diff options
Diffstat (limited to 'app/policies/group_policy.rb')
-rw-r--r-- | app/policies/group_policy.rb | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index b1b52d62b85..62f66093875 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -42,6 +42,14 @@ class GroupPolicy < BasePolicy @subject.subgroup_creation_level == ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS end + condition(:design_management_enabled) do + group_projects_for(user: @user, group: @subject, only_owned: false).any? { |p| p.design_management_enabled? } + end + + rule { design_management_enabled }.policy do + enable :read_design_activity + end + rule { public_group }.policy do enable :read_group enable :read_package @@ -59,6 +67,10 @@ class GroupPolicy < BasePolicy enable :update_max_artifacts_size end + rule { can?(:read_all_resources) }.policy do + enable :read_confidential_issues + end + rule { has_projects }.policy do enable :read_group end @@ -70,6 +82,10 @@ class GroupPolicy < BasePolicy enable :read_board end + rule { ~can?(:read_group) }.policy do + prevent :read_design_activity + end + rule { has_access }.enable :read_namespace rule { developer }.policy do @@ -87,6 +103,7 @@ class GroupPolicy < BasePolicy enable :admin_list enable :admin_issue enable :read_metrics_dashboard_annotation + enable :read_prometheus end rule { maintainer }.policy do |