diff options
author | Job van der Voort <jobvandervoort@gmail.com> | 2014-08-28 20:33:41 +0200 |
---|---|---|
committer | Job van der Voort <jobvandervoort@gmail.com> | 2014-08-28 20:33:41 +0200 |
commit | 68fd66c6e3ba6f5458526fa6461735b6ee610b78 (patch) | |
tree | 33fdf862068f55f9af0ec2b327d2274ba7ff2c85 /lib/gitlab/visibility_level.rb | |
parent | d4180875cbd361b0b3905fac08c94ff5931695a9 (diff) | |
download | gitlab-ce-68fd66c6e3ba6f5458526fa6461735b6ee610b78.tar.gz |
block visibility level restriction override in controller
Diffstat (limited to 'lib/gitlab/visibility_level.rb')
-rw-r--r-- | lib/gitlab/visibility_level.rb | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/lib/gitlab/visibility_level.rb b/lib/gitlab/visibility_level.rb index ea1319268f8..d0b6cde3c7e 100644 --- a/lib/gitlab/visibility_level.rb +++ b/lib/gitlab/visibility_level.rb @@ -23,7 +23,21 @@ module Gitlab end def allowed_for?(user, level) - user.is_admin? || !Gitlab.config.gitlab.restricted_visibility_levels.include?(level) + user.is_admin? || allowed_level?(level) + end + + # Level can be a string `"public"` or a value `20`, first check if valid, + # then check if the corresponding string appears in the config + def allowed_level?(level) + if options.has_key?(level.to_s) + non_restricted_level?(level) + elsif options.has_value?(level.to_i) + non_restricted_level?(options.key(level.to_i).downcase) + end + end + + def non_restricted_level?(level) + ! Gitlab.config.gitlab.restricted_visibility_levels.include?(level) end end |