summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authordrew cimino <dcimino@gitlab.com>2019-04-11 16:21:18 +0100
committerdrew cimino <dcimino@gitlab.com>2019-06-04 20:25:26 -0500
commit42d6d3187fb7305daead326bfdf56a09c249f829 (patch)
tree5522fd8f7894f2913d27b691f1662e85b38aaa7f /app
parentebc18b45c7e72b28c1981446c95433611903868d (diff)
downloadgitlab-ce-42d6d3187fb7305daead326bfdf56a09c249f829.tar.gz
preventing blocked users and their PipelineSchdules from creating new Pipelines
updated several specs and factories to accomodate new permissions
Diffstat (limited to 'app')
-rw-r--r--app/policies/base_policy.rb4
-rw-r--r--app/policies/global_policy.rb4
-rw-r--r--app/policies/project_policy.rb4
3 files changed, 8 insertions, 4 deletions
diff --git a/app/policies/base_policy.rb b/app/policies/base_policy.rb
index 5dd2279ef99..82bf9bf8bf6 100644
--- a/app/policies/base_policy.rb
+++ b/app/policies/base_policy.rb
@@ -7,6 +7,10 @@ class BasePolicy < DeclarativePolicy::Base
with_options scope: :user, score: 0
condition(:admin) { @user&.admin? }
+ desc "User is blocked"
+ with_options scope: :user, score: 0
+ condition(:blocked) { @user&.blocked? }
+
desc "User has access to all private groups & projects"
with_options scope: :user, score: 0
condition(:full_private_access) { @user&.full_private_access? }
diff --git a/app/policies/global_policy.rb b/app/policies/global_policy.rb
index e85397422e6..134de1c9ace 100644
--- a/app/policies/global_policy.rb
+++ b/app/policies/global_policy.rb
@@ -1,10 +1,6 @@
# frozen_string_literal: true
class GlobalPolicy < BasePolicy
- desc "User is blocked"
- with_options scope: :user, score: 0
- condition(:blocked) { @user&.blocked? }
-
desc "User is an internal user"
with_options scope: :user, score: 0
condition(:internal) { @user&.internal? }
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index 3218c04b219..35b9bf2d6a3 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -445,6 +445,10 @@ class ProjectPolicy < BasePolicy
prevent :owner_access
end
+ rule { blocked }.policy do
+ prevent :create_pipeline
+ end
+
private
def team_member?