summaryrefslogtreecommitdiff
path: root/app/policies
diff options
context:
space:
mode:
Diffstat (limited to 'app/policies')
-rw-r--r--app/policies/base_policy.rb4
-rw-r--r--app/policies/ci/build_policy.rb13
-rw-r--r--app/policies/commit_status_policy.rb5
3 files changed, 22 insertions, 0 deletions
diff --git a/app/policies/base_policy.rb b/app/policies/base_policy.rb
index fd5d05a1bd1..e1757d97e89 100644
--- a/app/policies/base_policy.rb
+++ b/app/policies/base_policy.rb
@@ -30,6 +30,10 @@ class BasePolicy
@can.merge(BasePolicy.class_for(new_subject).abilities(@user, new_subject))
end
+ def can?(rule)
+ @can.include?(rule) && !@cannot.include?(rule)
+ end
+
def can!(*rules)
@can.merge(rules)
end
diff --git a/app/policies/ci/build_policy.rb b/app/policies/ci/build_policy.rb
new file mode 100644
index 00000000000..2232e231cf8
--- /dev/null
+++ b/app/policies/ci/build_policy.rb
@@ -0,0 +1,13 @@
+module Ci
+ class BuildPolicy < CommitStatusPolicy
+ def rules
+ super
+
+ # If we can't read build we should also not have that
+ # ability when looking at this in context of commit_status
+ %w(read create update admin).each do |rule|
+ cannot! :"#{rule}_commit_status" unless can? :"#{rule}_build"
+ end
+ end
+ end
+end
diff --git a/app/policies/commit_status_policy.rb b/app/policies/commit_status_policy.rb
new file mode 100644
index 00000000000..593df738328
--- /dev/null
+++ b/app/policies/commit_status_policy.rb
@@ -0,0 +1,5 @@
+class CommitStatusPolicy < BasePolicy
+ def rules
+ delegate! @subject.project
+ end
+end
View Lorry Controller Status