diff options
| author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-10-29 15:58:19 +0000 |
|---|---|---|
| committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-10-29 15:58:19 +0000 |
| commit | 077f2c6c432342ce4d011583e86d671b2b326a56 (patch) | |
| tree | c483d253d30858ed467fcf7e17cd2e1d1750881b /app/policies | |
| parent | cd284fef90c6c4980ecfd5e06c6344dbe7ca8b95 (diff) | |
| parent | 39c99361b655998aaca2114da3e9664c2da27f85 (diff) | |
| download | gitlab-ce-077f2c6c432342ce4d011583e86d671b2b326a56.tar.gz | |
Merge branch 'security-developer-transfer-project' into 'master'
Require Maintainer permission on group where project is transferred to
See merge request gitlab/gitlabhq!3420
Diffstat (limited to 'app/policies')
| -rw-r--r-- | app/policies/group_policy.rb | 2 | ||||
| -rw-r--r-- | app/policies/namespace_policy.rb | 2 |
2 files changed, 4 insertions, 0 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index 9e8ee3acf00..13e5b4ae41a 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -131,6 +131,8 @@ class GroupPolicy < BasePolicy rule { owner | admin }.enable :read_statistics + rule { maintainer & can?(:create_projects) }.enable :transfer_projects + def access_level return GroupMember::NO_ACCESS if @user.nil? diff --git a/app/policies/namespace_policy.rb b/app/policies/namespace_policy.rb index fd3bdddded6..350dd208499 100644 --- a/app/policies/namespace_policy.rb +++ b/app/policies/namespace_policy.rb @@ -15,6 +15,8 @@ class NamespacePolicy < BasePolicy end rule { personal_project & ~can_create_personal_project }.prevent :create_projects + + rule { (owner | admin) & can?(:create_projects) }.enable :transfer_projects end NamespacePolicy.prepend_if_ee('EE::NamespacePolicy') |