diff options
author | http://jneen.net/ <jneen@jneen.net> | 2017-04-06 14:06:42 -0700 |
---|---|---|
committer | http://jneen.net/ <jneen@jneen.net> | 2017-06-27 12:44:37 -0700 |
commit | 37c401433b76170f0150d70865f1f4584db01fa8 (patch) | |
tree | 2da7a4c072b863e0cb927993d8d39e7029d720e4 /app/policies/user_policy.rb | |
parent | e5aad75a2673b2e4465d311cbd27970d5c81d5f7 (diff) | |
download | gitlab-ce-37c401433b76170f0150d70865f1f4584db01fa8.tar.gz |
convert all the policies to DeclarativePolicy
Diffstat (limited to 'app/policies/user_policy.rb')
-rw-r--r-- | app/policies/user_policy.rb | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb index 229846e368c..0181ddf85e0 100644 --- a/app/policies/user_policy.rb +++ b/app/policies/user_policy.rb @@ -1,19 +1,20 @@ class UserPolicy < BasePolicy include Gitlab::CurrentSettings - def rules - can! :read_user if @user || !restricted_public_level? + desc "The application is restricted from public visibility" + condition(:restricted_public_level, scope: :global) do + current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC) + end - if @user - if @user.admin? || @subject == @user - can! :destroy_user - end + desc "The current user is the user in question" + condition(:user_is_self, score: 0) { @subject == @user } - cannot! :destroy_user if @subject.ghost? - end - end + desc "This is the ghost user" + condition(:subject_ghost, scope: :subject, score: 0) { @subject.ghost? } - def restricted_public_level? - current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC) - end + rule { ~restricted_public_level }.enable :read_user + rule { ~anonymous }.enable :read_user + + rule { user_is_self | admin }.enable :destroy_user + rule { subject_ghost }.prevent :destroy_user end |