diff options
author | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-02-26 13:32:42 +0100 |
---|---|---|
committer | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-03-07 15:12:31 +0100 |
commit | b2ef83856de8c175d384688d09023d16dcfef0c6 (patch) | |
tree | 01802b6678de41951dbd035a25219e77d6b48cf7 /app/policies | |
parent | 792ab0631c85098fbf92e727b77158fb9dae5219 (diff) | |
download | gitlab-ce-b2ef83856de8c175d384688d09023d16dcfef0c6.tar.gz |
Allow abilities on forks while MR is open
When an MR is created using `allow_maintainer_to_push`, we enable some
abilities while the MR is open.
This should allow every user with developer abilities on the target
project, to push to the source project.
Diffstat (limited to 'app/policies')
-rw-r--r-- | app/policies/project_policy.rb | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index 3b0550b4dd6..ce94a25a20b 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -61,6 +61,11 @@ class ProjectPolicy < BasePolicy desc "Project has request access enabled" condition(:request_access_enabled, scope: :subject) { project.request_access_enabled } + desc "The project has merge requests open that allow external users to push" + condition(:merge_request_allows_push, scope: :subject) do + project.branches_allowing_maintainer_access_to_user(@user).any? + end + features = %w[ merge_requests issues @@ -240,6 +245,7 @@ class ProjectPolicy < BasePolicy rule { repository_disabled }.policy do prevent :push_code + prevent :push_single_branch prevent :download_code prevent :fork_project prevent :read_commit_status @@ -291,6 +297,16 @@ class ProjectPolicy < BasePolicy prevent :read_issue end + # These rules are included to allow maintainers of projects to push to certain + # branches of forks. + rule { can?(:public_access) & merge_request_allows_push }.policy do + enable :push_single_branch + enable :create_build + enable :update_build + enable :create_pipeline + enable :update_pipeline + end + private def team_member? |