diff options
author | James Edwards-Jones <jedwardsjones@gitlab.com> | 2018-03-23 18:24:06 +0000 |
---|---|---|
committer | James Edwards-Jones <jedwardsjones@gitlab.com> | 2018-03-26 01:17:27 +0100 |
commit | 1f7328f8ee6a86b1c8e50b7451450e90d78b9424 (patch) | |
tree | f40b736e3e1306df58ff40cd84bead8a0937a8e2 /app/policies | |
parent | 391732a2c1b04baf565c77f2788a1ec035b1d85e (diff) | |
download | gitlab-ce-1f7328f8ee6a86b1c8e50b7451450e90d78b9424.tar.gz |
Branch unprotection restriction starting point
Explored Policy framework to create something I can use as a starting point.
Diffstat (limited to 'app/policies')
-rw-r--r-- | app/policies/protected_branch_policy.rb | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/app/policies/protected_branch_policy.rb b/app/policies/protected_branch_policy.rb new file mode 100644 index 00000000000..8d44cff1b42 --- /dev/null +++ b/app/policies/protected_branch_policy.rb @@ -0,0 +1,15 @@ +class ProtectedBranchPolicy < BasePolicy + delegate { @subject.project } + + condition(:requires_admin_to_unprotect?, scope: :subject) do + @subject.name == 'master' && Gitlab::CurrentSettings.only_admins_can_unprotect_master_branch? + end + + rule { can?(:admin_project) }.policy do + enable :update_protected_branch + end + + rule { requires_admin_to_unprotect? & ~admin }.policy do + prevent :update_protected_branch + end +end |