diff options
Diffstat (limited to 'app/policies/project_policy.rb')
-rw-r--r-- | app/policies/project_policy.rb | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index 87573c9ad13..d81db357162 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -47,6 +47,9 @@ class ProjectPolicy < BasePolicy desc "Project is archived" condition(:archived, scope: :subject, score: 0) { project.archived? } + desc "Project is in the process of being deleted" + condition(:pending_delete) { project.pending_delete? } + condition(:default_issues_tracker, scope: :subject) { project.default_issues_tracker? } desc "Container registry is disabled" @@ -248,7 +251,7 @@ class ProjectPolicy < BasePolicy enable :read_insights end - rule { can?(:guest_access) & can?(:create_issue) }.enable :create_incident + rule { can?(:reporter_access) & can?(:create_issue) }.enable :create_incident # These abilities are not allowed to admins that are not members of the project, # that's why they are defined separately. @@ -439,7 +442,7 @@ class ProjectPolicy < BasePolicy enable :destroy_freeze_period enable :admin_feature_flags_client enable :update_runners_registration_token - enable :manage_project_google_cloud + enable :admin_project_google_cloud end rule { public_project & metrics_dashboard_allowed }.policy do @@ -457,7 +460,13 @@ class ProjectPolicy < BasePolicy prevent(*readonly_abilities) readonly_features.each do |feature| - prevent(*create_update_admin_destroy(feature)) + prevent(*create_update_admin(feature)) + end + end + + rule { archived & ~pending_delete }.policy do + readonly_features.each do |feature| + prevent(:"destroy_#{feature}") end end |