diff options
Diffstat (limited to 'app/policies/group_policy.rb')
-rw-r--r-- | app/policies/group_policy.rb | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index 833d5b9bd34..5c4990ffd9b 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class GroupPolicy < BasePolicy +class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy include FindGroupProjects desc "Group is public" @@ -77,6 +77,11 @@ class GroupPolicy < BasePolicy condition(:crm_enabled, score: 0, scope: :subject) { Feature.enabled?(:customer_relations, @subject) } + with_scope :subject + condition(:group_runner_registration_allowed, score: 0, scope: :subject) do + Feature.disabled?(:runner_registration_control) || Gitlab::CurrentSettings.valid_runner_registrars.include?('group') + end + rule { can?(:read_group) & design_management_enabled }.policy do enable :read_design_activity end @@ -157,6 +162,7 @@ class GroupPolicy < BasePolicy enable :destroy_package enable :create_projects enable :admin_pipeline + enable :admin_group_runners enable :admin_build enable :read_cluster enable :add_cluster @@ -199,6 +205,10 @@ class GroupPolicy < BasePolicy enable :read_nested_project_resources end + rule { can?(:admin_group_runners) }.policy do + enable :register_group_runners + end + rule { owner }.enable :create_subgroup rule { maintainer & maintainer_can_create_group }.enable :create_subgroup @@ -261,6 +271,10 @@ class GroupPolicy < BasePolicy prevent :admin_crm_organization end + rule { ~group_runner_registration_allowed }.policy do + prevent :register_group_runners + end + def access_level(for_any_session: false) return GroupMember::NO_ACCESS if @user.nil? return GroupMember::NO_ACCESS unless user_is_user? |