diff options
| author | Timothy Andrew <mail@timothyandrew.net> | 2017-06-30 13:29:34 +0000 |
|---|---|---|
| committer | Timothy Andrew <mail@timothyandrew.net> | 2017-06-30 13:45:51 +0000 |
| commit | 5dedea358dc3012b4c2a876065c16cf748fbf7ea (patch) | |
| tree | fe98aaca557bb4c1e4bced6f1a8508c63c1587a0 /app/policies/user_policy.rb | |
| parent | 3c88a7869b87693ba8c3fb9814d39437dd569a31 (diff) | |
| parent | 81dba76b9d7d120cd22e3619a4058bd4885be9bc (diff) | |
| download | gitlab-ce-5dedea358dc3012b4c2a876065c16cf748fbf7ea.tar.gz | |
Merge remote-tracking branch 'origin/master' into 34141-allow-unauthenticated-access-to-the-users-api
- Modify policy code to work with the `DeclarativePolicy` refactor
in 37c401433b76170f0150d70865f1f4584db01fa8.
Diffstat (limited to 'app/policies/user_policy.rb')
| -rw-r--r-- | app/policies/user_policy.rb | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb index 265c56aba53..0905ddd9b38 100644 --- a/app/policies/user_policy.rb +++ b/app/policies/user_policy.rb @@ -1,13 +1,13 @@ class UserPolicy < BasePolicy - def rules - can! :read_user if @user || !restricted_public_level? + desc "The current user is the user in question" + condition(:user_is_self, score: 0) { @subject == @user } - if @user - if @user.admin? || @subject == @user - can! :destroy_user - end + desc "This is the ghost user" + condition(:subject_ghost, scope: :subject, score: 0) { @subject.ghost? } - cannot! :destroy_user if @subject.ghost? - end - end + rule { ~restricted_public_level }.enable :read_user + rule { ~anonymous }.enable :read_user + + rule { user_is_self | admin }.enable :destroy_user + rule { subject_ghost }.prevent :destroy_user end |