port runners, namespaces, group/project_members

author: http://jneen.net/ <jneen@jneen.net> 2016-08-18 09:52:35 -0700
committer: http://jneen.net/ <jneen@jneen.net> 2016-08-30 11:39:22 -0700
commit: 5019185edd7718b262eb5ae94f21763f230f0557 (patch)
tree: 87fe3b1d6ed440dc4d0ef09138010e801cdaac5a /app/models/ability.rb
parent: 29059c2e9c7be418d2a99a136934c6d9cca5fccd (diff)
download: gitlab-ce-5019185edd7718b262eb5ae94f21763f230f0557.tar.gz
1 files changed, 0 insertions, 58 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 794fb1223e3..7c4210f0706 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -73,12 +73,8 @@ class Ability
 
     def abilities_by_subject_class(user:, subject:)
       case subject
-      when Namespace then namespace_abilities(user, subject)
-      when GroupMember then group_member_abilities(user, subject)
-      when ProjectMember then project_member_abilities(user, subject)
       when User then user_abilities
       when ExternalIssue, Deployment, Environment then project_abilities(user, subject.project)
-      when Ci::Runner then runner_abilities(user, subject)
       else []
       end + global_abilities(user)
     end
@@ -112,48 +108,6 @@ class Ability
       ProjectPolicy.abilities(user, project).to_a
     end
 
-    def can_read_group?(user, group)
-      return true if user.admin?
-      return true if group.public?
-      return true if group.internal? && !user.external?
-      return true if group.users.include?(user)
-
-      GroupProjectsFinder.new(group).execute(user).any?
-    end
-
-    def namespace_abilities(user, namespace)
-      rules = []
-
-      # Only namespace owner and administrators can admin it
-      if namespace.owner == user || user.admin?
-        rules += [
-          :create_projects,
-          :admin_namespace
-        ]
-      end
-
-      rules.flatten
-    end
-
-    def group_member_abilities(user, subject)
-      rules = []
-      target_user = subject.user
-      group = subject.group
-
-      unless group.last_owner?(target_user)
-        can_manage = allowed?(user, :admin_group_member, group)
-
-        if can_manage
-          rules << :update_group_member
-          rules << :destroy_group_member
-        elsif user == target_user
-          rules << :destroy_group_member
-        end
-      end
-
-      rules
-    end
-
     def project_member_abilities(user, subject)
       rules = []
       target_user = subject.user
@@ -182,18 +136,6 @@ class Ability
       rules
     end
 
-    def runner_abilities(user, runner)
-      if user.is_admin?
-        [:assign_runner]
-      elsif runner.is_shared? || runner.locked?
-        []
-      elsif user.ci_authorized_runners.include?(runner)
-        [:assign_runner]
-      else
-        []
-      end
-    end
-
     def user_abilities
       [:read_user]
     end
author	http://jneen.net/ <jneen@jneen.net>	2016-08-18 09:52:35 -0700
committer	http://jneen.net/ <jneen@jneen.net>	2016-08-30 11:39:22 -0700
commit	5019185edd7718b262eb5ae94f21763f230f0557 (patch)
tree	87fe3b1d6ed440dc4d0ef09138010e801cdaac5a /app/models/ability.rb
parent	29059c2e9c7be418d2a99a136934c6d9cca5fccd (diff)
download	gitlab-ce-5019185edd7718b262eb5ae94f21763f230f0557.tar.gz