summaryrefslogtreecommitdiff
path: root/app/policies
diff options
context:
space:
mode:
Diffstat (limited to 'app/policies')
-rw-r--r--app/policies/alert_management/alert_policy.rb12
-rw-r--r--app/policies/environment_policy.rb6
-rw-r--r--app/policies/project_member_policy.rb7
-rw-r--r--app/policies/project_policy.rb4
-rw-r--r--app/policies/suggestion_policy.rb4
-rw-r--r--app/policies/user_policy.rb1
6 files changed, 25 insertions, 9 deletions
diff --git a/app/policies/alert_management/alert_policy.rb b/app/policies/alert_management/alert_policy.rb
index e2383921c82..9b6ce72851c 100644
--- a/app/policies/alert_management/alert_policy.rb
+++ b/app/policies/alert_management/alert_policy.rb
@@ -3,7 +3,15 @@
module AlertManagement
class AlertPolicy < ::BasePolicy
delegate { @subject.project }
+
+ rule { can?(:read_alert_management_alert) }.policy do
+ enable :read_alert_management_metric_image
+ end
+
+ rule { can?(:update_alert_management_alert) }.policy do
+ enable :upload_alert_management_metric_image
+ enable :update_alert_management_metric_image
+ enable :destroy_alert_management_metric_image
+ end
end
end
-
-AlertManagement::AlertPolicy.prepend_mod
diff --git a/app/policies/environment_policy.rb b/app/policies/environment_policy.rb
index e9e3517b3da..72db6d31764 100644
--- a/app/policies/environment_policy.rb
+++ b/app/policies/environment_policy.rb
@@ -4,12 +4,12 @@ class EnvironmentPolicy < BasePolicy
delegate { @subject.project }
condition(:stop_with_deployment_allowed) do
- @subject.stop_action_available? &&
- can?(:create_deployment) && can?(:update_build, @subject.stop_action)
+ @subject.stop_actions_available? &&
+ can?(:create_deployment) && can?(:update_build, @subject.stop_actions.last)
end
condition(:stop_with_update_allowed) do
- !@subject.stop_action_available? && can?(:update_environment, @subject)
+ !@subject.stop_actions_available? && can?(:update_environment, @subject)
end
condition(:stopped) do
diff --git a/app/policies/project_member_policy.rb b/app/policies/project_member_policy.rb
index 91f1eb35506..40ba30fce5e 100644
--- a/app/policies/project_member_policy.rb
+++ b/app/policies/project_member_policy.rb
@@ -3,13 +3,16 @@
class ProjectMemberPolicy < BasePolicy
delegate { @subject.project }
- condition(:target_is_owner, scope: :subject) { @subject.user == @subject.project.owner }
+ condition(:target_is_holder_of_the_personal_namespace, scope: :subject) do
+ @subject.project.personal_namespace_holder?(@subject.user)
+ end
+
condition(:target_is_self) { @user && @subject.user == @user }
condition(:project_bot) { @subject.user&.project_bot? }
rule { anonymous }.prevent_all
- rule { target_is_owner }.policy do
+ rule { target_is_holder_of_the_personal_namespace }.policy do
prevent :update_project_member
prevent :destroy_project_member
end
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index 2ffafb79134..a417ea35673 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -728,6 +728,10 @@ class ProjectPolicy < BasePolicy
enable :create_resource_access_tokens
end
+ rule { can?(:admin_project) }.policy do
+ enable :read_usage_quotas
+ end
+
rule { can?(:project_bot_access) }.policy do
prevent :create_resource_access_tokens
end
diff --git a/app/policies/suggestion_policy.rb b/app/policies/suggestion_policy.rb
index 4c84c8ba690..3c273dc6d39 100644
--- a/app/policies/suggestion_policy.rb
+++ b/app/policies/suggestion_policy.rb
@@ -1,10 +1,10 @@
# frozen_string_literal: true
class SuggestionPolicy < BasePolicy
- delegate { @subject.project }
+ delegate { @subject.source_project }
condition(:can_push_to_branch) do
- Gitlab::UserAccess.new(@user, container: @subject.project).can_push_to_branch?(@subject.branch)
+ Gitlab::UserAccess.new(@user, container: @subject.source_project).can_push_to_branch?(@subject.branch)
end
rule { can_push_to_branch }.enable :apply_suggestion
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
index de99cbffb6f..f62ccef826c 100644
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -25,6 +25,7 @@ class UserPolicy < BasePolicy
enable :update_user_status
enable :create_saved_replies
enable :update_saved_replies
+ enable :destroy_saved_replies
enable :read_user_personal_access_tokens
enable :read_group_count
enable :read_user_groups
View Lorry Controller Status