diff options
| author | Michael Kozono <mkozono@gmail.com> | 2017-09-07 09:42:15 -0700 |
|---|---|---|
| committer | Michael Kozono <mkozono@gmail.com> | 2017-09-07 09:42:15 -0700 |
| commit | 95f4dd4f1501f3901908f444790eea06f3d703bb (patch) | |
| tree | 5ef768b21980f45ec3e5f276bb818c77800e8293 | |
| parent | 1feeea9c6af5d683f18c021df16e4eedfa9306e0 (diff) | |
| download | gitlab-ce-95f4dd4f1501f3901908f444790eea06f3d703bb.tar.gz | |
Optimize policy rule
| -rw-r--r-- | app/policies/group_policy.rb | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index db889892da0..d9fd6501419 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -15,9 +15,10 @@ class GroupPolicy < BasePolicy condition(:nested_groups_supported, scope: :global) { Group.supports_nested_groups? } + condition(:has_parent, scope: :subject) { @subject.has_parent? } condition(:share_with_group_locked, scope: :subject) { @subject.share_with_group_lock? } condition(:parent_share_with_group_locked, scope: :subject) { @subject.parent&.share_with_group_lock? } - condition(:can_change_parent_share_with_group_lock) { @subject.has_parent? && can?(:change_share_with_group_lock, @subject.parent) } + condition(:can_change_parent_share_with_group_lock) { can?(:change_share_with_group_lock, @subject.parent) } condition(:has_projects) do GroupProjectsFinder.new(group: @subject, current_user: @user).execute.any? @@ -58,7 +59,7 @@ class GroupPolicy < BasePolicy rule { ~can?(:view_globally) }.prevent :request_access rule { has_access }.prevent :request_access - rule { owner & (~share_with_group_locked | ~parent_share_with_group_locked | can_change_parent_share_with_group_lock) }.enable :change_share_with_group_lock + rule { owner & (~share_with_group_locked | ~has_parent | ~parent_share_with_group_locked | can_change_parent_share_with_group_lock) }.enable :change_share_with_group_lock def access_level return GroupMember::NO_ACCESS if @user.nil? |