diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-01 07:27:36 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-01 07:27:36 +0000 |
commit | de222caa576cab3d0894c65531f5822f205877d5 (patch) | |
tree | e66805f398cfb22196e0181bef90066a0fe1b674 /app | |
parent | 8a186dedfc1da12270ea77f2673b59fa08f770c1 (diff) | |
download | gitlab-ce-de222caa576cab3d0894c65531f5822f205877d5.tar.gz |
Add latest changes from gitlab-org/security/gitlab@15-0-stable-ee
Diffstat (limited to 'app')
-rw-r--r-- | app/policies/ci/build_policy.rb | 2 | ||||
-rw-r--r-- | app/policies/project_policy.rb | 4 | ||||
-rw-r--r-- | app/services/members/import_project_team_service.rb | 2 |
3 files changed, 6 insertions, 2 deletions
diff --git a/app/policies/ci/build_policy.rb b/app/policies/ci/build_policy.rb index 6162a31c118..f377ff85b5e 100644 --- a/app/policies/ci/build_policy.rb +++ b/app/policies/ci/build_policy.rb @@ -84,7 +84,7 @@ module Ci enable :update_commit_status end - rule { can?(:update_build) & terminal }.enable :create_build_terminal + rule { can?(:update_build) & terminal & owner_of_job }.enable :create_build_terminal rule { can?(:update_build) }.enable :play_job diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index 60519dc346b..7c439fe8b29 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -748,6 +748,10 @@ class ProjectPolicy < BasePolicy prevent :register_project_runners end + rule { can?(:admin_project_member) }.policy do + enable :import_project_members_from_another_project + end + private def user_is_user? diff --git a/app/services/members/import_project_team_service.rb b/app/services/members/import_project_team_service.rb index 5f4d5414cfa..6efd65e2575 100644 --- a/app/services/members/import_project_team_service.rb +++ b/app/services/members/import_project_team_service.rb @@ -29,7 +29,7 @@ module Members def import_project_team return false unless target_project.present? && source_project.present? && current_user.present? return false unless can?(current_user, :read_project_member, source_project) - return false unless can?(current_user, :admin_project_member, target_project) + return false unless can?(current_user, :import_project_members_from_another_project, target_project) target_project.team.import(source_project, current_user) end |