Improve personal snippet access workflow. Fixes #3258

author: Douglas Barbosa Alexandre <dbalexandre@gmail.com> 2015-10-29 18:42:29 -0200
committer: Douglas Barbosa Alexandre <dbalexandre@gmail.com> 2015-10-29 18:42:29 -0200
commit: c8fe42151291593f0f43509a70235c46fce169a1 (patch)
tree: 3b703558eb8f933f207cda50590406a479d89607 /app/models/ability.rb
parent: ead3ffd7a516911458d84311c4f1b4153f1071b5 (diff)
download: gitlab-ce-c8fe42151291593f0f43509a70235c46fce169a1.tar.gz
1 files changed, 49 insertions, 16 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb
index b72178fa126..ee2f7b5f58b 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -22,12 +22,17 @@ class Ability
     # List of possible abilities
     # for non-authenticated user
     def not_auth_abilities(user, subject)
+      return not_auth_personal_snippet_abilities(subject) if subject.kind_of?(PersonalSnippet)
+      return not_auth_project_abilities(subject) if subject.kind_of?(Project) || subject.respond_to?(:project)
+      return not_auth_group_abilities(subject) if subject.kind_of?(Group) || subject.respond_to?(:group)
+      []
+    end
+
+    def not_auth_project_abilities(subject)
       project = if subject.kind_of?(Project)
                   subject
-                elsif subject.respond_to?(:project)
-                  subject.project
                 else
-                  nil
+                  subject.project
                 end
 
       if project && project.public?
@@ -47,19 +52,29 @@ class Ability
 
         rules - project_disabled_features_rules(project)
       else
-        group = if subject.kind_of?(Group)
-                  subject
-                elsif subject.respond_to?(:group)
-                  subject.group
-                else
-                  nil
-                end
+        []
+      end
+    end
 
-        if group && group.public_profile?
-          [:read_group]
-        else
-          []
-        end
+    def not_auth_group_abilities(subject)
+      group = if subject.kind_of?(Group)
+                subject
+              else
+                subject.group
+              end
+
+      if group && group.public_profile?
+        [:read_group]
+      else
+        []
+      end
+    end
+
+    def not_auth_personal_snippet_abilities(snippet)
+      if snippet.public?
+        [:read_personal_snippet]
+      else
+        []
       end
     end
 
@@ -278,7 +293,7 @@ class Ability
       end
     end
 
-    [:note, :project_snippet, :personal_snippet].each do |name|
+    [:note, :project_snippet].each do |name|
       define_method "#{name}_abilities" do |user, subject|
         rules = []
 
@@ -298,6 +313,24 @@ class Ability
       end
     end
 
+    def personal_snippet_abilities(user, snippet)
+      rules = []
+
+      if snippet.author == user
+        rules += [
+          :read_personal_snippet,
+          :update_personal_snippet,
+          :admin_personal_snippet
+        ]
+      end
+
+      if snippet.public? || snippet.internal?
+        rules.push(:read_snippet)
+      end
+
+      rules
+    end
+
     def group_member_abilities(user, subject)
       rules = []
       target_user = subject.user
author	Douglas Barbosa Alexandre <dbalexandre@gmail.com>	2015-10-29 18:42:29 -0200
committer	Douglas Barbosa Alexandre <dbalexandre@gmail.com>	2015-10-29 18:42:29 -0200
commit	c8fe42151291593f0f43509a70235c46fce169a1 (patch)
tree	3b703558eb8f933f207cda50590406a479d89607 /app/models/ability.rb
parent	ead3ffd7a516911458d84311c4f1b4153f1071b5 (diff)
download	gitlab-ce-c8fe42151291593f0f43509a70235c46fce169a1.tar.gz