diff options
Diffstat (limited to 'app/policies/ci/job_artifact_policy.rb')
| -rw-r--r-- | app/policies/ci/job_artifact_policy.rb | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/app/policies/ci/job_artifact_policy.rb b/app/policies/ci/job_artifact_policy.rb index e25c7311565..61c935af8ba 100644 --- a/app/policies/ci/job_artifact_policy.rb +++ b/app/policies/ci/job_artifact_policy.rb @@ -3,5 +3,20 @@ module Ci class JobArtifactPolicy < BasePolicy delegate { @subject.job.project } + + condition(:public_access, scope: :subject) do + @subject.public_access? + end + + condition(:can_read_project_build, scope: :subject) do + can?(:read_build, @subject.job.project) + end + + condition(:has_access_to_project) do + can?(:developer_access, @subject.job.project) + end + + rule { can_read_project_build }.enable :read_job_artifacts + rule { ~public_access & ~has_access_to_project }.prevent :read_job_artifacts end end |