summaryrefslogtreecommitdiff
path: root/app/policies
diff options
context:
space:
mode:
authorKamil Trzcinski <ayufan@ayufan.eu>2016-08-08 12:01:25 +0200
committerKamil Trzcinski <ayufan@ayufan.eu>2016-09-13 13:30:26 +0200
commit505dc808b3c0dc98413506446d368b91b56ff682 (patch)
tree1f6d5c7fe805bf5ff11a4f5696d73e11d71ca3a6 /app/policies
parent45afdbef0de58f6de207b057e47151611d2ad7e6 (diff)
downloadgitlab-ce-505dc808b3c0dc98413506446d368b91b56ff682.tar.gz
Use a permissions of user to access all dependent projects from CI jobs (this also includes a container images, and in future LFS files)
Diffstat (limited to 'app/policies')
-rw-r--r--app/policies/project_policy.rb15
1 files changed, 11 insertions, 4 deletions
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index acf36d422d1..cda83bcc74a 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -64,6 +64,12 @@ class ProjectPolicy < BasePolicy
can! :read_deployment
end
+ # Permissions given when an user is direct member of a group
+ def restricted_reporter_access!
+ can! :restricted_download_code
+ can! :restricted_read_container_image
+ end
+
def developer_access!
can! :admin_merge_request
can! :update_merge_request
@@ -130,10 +136,11 @@ class ProjectPolicy < BasePolicy
def team_access!(user)
access = project.team.max_member_access(user.id)
- guest_access! if access >= Gitlab::Access::GUEST
- reporter_access! if access >= Gitlab::Access::REPORTER
- developer_access! if access >= Gitlab::Access::DEVELOPER
- master_access! if access >= Gitlab::Access::MASTER
+ guest_access! if access >= Gitlab::Access::GUEST
+ reporter_access! if access >= Gitlab::Access::REPORTER
+ restricted_reporter_access! if access >= Gitlab::Access::REPORTER
+ developer_access! if access >= Gitlab::Access::DEVELOPER
+ master_access! if access >= Gitlab::Access::MASTER
end
def archived_access!