summaryrefslogtreecommitdiff
path: root/app/policies/group_policy.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/policies/group_policy.rb')
-rw-r--r--app/policies/group_policy.rb17
1 files changed, 17 insertions, 0 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb
index b1b52d62b85..62f66093875 100644
--- a/app/policies/group_policy.rb
+++ b/app/policies/group_policy.rb
@@ -42,6 +42,14 @@ class GroupPolicy < BasePolicy
@subject.subgroup_creation_level == ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS
end
+ condition(:design_management_enabled) do
+ group_projects_for(user: @user, group: @subject, only_owned: false).any? { |p| p.design_management_enabled? }
+ end
+
+ rule { design_management_enabled }.policy do
+ enable :read_design_activity
+ end
+
rule { public_group }.policy do
enable :read_group
enable :read_package
@@ -59,6 +67,10 @@ class GroupPolicy < BasePolicy
enable :update_max_artifacts_size
end
+ rule { can?(:read_all_resources) }.policy do
+ enable :read_confidential_issues
+ end
+
rule { has_projects }.policy do
enable :read_group
end
@@ -70,6 +82,10 @@ class GroupPolicy < BasePolicy
enable :read_board
end
+ rule { ~can?(:read_group) }.policy do
+ prevent :read_design_activity
+ end
+
rule { has_access }.enable :read_namespace
rule { developer }.policy do
@@ -87,6 +103,7 @@ class GroupPolicy < BasePolicy
enable :admin_list
enable :admin_issue
enable :read_metrics_dashboard_annotation
+ enable :read_prometheus
end
rule { maintainer }.policy do
View Lorry Controller Status