1 files changed, 35 insertions, 11 deletions

diff --git a/app/policies/global_policy.rb b/app/policies/global_policy.rb
index 2683aaad981..535faa922dd 100644
--- a/app/policies/global_policy.rb
+++ b/app/policies/global_policy.rb
@@ -1,16 +1,40 @@
 class GlobalPolicy < BasePolicy
-  def rules
-    return unless @user
+  desc "User is blocked"
+  with_options scope: :user, score: 0
+  condition(:blocked) { @user.blocked? }
 
-    can! :create_group if @user.can_create_group
-    can! :read_users_list
+  desc "User is an internal user"
+  with_options scope: :user, score: 0
+  condition(:internal) { @user.internal? }
 
-    unless @user.blocked? || @user.internal?
-      can! :log_in unless @user.access_locked?
-      can! :access_api
-      can! :access_git
-      can! :receive_notifications
-      can! :use_quick_actions
-    end
+  desc "User's access has been locked"
+  with_options scope: :user, score: 0
+  condition(:access_locked) { @user.access_locked? }
+
+  rule { anonymous }.prevent_all
+
+  rule { default }.policy do
+    enable :read_users_list
+    enable :log_in
+    enable :access_api
+    enable :access_git
+    enable :receive_notifications
+    enable :use_quick_actions
+  end
+
+  rule { blocked | internal }.policy do
+    prevent :log_in
+    prevent :access_api
+    prevent :access_git
+    prevent :receive_notifications
+    prevent :use_quick_actions
+  end
+
+  rule { can_create_group }.policy do
+    enable :create_group
+  end
+
+  rule { access_locked }.policy do
+    prevent :log_in
   end
 end