diff options
author | Kamil Trzciński <ayufan@ayufan.eu> | 2018-12-30 10:54:08 +0000 |
---|---|---|
committer | Kamil Trzciński <ayufan@ayufan.eu> | 2018-12-30 10:54:08 +0000 |
commit | c07bf1abf2a5c3751e575ee5926e9a052fa0b341 (patch) | |
tree | 6015d25af837f2269352e4d43477ea2f67e800ff /app/policies/group_policy.rb | |
parent | e962baf4417e59cbb2ef8621ef0662f93f180f92 (diff) | |
parent | 01ed3a1511be5d2076b5f602839ca0046055dd8b (diff) | |
download | gitlab-ce-c07bf1abf2a5c3751e575ee5926e9a052fa0b341.tar.gz |
Merge branch '34758-extend-can-create-cluster-logic' into 'master'
Allow user to add cluster when there are ancestor clusters
See merge request gitlab-org/gitlab-ce!23569
Diffstat (limited to 'app/policies/group_policy.rb')
-rw-r--r-- | app/policies/group_policy.rb | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index f07bb188265..c25766a5af8 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true class GroupPolicy < BasePolicy + include ClusterableActions + desc "Group is public" with_options scope: :subject, score: 0 condition(:public_group) { @subject.public? } @@ -27,6 +29,9 @@ class GroupPolicy < BasePolicy GroupProjectsFinder.new(group: @subject, current_user: @user, options: { include_subgroups: true }).execute.any? end + condition(:has_clusters, scope: :subject) { clusterable_has_clusters? } + condition(:can_have_multiple_clusters) { multiple_clusters_available? } + with_options scope: :subject, score: 0 condition(:request_access_enabled) { @subject.request_access_enabled } @@ -45,7 +50,7 @@ class GroupPolicy < BasePolicy enable :read_label end - rule { admin } .enable :read_group + rule { admin }.enable :read_group rule { has_projects }.policy do enable :read_group @@ -67,6 +72,7 @@ class GroupPolicy < BasePolicy enable :admin_pipeline enable :admin_build enable :read_cluster + enable :add_cluster enable :create_cluster enable :update_cluster enable :admin_cluster @@ -106,6 +112,8 @@ class GroupPolicy < BasePolicy rule { owner & (~share_with_group_locked | ~has_parent | ~parent_share_with_group_locked | can_change_parent_share_with_group_lock) }.enable :change_share_with_group_lock + rule { ~can_have_multiple_clusters & has_clusters }.prevent :add_cluster + def access_level return GroupMember::NO_ACCESS if @user.nil? |