summaryrefslogtreecommitdiff
path: root/app/policies/ci/build_policy.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/policies/ci/build_policy.rb')
-rw-r--r--app/policies/ci/build_policy.rb28
1 files changed, 7 insertions, 21 deletions
diff --git a/app/policies/ci/build_policy.rb b/app/policies/ci/build_policy.rb
index 2d7405dc240..984e5482288 100644
--- a/app/policies/ci/build_policy.rb
+++ b/app/policies/ci/build_policy.rb
@@ -1,29 +1,15 @@
module Ci
class BuildPolicy < CommitStatusPolicy
- alias_method :build, :subject
+ condition(:protected_ref) do
+ access = ::Gitlab::UserAccess.new(@user, project: @subject.project)
- def rules
- super
-
- # If we can't read build we should also not have that
- # ability when looking at this in context of commit_status
- %w[read create update admin].each do |rule|
- cannot! :"#{rule}_commit_status" unless can? :"#{rule}_build"
- end
-
- if can?(:update_build) && protected_action?
- cannot! :update_build
+ if @subject.tag?
+ !access.can_create_tag?(@subject.ref)
+ else
+ !access.can_update_branch?(@subject.ref)
end
end
- private
-
- def protected_action?
- return false unless build.action?
-
- !::Gitlab::UserAccess
- .new(user, project: build.project)
- .can_merge_to_branch?(build.ref)
- end
+ rule { protected_ref }.prevent :update_build
end
end
View Lorry Controller Status