diff options
Diffstat (limited to 'app/policies')
-rw-r--r-- | app/policies/base_policy.rb | 3 | ||||
-rw-r--r-- | app/policies/concerns/policy_actor.rb | 4 | ||||
-rw-r--r-- | app/policies/project_policy.rb | 2 |
3 files changed, 9 insertions, 0 deletions
diff --git a/app/policies/base_policy.rb b/app/policies/base_policy.rb index c93a19bdc3d..ce3e5b0195c 100644 --- a/app/policies/base_policy.rb +++ b/app/policies/base_policy.rb @@ -44,6 +44,9 @@ class BasePolicy < DeclarativePolicy::Base ::Gitlab::ExternalAuthorization.perform_check? end + with_options scope: :user, score: 0 + condition(:alert_bot) { @user&.alert_bot? } + rule { external_authorization_enabled & ~can?(:read_all_resources) }.policy do prevent :read_cross_project end diff --git a/app/policies/concerns/policy_actor.rb b/app/policies/concerns/policy_actor.rb index b963a64b429..406677d7b56 100644 --- a/app/policies/concerns/policy_actor.rb +++ b/app/policies/concerns/policy_actor.rb @@ -33,6 +33,10 @@ module PolicyActor def can_create_group false end + + def alert_bot? + false + end end PolicyActor.prepend_if_ee('EE::PolicyActor') diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index bbcb3c637a9..ee22a2d84e7 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -515,6 +515,8 @@ class ProjectPolicy < BasePolicy end def lookup_access_level! + return ::Gitlab::Access::REPORTER if alert_bot? + # NOTE: max_member_access has its own cache project.team.max_member_access(@user.id) end |