diff options
Diffstat (limited to 'app/policies/global_policy.rb')
-rw-r--r-- | app/policies/global_policy.rb | 46 |
1 files changed, 35 insertions, 11 deletions
diff --git a/app/policies/global_policy.rb b/app/policies/global_policy.rb index 2683aaad981..535faa922dd 100644 --- a/app/policies/global_policy.rb +++ b/app/policies/global_policy.rb @@ -1,16 +1,40 @@ class GlobalPolicy < BasePolicy - def rules - return unless @user + desc "User is blocked" + with_options scope: :user, score: 0 + condition(:blocked) { @user.blocked? } - can! :create_group if @user.can_create_group - can! :read_users_list + desc "User is an internal user" + with_options scope: :user, score: 0 + condition(:internal) { @user.internal? } - unless @user.blocked? || @user.internal? - can! :log_in unless @user.access_locked? - can! :access_api - can! :access_git - can! :receive_notifications - can! :use_quick_actions - end + desc "User's access has been locked" + with_options scope: :user, score: 0 + condition(:access_locked) { @user.access_locked? } + + rule { anonymous }.prevent_all + + rule { default }.policy do + enable :read_users_list + enable :log_in + enable :access_api + enable :access_git + enable :receive_notifications + enable :use_quick_actions + end + + rule { blocked | internal }.policy do + prevent :log_in + prevent :access_api + prevent :access_git + prevent :receive_notifications + prevent :use_quick_actions + end + + rule { can_create_group }.policy do + enable :create_group + end + + rule { access_locked }.policy do + prevent :log_in end end |