diff options
author | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-05-08 15:07:55 +0200 |
---|---|---|
committer | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-05-10 17:02:27 +0200 |
commit | f7f13f9db0da92c7b43481dfe5559f317711e533 (patch) | |
tree | 59359aecb555f844de1a81a0aebbd70336fbb8c1 /app/policies | |
parent | f667bbceaba7556d5fb2adadce4b7d170b914e8a (diff) | |
download | gitlab-ce-f7f13f9db0da92c7b43481dfe5559f317711e533.tar.gz |
Block access to API & git when terms are enforced
When terms are enforced, but the user has not accepted the terms
access to the API & git is rejected with a message directing the user
to the web app to accept the terms.
Diffstat (limited to 'app/policies')
-rw-r--r-- | app/policies/global_policy.rb | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/app/policies/global_policy.rb b/app/policies/global_policy.rb index 64e550d19d0..e2736d3bb61 100644 --- a/app/policies/global_policy.rb +++ b/app/policies/global_policy.rb @@ -13,6 +13,10 @@ class GlobalPolicy < BasePolicy condition(:can_create_fork, scope: :user) { @user.manageable_namespaces.any? { |namespace| @user.can?(:create_projects, namespace) } } + condition(:required_terms_not_accepted, scope: :user, score: 0) do + @user&.required_terms_not_accepted? + end + rule { anonymous }.policy do prevent :log_in prevent :access_api @@ -38,6 +42,11 @@ class GlobalPolicy < BasePolicy prevent :use_quick_actions end + rule { required_terms_not_accepted }.policy do + prevent :access_api + prevent :access_git + end + rule { can_create_group }.policy do enable :create_group end |