diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-03-31 00:00:32 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-03-31 00:00:32 +0000 |
commit | 1153e17b2d34c50834251038269ac11f18219bdf (patch) | |
tree | 20b80086422da0d03cb3a1af0300858570c35e7e /app/policies | |
parent | d111c2d301f43d0b6de98f47da39d2b107ce17a1 (diff) | |
download | gitlab-ce-1153e17b2d34c50834251038269ac11f18219bdf.tar.gz |
Add latest changes from gitlab-org/security/gitlab@14-9-stable-ee
Diffstat (limited to 'app/policies')
-rw-r--r-- | app/policies/project_policy.rb | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index 09085bef9f0..2ffafb79134 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -240,7 +240,6 @@ class ProjectPolicy < BasePolicy rule { can?(:guest_access) }.policy do enable :read_project - enable :create_merge_request_in enable :read_issue_board enable :read_issue_board_list enable :read_wiki @@ -497,7 +496,7 @@ class ProjectPolicy < BasePolicy prevent(*create_read_update_admin_destroy(:issue_board_list)) end - rule { merge_requests_disabled | repository_disabled }.policy do + rule { merge_requests_disabled | repository_disabled | ~can?(:download_code) }.policy do prevent :create_merge_request_in prevent :create_merge_request_from prevent(*create_read_update_admin_destroy(:merge_request)) @@ -600,13 +599,14 @@ class ProjectPolicy < BasePolicy enable :read_cycle_analytics enable :read_pages_content enable :read_analytics - enable :read_ci_cd_analytics enable :read_insights # NOTE: may be overridden by IssuePolicy enable :read_issue end + rule { can?(:public_access) & public_builds }.enable :read_ci_cd_analytics + rule { public_builds }.policy do enable :read_build end @@ -664,6 +664,10 @@ class ProjectPolicy < BasePolicy enable :read_security_configuration end + rule { can?(:guest_access) & can?(:read_commit_status) }.policy do + enable :create_merge_request_in + end + # Design abilities could also be prevented in the issue policy. rule { design_management_disabled }.policy do prevent :read_design |