diff options
author | Zeger-Jan van de Weg <zegerjan@gitlab.com> | 2016-03-10 22:08:11 +0100 |
---|---|---|
committer | Zeger-Jan van de Weg <zegerjan@gitlab.com> | 2016-03-13 19:08:04 +0100 |
commit | 42fcd3881fcece5c9bd4b720460d6cade573b151 (patch) | |
tree | acabaaa610da27413ffdd7b5a0dd1610d3772a4c /app/models/ability.rb | |
parent | 065de4ab791373f7e6b8b5d3b73b5fe7c9e8e7c5 (diff) | |
download | gitlab-ce-42fcd3881fcece5c9bd4b720460d6cade573b151.tar.gz |
External Users
The user has the rights of a public user execpt it can never create a project,
group, or team. Also it cant view internal projects.
Diffstat (limited to 'app/models/ability.rb')
-rw-r--r-- | app/models/ability.rb | 34 |
1 files changed, 17 insertions, 17 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb index fe9e0aab717..ccac08b7d3f 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -109,23 +109,10 @@ class Ability key = "/user/#{user.id}/project/#{project.id}" RequestStore.store[key] ||= begin - team = project.team + # Push abilities on the users team role + rules.push(*project_team_rules(project.team, user)) - # Rules based on role in project - if team.master?(user) - rules.push(*project_master_rules) - - elsif team.developer?(user) - rules.push(*project_dev_rules) - - elsif team.reporter?(user) - rules.push(*project_report_rules) - - elsif team.guest?(user) - rules.push(*project_guest_rules) - end - - if project.public? || project.internal? + if project.public? || (project.internal? && !user.external?) rules.push(*public_project_rules) # Allow to read builds for internal projects @@ -148,6 +135,19 @@ class Ability end end + def project_team_rules(team, user) + # Rules based on role in project + if team.master?(user) + project_master_rules + elsif team.developer?(user) + project_dev_rules + elsif team.reporter?(user) + project_report_rules + elsif team.guest?(user) + project_guest_rules + end + end + def public_project_rules @public_project_rules ||= project_guest_rules + [ :download_code, @@ -356,7 +356,7 @@ class Ability ] end - if snippet.public? || snippet.internal? + if snippet.public? || (snippet.internal? && !user.external?) rules << :read_personal_snippet end |