diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-05-19 15:44:42 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-05-19 15:44:42 +0000 |
commit | 4555e1b21c365ed8303ffb7a3325d773c9b8bf31 (patch) | |
tree | 5423a1c7516cffe36384133ade12572cf709398d /app/policies/ci | |
parent | e570267f2f6b326480d284e0164a6464ba4081bc (diff) | |
download | gitlab-ce-4555e1b21c365ed8303ffb7a3325d773c9b8bf31.tar.gz |
Add latest changes from gitlab-org/gitlab@13-12-stable-eev13.12.0-rc42
Diffstat (limited to 'app/policies/ci')
-rw-r--r-- | app/policies/ci/build_policy.rb | 9 | ||||
-rw-r--r-- | app/policies/ci/stage_policy.rb | 7 |
2 files changed, 13 insertions, 3 deletions
diff --git a/app/policies/ci/build_policy.rb b/app/policies/ci/build_policy.rb index 65f2a70672b..6162a31c118 100644 --- a/app/policies/ci/build_policy.rb +++ b/app/policies/ci/build_policy.rb @@ -21,7 +21,7 @@ module Ci end # overridden in EE - condition(:protected_environment_access) do + condition(:protected_environment) do false end @@ -68,7 +68,10 @@ module Ci rule { project_read_build }.enable :read_build_trace rule { debug_mode & ~project_update_build }.prevent :read_build_trace - rule { ~protected_environment_access & (protected_ref | archived) }.policy do + # Authorizing the user to access to protected entities. + # There is a "jailbreak" mode to exceptionally bypass the authorization, + # however, you should NEVER allow it, rather suspect it's a wrong feature/product design. + rule { ~can?(:jailbreak) & (archived | protected_ref | protected_environment) }.policy do prevent :update_build prevent :update_commit_status prevent :erase_build @@ -108,4 +111,4 @@ module Ci end end -Ci::BuildPolicy.prepend_if_ee('EE::Ci::BuildPolicy') +Ci::BuildPolicy.prepend_mod_with('Ci::BuildPolicy') diff --git a/app/policies/ci/stage_policy.rb b/app/policies/ci/stage_policy.rb new file mode 100644 index 00000000000..1e774df9f58 --- /dev/null +++ b/app/policies/ci/stage_policy.rb @@ -0,0 +1,7 @@ +# frozen_string_literal: true + +module Ci + class StagePolicy < BasePolicy + delegate :pipeline + end +end |