summaryrefslogtreecommitdiff
path: root/app/models/ability.rb
diff options
context:
space:
mode:
authorhttp://jneen.net/ <jneen@jneen.net>2016-08-23 17:29:40 -0700
committerhttp://jneen.net/ <jneen@jneen.net>2016-08-30 11:32:55 -0700
commitc218dd90dabb0ddff7fab09abbb348fe1c56201b (patch)
treed0efd3d7683247fe268ea3bb73ee5c4a396f4fe5 /app/models/ability.rb
parent8702cef27146ab62d44065af3f3d388c7effcedb (diff)
downloadgitlab-ce-c218dd90dabb0ddff7fab09abbb348fe1c56201b.tar.gz
make almost everything on Ability private
Diffstat (limited to 'app/models/ability.rb')
-rw-r--r--app/models/ability.rb90
1 files changed, 44 insertions, 46 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 595e6be6642..3eb8a5f6e03 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -1,6 +1,48 @@
class Ability
class << self
+ # Given a list of users and a project this method returns the users that can
+ # read the given project.
+ def users_that_can_read_project(users, project)
+ if project.public?
+ users
+ else
+ users.select do |user|
+ if user.admin?
+ true
+ elsif project.internal? && !user.external?
+ true
+ elsif project.owner == user
+ true
+ elsif project.team.members.include?(user)
+ true
+ else
+ false
+ end
+ end
+ end
+ end
+ # Returns an Array of Issues that can be read by the given user.
+ #
+ # issues - The issues to reduce down to those readable by the user.
+ # user - The User for which to check the issues
+ def issues_readable_by_user(issues, user = nil)
+ return issues if user && user.admin?
+
+ issues.select { |issue| issue.visible_to_user?(user) }
+ end
+
+ # TODO: make this private and use the actual abilities stuff for this
+ def can_edit_note?(user, note)
+ return false if !note.editable? || !user.present?
+ return true if note.author == user || user.admin?
+
+ if note.project
+ max_access_level = note.project.team.max_member_access(user.id)
+ max_access_level >= Gitlab::Access::MASTER
+ else
+ false
+ end
end
def allowed?(user, action, subject)
@@ -16,6 +58,8 @@ class Ability
RequestStore[key] ||= Set.new(uncached_allowed(user, subject)).freeze
end
+ private
+
def uncached_allowed(user, subject)
return anonymous_abilities(subject) if user.nil?
return [] unless user.is_a?(User)
@@ -44,38 +88,6 @@ class Ability
end.concat(global_abilities(user))
end
- # Given a list of users and a project this method returns the users that can
- # read the given project.
- def users_that_can_read_project(users, project)
- if project.public?
- users
- else
- users.select do |user|
- if user.admin?
- true
- elsif project.internal? && !user.external?
- true
- elsif project.owner == user
- true
- elsif project.team.members.include?(user)
- true
- else
- false
- end
- end
- end
- end
-
- # Returns an Array of Issues that can be read by the given user.
- #
- # issues - The issues to reduce down to those readable by the user.
- # user - The User for which to check the issues
- def issues_readable_by_user(issues, user = nil)
- return issues if user && user.admin?
-
- issues.select { |issue| issue.visible_to_user?(user) }
- end
-
# List of possible abilities for anonymous user
def anonymous_abilities(user, subject)
if subject.is_a?(PersonalSnippet)
@@ -420,18 +432,6 @@ class Ability
GroupProjectsFinder.new(group).execute(user).any?
end
- def can_edit_note?(user, note)
- return false if !note.editable? || !user.present?
- return true if note.author == user || user.admin?
-
- if note.project
- max_access_level = note.project.team.max_member_access(user.id)
- max_access_level >= Gitlab::Access::MASTER
- else
- false
- end
- end
-
def namespace_abilities(user, namespace)
rules = []
@@ -597,8 +597,6 @@ class Ability
self
end
- private
-
def restricted_public_level?
current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC)
end