diff options
author | Mayra Cabrera <mcabrera@gitlab.com> | 2018-12-04 15:38:15 -0600 |
---|---|---|
committer | Mayra Cabrera <mcabrera@gitlab.com> | 2018-12-24 10:28:40 -0600 |
commit | 01ed3a1511be5d2076b5f602839ca0046055dd8b (patch) | |
tree | e4f825cfb92c1a2fd470ac3fb3f50ededdeebbd2 /app/policies/group_policy.rb | |
parent | 4a10c813e726d09216c534bb0ad0ae50a0400259 (diff) | |
download | gitlab-ce-01ed3a1511be5d2076b5f602839ca0046055dd8b.tar.gz |
Allow users to add cluster with ancestors
Include a new policy in Clusterables
(projects and groups), which checks if another cluster
can be added
clusterable_has_cluster? and multiple_clusters_available
private methods will be overriden in EE
Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/34758
Diffstat (limited to 'app/policies/group_policy.rb')
-rw-r--r-- | app/policies/group_policy.rb | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index 6b4e56ef5e4..ac98b80dc5c 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true class GroupPolicy < BasePolicy + include ClusterableActions + desc "Group is public" with_options scope: :subject, score: 0 condition(:public_group) { @subject.public? } @@ -27,6 +29,9 @@ class GroupPolicy < BasePolicy GroupProjectsFinder.new(group: @subject, current_user: @user, options: { include_subgroups: true }).execute.any? end + condition(:has_clusters, scope: :subject) { clusterable_has_clusters? } + condition(:can_have_multiple_clusters) { multiple_clusters_available? } + with_options scope: :subject, score: 0 condition(:request_access_enabled) { @subject.request_access_enabled } @@ -44,7 +49,7 @@ class GroupPolicy < BasePolicy enable :read_label end - rule { admin } .enable :read_group + rule { admin }.enable :read_group rule { has_projects }.policy do enable :read_group @@ -66,6 +71,7 @@ class GroupPolicy < BasePolicy enable :admin_pipeline enable :admin_build enable :read_cluster + enable :add_cluster enable :create_cluster enable :update_cluster enable :admin_cluster @@ -105,6 +111,8 @@ class GroupPolicy < BasePolicy rule { owner & (~share_with_group_locked | ~has_parent | ~parent_share_with_group_locked | can_change_parent_share_with_group_lock) }.enable :change_share_with_group_lock + rule { ~can_have_multiple_clusters & has_clusters }.prevent :add_cluster + def access_level return GroupMember::NO_ACCESS if @user.nil? |