diff options
Diffstat (limited to 'app')
-rw-r--r-- | app/models/ability.rb | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb index 2c0fd0338fd..eeb0ceba081 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -171,14 +171,9 @@ class Ability # Allow to read builds for internal projects rules << :read_build if project.public_builds? - group_member = - project.group && - ( - project.group.members.exists?(user_id: user.id) || - project.group.requesters.exists?(user_id: user.id) - ) - - rules << :request_access unless owner || group_member || project.team.member?(user) + unless owner || project.team.member?(user) || project_group_member?(project, user) + rules << :request_access + end end if project.archived? @@ -501,8 +496,7 @@ class Ability target_user = subject.user project = subject.project - # Allow owners that requested access to their own project to destroy themselves - if target_user != project.owner || subject.request? + unless target_user == project.owner can_manage = project_abilities(user, project).include?(:admin_project_member) if can_manage @@ -582,5 +576,13 @@ class Ability rules end + + def project_group_member?(project, user) + project.group && + ( + project.group.members.exists?(user_id: user.id) || + project.group.requesters.exists?(user_id: user.id) + ) + end end end |