summaryrefslogtreecommitdiff
path: root/app/policies/group_policy.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/policies/group_policy.rb')
-rw-r--r--app/policies/group_policy.rb9
1 files changed, 6 insertions, 3 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb
index 9219283992f..84b1873c05d 100644
--- a/app/policies/group_policy.rb
+++ b/app/policies/group_policy.rb
@@ -16,8 +16,6 @@ class GroupPolicy < BasePolicy
condition(:maintainer) { access_level >= GroupMember::MAINTAINER }
condition(:reporter) { access_level >= GroupMember::REPORTER }
- condition(:nested_groups_supported, scope: :global) { Group.supports_nested_objects? }
-
condition(:has_parent, scope: :subject) { @subject.has_parent? }
condition(:share_with_group_locked, scope: :subject) { @subject.share_with_group_lock? }
condition(:parent_share_with_group_locked, scope: :subject) { @subject.parent&.share_with_group_lock? }
@@ -38,6 +36,10 @@ class GroupPolicy < BasePolicy
@subject.project_creation_level == ::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS
end
+ condition(:maintainer_can_create_group) do
+ @subject.subgroup_creation_level == ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS
+ end
+
rule { public_group }.policy do
enable :read_group
enable :read_list
@@ -104,7 +106,8 @@ class GroupPolicy < BasePolicy
enable :read_nested_project_resources
end
- rule { owner & nested_groups_supported }.enable :create_subgroup
+ rule { owner }.enable :create_subgroup
+ rule { maintainer & maintainer_can_create_group }.enable :create_subgroup
rule { public_group | logged_in_viewable }.enable :view_globally