port issues to Issu{able,e}Policy

author: http://jneen.net/ <jneen@jneen.net> 2016-08-16 11:10:34 -0700
committer: http://jneen.net/ <jneen@jneen.net> 2016-08-30 11:39:22 -0700
commit: 4d904bf3521b4600db228c48214f3892e86ac72a (patch)
tree: 098b9c292e5b8ff1b1296a4a5aed20127124ec8f /app/policies
parent: 1ca9b3354a350b83d1e025b3d46280bc5bb60f2b (diff)
download: gitlab-ce-4d904bf3521b4600db228c48214f3892e86ac72a.tar.gz
4 files changed, 54 insertions, 2 deletions
diff --git a/app/policies/base_policy.rb b/app/policies/base_policy.rb
index 10ce38329c4..fd5d05a1bd1 100644
--- a/app/policies/base_policy.rb
+++ b/app/policies/base_policy.rb
@@ -3,6 +3,10 @@ class BasePolicy
     new(user, subject).abilities
   end
 
+  def self.class_for(subject)
+    "#{subject.class.name}Policy".constantize
+  end
+
   attr_reader :user, :subject
   def initialize(user, subject)
     @user = user
@@ -18,8 +22,12 @@ class BasePolicy
     collect_rules { anonymous_rules }
   end
 
-  def generate!
-    raise 'abstract'
+  def anonymous_rules
+    rules
+  end
+
+  def delegate!(new_subject)
+    @can.merge(BasePolicy.class_for(new_subject).abilities(@user, new_subject))
   end
 
   def can!(*rules)
diff --git a/app/policies/issuable_policy.rb b/app/policies/issuable_policy.rb
new file mode 100644
index 00000000000..c253f9a9399
--- /dev/null
+++ b/app/policies/issuable_policy.rb
@@ -0,0 +1,14 @@
+class IssuablePolicy < BasePolicy
+  def action_name
+    @subject.class.name.underscore
+  end
+
+  def rules
+    if @user && (@subject.author == @user || @subject.assignee == @user)
+      can! :"read_#{action_name}"
+      can! :"update_#{action_name}"
+    end
+
+    delegate! @subject.project
+  end
+end
diff --git a/app/policies/issue_policy.rb b/app/policies/issue_policy.rb
new file mode 100644
index 00000000000..08538861364
--- /dev/null
+++ b/app/policies/issue_policy.rb
@@ -0,0 +1,27 @@
+class IssuePolicy < IssuablePolicy
+  def issue
+    @subject
+  end
+
+  def rules
+    super
+
+    if @subject.confidential? && !can_read_confidential?
+      cannot! :read_issue
+      cannot! :admin_issue
+      cannot! :update_issue
+      cannot! :read_issue
+    end
+  end
+
+  private
+
+  def can_read_confidential?
+    return false unless @user
+    return true if @user.admin?
+    return true if @subject.author == @user
+    return true if @subject.assignee == @user
+    return true if @subject.project.team.member?(@user, Gitlab::Access::REPORTER)
+    false
+  end
+end
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index 95e8b71c102..4380b00d962 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -203,6 +203,9 @@ class ProjectPolicy < BasePolicy
     can! :read_container_image
     can! :download_code
 
+    # NB: may be overridden by IssuePolicy
+    can! :read_issue
+
     # Allow to read builds by anonymous user if guests are allowed
     can! :read_build if project.public_builds?
author	http://jneen.net/ <jneen@jneen.net>	2016-08-16 11:10:34 -0700
committer	http://jneen.net/ <jneen@jneen.net>	2016-08-30 11:39:22 -0700
commit	4d904bf3521b4600db228c48214f3892e86ac72a (patch)
tree	098b9c292e5b8ff1b1296a4a5aed20127124ec8f /app/policies
parent	1ca9b3354a350b83d1e025b3d46280bc5bb60f2b (diff)
download	gitlab-ce-4d904bf3521b4600db228c48214f3892e86ac72a.tar.gz