diff options
| author | Michael Kozono <mkozono@gmail.com> | 2017-09-05 10:38:24 -0700 |
|---|---|---|
| committer | Michael Kozono <mkozono@gmail.com> | 2017-09-06 12:07:20 -0700 |
| commit | c7e17abd269e31a59c41687459eea6382475ab95 (patch) | |
| tree | 3c3f390db48c9ae1f75da0cd8d838eadea7c69b9 /app/policies | |
| parent | e0fb7766bcbf140d1cc8165b4fae90fa8df841e6 (diff) | |
| download | gitlab-ce-c7e17abd269e31a59c41687459eea6382475ab95.tar.gz | |
Fix “Share lock” policy for deeply nested groups
Diffstat (limited to 'app/policies')
| -rw-r--r-- | app/policies/group_policy.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index dab27bbf6da..45416bb7149 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -16,7 +16,7 @@ class GroupPolicy < BasePolicy condition(:nested_groups_supported, scope: :global) { Group.supports_nested_groups? } condition(:parent_share_locked) { @subject.has_parent? && @subject.parent.share_with_group_lock? } - condition(:parent_owner) { @subject.has_parent? && @subject.parent.has_owner?(@user) } + condition(:can_change_parent_share_with_group_lock) { @subject.has_parent? && can?(:change_share_with_group_lock, @subject.parent) } condition(:has_projects) do GroupProjectsFinder.new(group: @subject, current_user: @user).execute.any? @@ -57,7 +57,7 @@ class GroupPolicy < BasePolicy rule { ~can?(:view_globally) }.prevent :request_access rule { has_access }.prevent :request_access - rule { owner & (~parent_share_locked | parent_owner) }.enable :change_share_with_group_lock + rule { owner & (~parent_share_locked | can_change_parent_share_with_group_lock) }.enable :change_share_with_group_lock def access_level return GroupMember::NO_ACCESS if @user.nil? |