diff options
| author | Timothy Andrew <mail@timothyandrew.net> | 2017-02-06 00:24:19 +0530 |
|---|---|---|
| committer | Timothy Andrew <mail@timothyandrew.net> | 2017-02-06 01:17:33 +0530 |
| commit | 2e0e2b22d65efddf21c03d8c0785281724675ece (patch) | |
| tree | bbce365affa9e5f0abf8577f67ddf5007a763a24 /app/policies | |
| parent | 4d11903dcf818342c4bde1af198eac7a45460318 (diff) | |
| download | gitlab-ce-2e0e2b22d65efddf21c03d8c0785281724675ece.tar.gz | |
Backport changes from gitlab-org/gitlab-ee!998
Some changes in EE for the auditor user feature need
to be backported to CE to avoid merge conflicts. This
commit encapsulates all these backports.
Diffstat (limited to 'app/policies')
| -rw-r--r-- | app/policies/project_policy.rb | 47 | ||||
| -rw-r--r-- | app/policies/project_snippet_policy.rb | 2 |
2 files changed, 29 insertions, 20 deletions
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index 71ef8901932..be1c4d868ed 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -214,25 +214,7 @@ class ProjectPolicy < BasePolicy def anonymous_rules return unless project.public? - can! :read_project - can! :read_board - can! :read_list - can! :read_wiki - can! :read_label - can! :read_milestone - can! :read_project_snippet - can! :read_project_member - can! :read_merge_request - can! :read_note - can! :read_pipeline - can! :read_commit_status - can! :read_container_image - can! :download_code - can! :download_wiki_code - can! :read_cycle_analytics - - # NOTE: may be overridden by IssuePolicy - can! :read_issue + base_readonly_access! # Allow to read builds by anonymous user if guests are allowed can! :read_build if project.public_builds? @@ -265,4 +247,31 @@ class ProjectPolicy < BasePolicy :"admin_#{name}" ] end + + private + + # A base set of abilities for read-only users, which + # is then augmented as necessary for anonymous and other + # read-only users. + def base_readonly_access! + can! :read_project + can! :read_board + can! :read_list + can! :read_wiki + can! :read_label + can! :read_milestone + can! :read_project_snippet + can! :read_project_member + can! :read_merge_request + can! :read_note + can! :read_pipeline + can! :read_commit_status + can! :read_container_image + can! :download_code + can! :download_wiki_code + can! :read_cycle_analytics + + # NOTE: may be overridden by IssuePolicy + can! :read_issue + end end diff --git a/app/policies/project_snippet_policy.rb b/app/policies/project_snippet_policy.rb index 57acccfafd9..3a96836917e 100644 --- a/app/policies/project_snippet_policy.rb +++ b/app/policies/project_snippet_policy.rb @@ -3,7 +3,7 @@ class ProjectSnippetPolicy < BasePolicy can! :read_project_snippet if @subject.public? return unless @user - if @user && @subject.author == @user || @user.admin? + if @user && (@subject.author == @user || @user.admin?) can! :read_project_snippet can! :update_project_snippet can! :admin_project_snippet |