_access = (user, project_id, test, callback) ->
-	async.parallel [
+	async.series [
 		(cb) ->
 			user.request.get "/project/#{project_id}", (error, response, body) ->
 				return cb(error) if error?
@@ -92,7 +92,7 @@ try_read_access = (user, project_id, test, callback) ->
 	], callback
 
 try_settings_write_access = (user, project_id, test, callback) ->
-	async.parallel [
+	async.series [
 		(cb) ->
 			user.request.post {
 				uri: "/project/#{project_id}/settings"
@@ -105,7 +105,7 @@ try_settings_write_access = (user, project_id, test, callback) ->
 	], callback
 
 try_admin_access = (user, project_id, test, callback) ->
-	async.parallel [
+	async.series [
 		(cb) ->
 			user.request.post {
 				uri: "/project/#{project_id}/rename"
@@ -115,6 +115,15 @@ try_admin_access = (user, project_id, test, callback) ->
 				return cb(error) if error?
 				test(response, body)
 				cb()
+		(cb) ->
+			user.request.post {
+				uri: "/project/#{project_id}/settings/admin"
+				json:
+					publicAccessLevel: "private"
+			}, (error, response, body) ->
+				return cb(error) if error?
+				test(response, body)
+				cb()
 	], callback
 
 try_content_access = (user, project_id, test, callback) ->
@@ -198,7 +207,7 @@ describe "Authorization", ->
 		@other1 = new User()
 		@other2 = new User()
 		@anon = new User()
-		async.parallel [
+		async.series [
 			(cb) => @owner.login cb
 			(cb) => @other1.login cb
 			(cb) => @other2.login cb