diff options
Diffstat (limited to 'app/models/ability.rb')
-rw-r--r-- | app/models/ability.rb | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb index 6fd18f2ee24..d95a2507199 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -47,6 +47,16 @@ class Ability end end + # Returns an Array of Issues that can be read by the given user. + # + # issues - The issues to reduce down to those readable by the user. + # user - The User for which to check the issues + def issues_readable_by_user(issues, user = nil) + return issues if user && user.admin? + + issues.select { |issue| issue.visible_to_user?(user) } + end + # List of possible abilities for anonymous user def anonymous_abilities(user, subject) if subject.is_a?(PersonalSnippet) @@ -172,7 +182,7 @@ class Ability rules << :read_build if project.public_builds? unless owner || project.team.member?(user) || project_group_member?(project, user) - rules << :request_access + rules << :request_access if project.request_access_enabled end end @@ -373,7 +383,7 @@ class Ability end if group.public? || (group.internal? && !user.external?) - rules << :request_access unless group.users.include?(user) + rules << :request_access if group.request_access_enabled && group.users.exclude?(user) end rules.flatten @@ -388,6 +398,18 @@ class Ability GroupProjectsFinder.new(group).execute(user).any? end + def can_edit_note?(user, note) + return false if !note.editable? || !user.present? + return true if note.author == user || user.admin? + + if note.project + max_access_level = note.project.team.max_member_access(user.id) + max_access_level >= Gitlab::Access::MASTER + else + false + end + end + def namespace_abilities(user, namespace) rules = [] |