diff options
author | Sean McGivern <sean@gitlab.com> | 2018-08-22 13:10:54 +0100 |
---|---|---|
committer | Sean McGivern <sean@gitlab.com> | 2018-08-22 14:17:29 +0100 |
commit | aff7dccc1f13e86b44dfa1530c6b5068dbb18f00 (patch) | |
tree | 0193754c17b7023499ad4d1cd438cb287547793d /app/policies | |
parent | b63ed7cff664bc1ee0bf70912fffd4814f757079 (diff) | |
download | gitlab-ce-aff7dccc1f13e86b44dfa1530c6b5068dbb18f00.tar.gz |
Use policies to determine if attributes can be set in the API
This is more idiomatic than checking membership explicitly.
Diffstat (limited to 'app/policies')
-rw-r--r-- | app/policies/group_policy.rb | 2 | ||||
-rw-r--r-- | app/policies/project_policy.rb | 4 |
2 files changed, 6 insertions, 0 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index a8d7a05f509..bb800929ea9 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -72,6 +72,8 @@ class GroupPolicy < BasePolicy enable :admin_namespace enable :admin_group_member enable :change_visibility_level + + enable :set_note_created_at end rule { can?(:read_nested_project_resources) }.policy do diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index 00c58f15013..fd6cc504a3b 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -143,6 +143,10 @@ class ProjectPolicy < BasePolicy enable :destroy_merge_request enable :destroy_issue enable :remove_pages + + enable :set_issue_iid + enable :set_issue_created_at + enable :set_note_created_at end rule { can?(:guest_access) }.policy do |