diff options
author | Douwe Maan <douwe@gitlab.com> | 2017-07-04 15:00:01 +0000 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2017-07-04 15:00:01 +0000 |
commit | 5e2f7f25eb6ed1118cb541e43026915a7c4cdfef (patch) | |
tree | fbb893941818f2c9f0f1ce89dd5daf9d67ed00aa /app/policies/user_policy.rb | |
parent | afbc7520c296196d0f3f95d4a24a9e42c0e41f3c (diff) | |
parent | 016b9f2565f85b9c77a5a779b64483ca1d4e1776 (diff) | |
download | gitlab-ce-5e2f7f25eb6ed1118cb541e43026915a7c4cdfef.tar.gz |
Merge branch 'master' into '33580-fix-api-scoping'
# Conflicts:
# lib/api/users.rb
Diffstat (limited to 'app/policies/user_policy.rb')
-rw-r--r-- | app/policies/user_policy.rb | 22 |
1 files changed, 8 insertions, 14 deletions
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb index 229846e368c..0905ddd9b38 100644 --- a/app/policies/user_policy.rb +++ b/app/policies/user_policy.rb @@ -1,19 +1,13 @@ class UserPolicy < BasePolicy - include Gitlab::CurrentSettings + desc "The current user is the user in question" + condition(:user_is_self, score: 0) { @subject == @user } - def rules - can! :read_user if @user || !restricted_public_level? + desc "This is the ghost user" + condition(:subject_ghost, scope: :subject, score: 0) { @subject.ghost? } - if @user - if @user.admin? || @subject == @user - can! :destroy_user - end + rule { ~restricted_public_level }.enable :read_user + rule { ~anonymous }.enable :read_user - cannot! :destroy_user if @subject.ghost? - end - end - - def restricted_public_level? - current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC) - end + rule { user_is_self | admin }.enable :destroy_user + rule { subject_ghost }.prevent :destroy_user end |