diff options
author | Andreas Brandl <abrandl@gitlab.com> | 2019-04-05 13:02:56 +0000 |
---|---|---|
committer | Andreas Brandl <abrandl@gitlab.com> | 2019-04-05 13:02:56 +0000 |
commit | 46b1b9c1d61c269588bd3cd4203420608ddd7f0b (patch) | |
tree | a877f5366d3367e1264e96f3f5e8a4b23bdbd62a /app/policies/project_policy.rb | |
parent | 7a48a06cf3b454021aa466464686fee8c82d6862 (diff) | |
download | gitlab-ce-46b1b9c1d61c269588bd3cd4203420608ddd7f0b.tar.gz |
Revert "Merge branch 'if-57131-external_auth_to_ce' into 'master'"
This reverts merge request !26823
Diffstat (limited to 'app/policies/project_policy.rb')
-rw-r--r-- | app/policies/project_policy.rb | 28 |
1 files changed, 0 insertions, 28 deletions
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index ba38af9c529..26d7d6e84c4 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -89,15 +89,6 @@ class ProjectPolicy < BasePolicy ::Gitlab::CurrentSettings.current_application_settings.mirror_available end - with_scope :subject - condition(:classification_label_authorized, score: 32) do - ::Gitlab::ExternalAuthorization.access_allowed?( - @user, - @subject.external_authorization_classification_label, - @subject.full_path - ) - end - # We aren't checking `:read_issue` or `:read_merge_request` in this case # because it could be possible for a user to see an issuable-iid # (`:read_issue_iid` or `:read_merge_request_iid`) but then wouldn't be @@ -426,25 +417,6 @@ class ProjectPolicy < BasePolicy rule { ~can_have_multiple_clusters & has_clusters }.prevent :add_cluster - rule { ~can?(:read_cross_project) & ~classification_label_authorized }.policy do - # Preventing access here still allows the projects to be listed. Listing - # projects doesn't check the `:read_project` ability. But instead counts - # on the `project_authorizations` table. - # - # All other actions should explicitly check read project, which would - # trigger the `classification_label_authorized` condition. - # - # `:read_project_for_iids` is not prevented by this condition, as it is - # used for cross-project reference checks. - prevent :guest_access - prevent :public_access - prevent :public_user_access - prevent :reporter_access - prevent :developer_access - prevent :maintainer_access - prevent :owner_access - end - private def team_member? |