diff options
author | Rémy Coutable <remy@rymai.me> | 2016-11-02 09:48:22 +0000 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2016-11-04 18:21:55 +0100 |
commit | 3c5901c4113fac52c31f293b268a7179301cffb7 (patch) | |
tree | 17a5ee4a4ba7eb2641ecb9a057192bfe9ca8421d /app | |
parent | 98cca2606a9ce31fb6f8cfe8886dc576a4ec0098 (diff) | |
download | gitlab-ce-3c5901c4113fac52c31f293b268a7179301cffb7.tar.gz |
Merge branch 'allow-owner-to-run-ci-builds' into 'master'
Allow owners to fetch source code in CI builds
Due to different way of handling owners of a project, they were not allowed to fetch CI sources for project.
This adds a separate code path for handling owners, that are not admins.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23437
See merge request !6943
Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat (limited to 'app')
-rw-r--r-- | app/policies/project_policy.rb | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index fbb3d4507d6..1ee31023e26 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -2,11 +2,11 @@ class ProjectPolicy < BasePolicy def rules team_access!(user) - owner = user.admin? || - project.owner == user || + owner = project.owner == user || (project.group && project.group.has_owner?(user)) - owner_access! if owner + owner_access! if user.admin? || owner + team_member_owner_access! if owner if project.public? || (project.internal? && !user.external?) guest_access! @@ -16,7 +16,7 @@ class ProjectPolicy < BasePolicy can! :read_build if project.public_builds? if project.request_access_enabled && - !(owner || project.team.member?(user) || project_group_member?(user)) + !(owner || user.admin? || project.team.member?(user) || project_group_member?(user)) can! :request_access end end @@ -135,6 +135,10 @@ class ProjectPolicy < BasePolicy can! :destroy_issue end + def team_member_owner_access! + team_member_reporter_access! + end + # Push abilities on the users team role def team_access!(user) access = project.team.max_member_access(user.id) |