diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-10-20 09:40:42 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-10-20 09:40:42 +0000 |
| commit | ee664acb356f8123f4f6b00b73c1e1cf0866c7fb (patch) | |
| tree | f8479f94a28f66654c6a4f6fb99bad6b4e86a40e /app/policies/group_policy.rb | |
| parent | 62f7d5c5b69180e82ae8196b7b429eeffc8e7b4f (diff) | |
| download | gitlab-ce-ee664acb356f8123f4f6b00b73c1e1cf0866c7fb.tar.gz | |
Add latest changes from gitlab-org/gitlab@15-5-stable-eev15.5.0-rc42
Diffstat (limited to 'app/policies/group_policy.rb')
| -rw-r--r-- | app/policies/group_policy.rb | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index 96da0518dc0..7a0fb10928a 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -35,15 +35,15 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy with_options scope: :subject, score: 0 condition(:request_access_enabled) { @subject.request_access_enabled } - condition(:create_projects_disabled) do + condition(:create_projects_disabled, scope: :subject) do @subject.project_creation_level == ::Gitlab::Access::NO_ONE_PROJECT_ACCESS end - condition(:developer_maintainer_access) do + condition(:developer_maintainer_access, scope: :subject) do @subject.project_creation_level == ::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS end - condition(:maintainer_can_create_group) do + condition(:maintainer_can_create_group, scope: :subject) do @subject.subgroup_creation_level == ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS end @@ -51,7 +51,7 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy group_projects_for(user: @user, group: @subject, only_owned: false).any? { |p| p.design_management_enabled? } end - condition(:dependency_proxy_available) do + condition(:dependency_proxy_available, scope: :subject) do @subject.dependency_proxy_feature_available? end @@ -59,7 +59,7 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy access_level(for_any_session: true) >= GroupMember::GUEST || valid_dependency_proxy_deploy_token end - condition(:observability_enabled) do + condition(:observability_enabled, scope: :subject) do Feature.enabled?(:observability_group_tab, @subject) end @@ -80,10 +80,11 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy with_scope :subject condition(:has_project_with_service_desk_enabled) { @subject.has_project_with_service_desk_enabled? } + with_scope :subject condition(:crm_enabled, score: 0, scope: :subject) { @subject.crm_enabled? } - condition(:group_runner_registration_allowed) do - Feature.disabled?(:runner_registration_control) || Gitlab::CurrentSettings.valid_runner_registrars.include?('group') + condition(:group_runner_registration_allowed, scope: :global) do + Gitlab::CurrentSettings.valid_runner_registrars.include?('group') end rule { can?(:read_group) & design_management_enabled }.policy do @@ -149,6 +150,8 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy enable :admin_crm_organization enable :admin_crm_contact enable :read_cluster + + enable :read_group_all_available_runners end rule { reporter }.policy do @@ -204,6 +207,9 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy enable :destroy_deploy_token enable :update_runners_registration_token enable :owner_access + + enable :read_billing + enable :edit_billing end rule { can?(:read_nested_project_resources) }.policy do |