diff options
| author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2017-05-02 10:40:10 +0200 |
|---|---|---|
| committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2017-05-02 10:40:10 +0200 |
| commit | d276ea93728e7972ed5b8275460929128d98fccd (patch) | |
| tree | d6c8188cea2d25685f02c7043f7521f8b1f3509e /app/policies | |
| parent | c9def85844531ffdd2984707a1bc8cbca18f6742 (diff) | |
| parent | 6068b863c66f785bea0a56881d60e8c23da08a0b (diff) | |
| download | gitlab-ce-d276ea93728e7972ed5b8275460929128d98fccd.tar.gz | |
Merge branch 'master' into feature/gb/manual-actions-protected-branches-permissions
* master: (314 commits)
Better Explore Groups view
Update Carrierwave and fog-core
Add specs for Gitlab::RequestProfiler
Add scripts/static-analysis to run all the static analysers in one go
Shorten and improve some job names
Group static-analysis jobs into a single job
Don't blow up when email has no References header
Update CHANGELOG.md for 9.1.2
Add changelog
Add changelog
Show Raw button as Download for binary files
Use blob viewers for snippets
Fix typo
Fixed transient failure related to dropdown animations
Revert "Merge branch 'tc-no-todo-service-select' into 'master'"
fix link to MR 10416
Another change from .click -> .trigger('click') to make spec pass
Change from .click -> .trigger('click') to make spec pass
Disable AddColumnWithDefaultToLargeTable cop for pre-existing migrations
Add AddColumnWithDefaultToLargeTable cop
...
Conflicts:
spec/requests/api/jobs_spec.rb
Diffstat (limited to 'app/policies')
| -rw-r--r-- | app/policies/project_policy.rb | 44 |
1 files changed, 26 insertions, 18 deletions
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index f8594e29547..5baac9ebe4b 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -2,20 +2,13 @@ class ProjectPolicy < BasePolicy def rules team_access!(user) - owner = project.owner == user || - (project.group && project.group.has_owner?(user)) - - owner_access! if user.admin? || owner - team_member_owner_access! if owner + owner_access! if user.admin? || owner? + team_member_owner_access! if owner? if project.public? || (project.internal? && !user.external?) guest_access! public_access! - - if project.request_access_enabled && - !(owner || user.admin? || project.team.member?(user) || project_group_member?(user)) - can! :request_access - end + can! :request_access if access_requestable? end archived_access! if project.archived? @@ -27,6 +20,13 @@ class ProjectPolicy < BasePolicy @subject end + def owner? + return @owner if defined?(@owner) + + @owner = project.owner == user || + (project.group && project.group.has_owner?(user)) + end + def guest_access! can! :read_project can! :read_board @@ -226,14 +226,6 @@ class ProjectPolicy < BasePolicy disabled_features! end - def project_group_member?(user) - project.group && - ( - project.group.members_with_parents.exists?(user_id: user.id) || - project.group.requesters.exists?(user_id: user.id) - ) - end - def block_issues_abilities unless project.feature_available?(:issues, user) cannot! :read_issue if project.default_issues_tracker? @@ -254,6 +246,22 @@ class ProjectPolicy < BasePolicy private + def project_group_member?(user) + project.group && + ( + project.group.members_with_parents.exists?(user_id: user.id) || + project.group.requesters.exists?(user_id: user.id) + ) + end + + def access_requestable? + project.request_access_enabled && + !owner? && + !user.admin? && + !project.team.member?(user) && + !project_group_member?(user) + end + # A base set of abilities for read-only users, which # is then augmented as necessary for anonymous and other # read-only users. |