diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-11-06 18:06:29 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-11-06 18:06:29 +0000 |
| commit | bcdcff749598f4275f7c250c07cbfe632cfe7fdb (patch) | |
| tree | fa3f6e54632837f21319794dbd9136e3de3a76ba /app/policies | |
| parent | 5277f8e69e935eabd3bf8c5e7833471b5bfad1d9 (diff) | |
| download | gitlab-ce-bcdcff749598f4275f7c250c07cbfe632cfe7fdb.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/policies')
| -rw-r--r-- | app/policies/base_policy.rb | 8 | ||||
| -rw-r--r-- | app/policies/personal_snippet_policy.rb | 2 | ||||
| -rw-r--r-- | app/policies/project_snippet_policy.rb | 2 |
3 files changed, 5 insertions, 7 deletions
diff --git a/app/policies/base_policy.rb b/app/policies/base_policy.rb index 18c23cbd13a..8f5c6957a20 100644 --- a/app/policies/base_policy.rb +++ b/app/policies/base_policy.rb @@ -21,10 +21,6 @@ class BasePolicy < DeclarativePolicy::Base with_options scope: :user, score: 0 condition(:deactivated) { @user&.deactivated? } - desc "User has access to all private groups & projects" - with_options scope: :user, score: 0 - condition(:full_private_access) { @user&.full_private_access? } - with_options scope: :user, score: 0 condition(:external_user) { @user.nil? || @user.external? } @@ -40,10 +36,12 @@ class BasePolicy < DeclarativePolicy::Base ::Gitlab::ExternalAuthorization.perform_check? end - rule { external_authorization_enabled & ~full_private_access }.policy do + rule { external_authorization_enabled & ~can?(:read_all_resources) }.policy do prevent :read_cross_project end + rule { admin }.enable :read_all_resources + rule { default }.enable :read_cross_project end diff --git a/app/policies/personal_snippet_policy.rb b/app/policies/personal_snippet_policy.rb index 40dd49b4afd..67c66e42d79 100644 --- a/app/policies/personal_snippet_policy.rb +++ b/app/policies/personal_snippet_policy.rb @@ -30,5 +30,5 @@ class PersonalSnippetPolicy < BasePolicy rule { can?(:create_note) }.enable :award_emoji - rule { full_private_access }.enable :read_personal_snippet + rule { can?(:read_all_resources) }.enable :read_personal_snippet end diff --git a/app/policies/project_snippet_policy.rb b/app/policies/project_snippet_policy.rb index 2a3e4ca174b..d9d09eb04cd 100644 --- a/app/policies/project_snippet_policy.rb +++ b/app/policies/project_snippet_policy.rb @@ -28,7 +28,7 @@ class ProjectSnippetPolicy < BasePolicy all?(private_snippet | (internal_snippet & external_user), ~project.guest, ~is_author, - ~full_private_access) + ~can?(:read_all_resources)) end.prevent :read_project_snippet rule { internal_snippet & ~is_author & ~admin }.policy do |