summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGrzegorz Bizon <grzegorz@gitlab.com>2018-07-27 11:07:39 +0000
committerGrzegorz Bizon <grzegorz@gitlab.com>2018-07-27 11:07:39 +0000
commit31044d41a63dd1b8f57df12b864210d84361c219 (patch)
tree831e186cd5ed4072a0883c4eac563cbcd9c70f23
parentde1b64e83d66652e21e8b2ccf562e547d72458b0 (diff)
parentb577faf785a2c04f8376e3dc597dc0d6ec0b753d (diff)
downloadgitlab-ce-31044d41a63dd1b8f57df12b864210d84361c219.tar.gz
Merge branch 'ce-7000-introduce-PolicyCheckable' into 'master'
CE: Add PolicyCheckable concern for things passing to policy check See merge request gitlab-org/gitlab-ce!20839
-rw-r--r--app/models/deploy_token.rb5
-rw-r--r--app/policies/concerns/policy_actor.rb36
-rw-r--r--config/application.rb1
-rw-r--r--spec/policies/concerns/policy_actor_spec.rb13
4 files changed, 51 insertions, 4 deletions
diff --git a/app/models/deploy_token.rb b/app/models/deploy_token.rb
index 7ab647abe93..fdbe95059e5 100644
--- a/app/models/deploy_token.rb
+++ b/app/models/deploy_token.rb
@@ -1,6 +1,7 @@
class DeployToken < ActiveRecord::Base
include Expirable
include TokenAuthenticatable
+ include PolicyActor
add_authentication_token_field :token
AVAILABLE_SCOPES = %i(read_repository read_registry).freeze
@@ -58,10 +59,6 @@ class DeployToken < ActiveRecord::Base
write_attribute(:expires_at, value.presence || Forever.date)
end
- def admin?
- false
- end
-
private
def ensure_at_least_one_scope
diff --git a/app/policies/concerns/policy_actor.rb b/app/policies/concerns/policy_actor.rb
new file mode 100644
index 00000000000..069d065280e
--- /dev/null
+++ b/app/policies/concerns/policy_actor.rb
@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+# Include this module if we want to pass something else than the user to
+# check policies. This defines several methods which the policy checker
+# would call and check.
+module PolicyActor
+ extend ActiveSupport::Concern
+
+ def blocked?
+ false
+ end
+
+ def admin?
+ false
+ end
+
+ def external?
+ false
+ end
+
+ def internal?
+ false
+ end
+
+ def access_locked?
+ false
+ end
+
+ def required_terms_not_accepted?
+ false
+ end
+
+ def can_create_group
+ false
+ end
+end
diff --git a/config/application.rb b/config/application.rb
index b4b9deee8fd..b9d4f6765e3 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -43,6 +43,7 @@ module Gitlab
#{config.root}/app/models/members
#{config.root}/app/models/project_services
#{config.root}/app/workers/concerns
+ #{config.root}/app/policies/concerns
#{config.root}/app/services/concerns
#{config.root}/app/serializers/concerns
#{config.root}/app/finders/concerns
diff --git a/spec/policies/concerns/policy_actor_spec.rb b/spec/policies/concerns/policy_actor_spec.rb
new file mode 100644
index 00000000000..27db9710a38
--- /dev/null
+++ b/spec/policies/concerns/policy_actor_spec.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe PolicyActor do
+ it 'implements all the methods from user' do
+ methods = subject.instance_methods
+
+ # User.instance_methods do not return all methods until an instance is
+ # initialized. So here we just use an instance
+ expect(build(:user).methods).to include(*methods)
+ end
+end