diff options
author | drew cimino <dcimino@gitlab.com> | 2019-04-11 16:21:18 +0100 |
---|---|---|
committer | drew cimino <dcimino@gitlab.com> | 2019-06-04 20:25:26 -0500 |
commit | 42d6d3187fb7305daead326bfdf56a09c249f829 (patch) | |
tree | 5522fd8f7894f2913d27b691f1662e85b38aaa7f /app | |
parent | ebc18b45c7e72b28c1981446c95433611903868d (diff) | |
download | gitlab-ce-42d6d3187fb7305daead326bfdf56a09c249f829.tar.gz |
preventing blocked users and their PipelineSchdules from creating new Pipelines
updated several specs and factories to accomodate new permissions
Diffstat (limited to 'app')
-rw-r--r-- | app/policies/base_policy.rb | 4 | ||||
-rw-r--r-- | app/policies/global_policy.rb | 4 | ||||
-rw-r--r-- | app/policies/project_policy.rb | 4 |
3 files changed, 8 insertions, 4 deletions
diff --git a/app/policies/base_policy.rb b/app/policies/base_policy.rb index 5dd2279ef99..82bf9bf8bf6 100644 --- a/app/policies/base_policy.rb +++ b/app/policies/base_policy.rb @@ -7,6 +7,10 @@ class BasePolicy < DeclarativePolicy::Base with_options scope: :user, score: 0 condition(:admin) { @user&.admin? } + desc "User is blocked" + with_options scope: :user, score: 0 + condition(:blocked) { @user&.blocked? } + desc "User has access to all private groups & projects" with_options scope: :user, score: 0 condition(:full_private_access) { @user&.full_private_access? } diff --git a/app/policies/global_policy.rb b/app/policies/global_policy.rb index e85397422e6..134de1c9ace 100644 --- a/app/policies/global_policy.rb +++ b/app/policies/global_policy.rb @@ -1,10 +1,6 @@ # frozen_string_literal: true class GlobalPolicy < BasePolicy - desc "User is blocked" - with_options scope: :user, score: 0 - condition(:blocked) { @user&.blocked? } - desc "User is an internal user" with_options scope: :user, score: 0 condition(:internal) { @user&.internal? } diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index 3218c04b219..35b9bf2d6a3 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -445,6 +445,10 @@ class ProjectPolicy < BasePolicy prevent :owner_access end + rule { blocked }.policy do + prevent :create_pipeline + end + private def team_member? |