diff options
| author | Bob Van Landuyt <bob@vanlanduyt.co> | 2017-12-11 15:21:06 +0100 |
|---|---|---|
| committer | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-02-22 17:11:36 +0100 |
| commit | 148816cd67a314f17e79c107270cc708501bdd39 (patch) | |
| tree | eba07d109322392bb5862b715adc066a0ebbdf95 /app/models/ability.rb | |
| parent | b5306075c21f5546d1447052558da6227629c15e (diff) | |
| download | gitlab-ce-148816cd67a314f17e79c107270cc708501bdd39.tar.gz | |
Port `read_cross_project` ability from EE
Diffstat (limited to 'app/models/ability.rb')
| -rw-r--r-- | app/models/ability.rb | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb index 0b6bcbde5d9..6dae49f38dc 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -22,12 +22,30 @@ class Ability # # issues - The issues to reduce down to those readable by the user. # user - The User for which to check the issues - def issues_readable_by_user(issues, user = nil) + # filters - A hash of abilities and filters to apply if the user lacks this + # ability + def issues_readable_by_user(issues, user = nil, filters: {}) + issues = apply_filters_if_needed(issues, user, filters) + DeclarativePolicy.user_scope do issues.select { |issue| issue.visible_to_user?(user) } end end + # Returns an Array of MergeRequests that can be read by the given user. + # + # merge_requests - MRs out of which to collect mr's readable by the user. + # user - The User for which to check the merge_requests + # filters - A hash of abilities and filters to apply if the user lacks this + # ability + def merge_requests_readable_by_user(merge_requests, user = nil, filters: {}) + merge_requests = apply_filters_if_needed(merge_requests, user, filters) + + DeclarativePolicy.user_scope do + merge_requests.select { |mr| allowed?(user, :read_merge_request, mr) } + end + end + def can_edit_note?(user, note) allowed?(user, :edit_note, note) end @@ -53,5 +71,15 @@ class Ability cache = RequestStore.active? ? RequestStore : {} DeclarativePolicy.policy_for(user, subject, cache: cache) end + + private + + def apply_filters_if_needed(elements, user, filters) + filters.each do |ability, filter| + elements = filter.call(elements) unless allowed?(user, ability) + end + + elements + end end end |