diff options
author | Lin Jen-Shin <godfat@godfat.org> | 2017-07-05 15:23:33 +0800 |
---|---|---|
committer | Lin Jen-Shin <godfat@godfat.org> | 2017-07-05 15:23:33 +0800 |
commit | d89277c3579b245a6d7c220d8007ae35a990b1da (patch) | |
tree | e40124eaee4fab002b16ea809d026dd5205db0cf /app/policies | |
parent | 2afa90b64a01eaefafacabb1f048835858ece15c (diff) | |
parent | 5af1fcd6f329858d757bab0d67cb50af6c820160 (diff) | |
download | gitlab-ce-d89277c3579b245a6d7c220d8007ae35a990b1da.tar.gz |
Merge remote-tracking branch 'upstream/master' into 30634-protected-pipeline
* upstream/master: (67 commits)
Revert "Merge branch 'revert-12499' into 'master'"
Prevent accidental deletion of protected MR source branch by repeating checks before actual deletion
Document that GitLab 9.3 requires the TRIGGER permission on MySQL
Instrument Unicorn with Ruby exporter
Remove group modal like remove project modal. Closes #33130
Update prometheus client gem
Enables the option in user preferences to turn on the new navigation
Simplify authentication logic in the v4 users API for !12445.
wait_for_requests is not needed when AJAX is not in play
Don't resolve fork relationships for projects pending delete
Clean up the ForkedProjectLink specs
Remove unnecessary clear_stubs calls
Add test for GitalyClient::Ref#find_ref_name
DeleteMergedBranchesService should not delete protected branches
Optimize creation of commit API by using Repository#commit instead of Repository#commits
Update CHANGELOG.md for 9.3.4
Make autosize fields more performant and remove broken autosize handle
Update GITLAB_SHELL_VERSION to 5.1.1
Fixed the y_label not setting correctly for each graph on the monitoring dashboard
Refactor and copyedit "Using Docker images" docs
...
Diffstat (limited to 'app/policies')
-rw-r--r-- | app/policies/base_policy.rb | 7 | ||||
-rw-r--r-- | app/policies/global_policy.rb | 14 | ||||
-rw-r--r-- | app/policies/user_policy.rb | 7 |
3 files changed, 19 insertions, 9 deletions
diff --git a/app/policies/base_policy.rb b/app/policies/base_policy.rb index 191c2e78a08..a605a3457c8 100644 --- a/app/policies/base_policy.rb +++ b/app/policies/base_policy.rb @@ -1,6 +1,8 @@ require_dependency 'declarative_policy' class BasePolicy < DeclarativePolicy::Base + include Gitlab::CurrentSettings + desc "User is an instance admin" with_options scope: :user, score: 0 condition(:admin) { @user&.admin? } @@ -10,4 +12,9 @@ class BasePolicy < DeclarativePolicy::Base with_options scope: :user, score: 0 condition(:can_create_group) { @user&.can_create_group } + + desc "The application is restricted from public visibility" + condition(:restricted_public_level, scope: :global) do + current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC) + end end diff --git a/app/policies/global_policy.rb b/app/policies/global_policy.rb index 535faa922dd..55eefa76d3f 100644 --- a/app/policies/global_policy.rb +++ b/app/policies/global_policy.rb @@ -11,10 +11,16 @@ class GlobalPolicy < BasePolicy with_options scope: :user, score: 0 condition(:access_locked) { @user.access_locked? } - rule { anonymous }.prevent_all + rule { anonymous }.policy do + prevent :log_in + prevent :access_api + prevent :access_git + prevent :receive_notifications + prevent :use_quick_actions + prevent :create_group + end rule { default }.policy do - enable :read_users_list enable :log_in enable :access_api enable :access_git @@ -37,4 +43,8 @@ class GlobalPolicy < BasePolicy rule { access_locked }.policy do prevent :log_in end + + rule { ~restricted_public_level }.policy do + enable :read_users_list + end end diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb index 0181ddf85e0..0905ddd9b38 100644 --- a/app/policies/user_policy.rb +++ b/app/policies/user_policy.rb @@ -1,11 +1,4 @@ class UserPolicy < BasePolicy - include Gitlab::CurrentSettings - - desc "The application is restricted from public visibility" - condition(:restricted_public_level, scope: :global) do - current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC) - end - desc "The current user is the user in question" condition(:user_is_self, score: 0) { @subject == @user } |