summaryrefslogtreecommitdiff
path: root/app/policies/group_policy.rb
Commit message (Collapse)AuthorAgeFilesLines
* CE changes for SSO web enforcementce-jej/group-saml-sso-enforcementJames Edwards-Jones2019-05-061-1/+5
| | | | | | Adds two methods for us to extend in EE: - OmniauthCallbacksController#link_identity - GroupPolicy#lookup_access_level!
* Add part of needed codeGosia Ksionek2019-04-051-0/+11
| | | | | | | | | | | | | | | | | Add columns to store project creation settings Add project creation level column in groups and default project creation column in application settings Remove obsolete line from schema Update migration with project_creation_level column existence check Rename migrations to avoid conflicts Update migration methods Update migration method
* Update group policy to reflect all the requirementsMałgorzata Ksionek2019-03-131-1/+2
|
* Resolve conflicts in group policyMałgorzata Ksionek2019-03-051-1/+0
|
* Resolve conflicts in app/policies/group_policy.rbStan Hu2019-03-041-3/+0
|
* Merge dev master into GitLab.com masterYorick Peterse2019-03-041-0/+3
|\
| * Secure vulerability and add specsMałgorzata Ksionek2019-02-281-1/+0
| |
* | Enable `:read_list` when `:read_group` is enabledHeinrich Lee Yu2019-02-251-0/+1
|/
* Merge branch '34758-extend-can-create-cluster-logic' into 'master'Kamil Trzciński2018-12-301-1/+9
|\ | | | | | | | | Allow user to add cluster when there are ancestor clusters See merge request gitlab-org/gitlab-ce!23569
| * Allow users to add cluster with ancestorsMayra Cabrera2018-12-241-1/+9
| | | | | | | | | | | | | | | | | | | | | | Include a new policy in Clusterables (projects and groups), which checks if another cluster can be added clusterable_has_cluster? and multiple_clusters_available private methods will be overriden in EE Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/34758
* | Rename GroupHierarchy into ObjectHierarchyJarka Košanová2018-12-191-1/+1
| | | | | | | | | | | | - we now use the hierarchy class also for epics - also rename supports_nested_groups? into supports_nested_objects? - move it to a concern
* | Add a missing policy allowance in GroupPolicyRémy Coutable2018-12-181-0/+1
|/ | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Add policy for clusters on group levelThong Kuah2018-11-081-0/+4
| | | | | - maintainer for group can read, create, update, and admin cluster - project user, at any level, cannot do anything with group cluster
* Merge branch 'fldubois/gitlab-ce-fix-api-group-createdat' into 'master'Rémy Coutable2018-08-281-0/+2
|\ | | | | | | | | | | | | Allow date parameters on Issues, Notes, and Discussions API for group owners Closes #40059 See merge request gitlab-org/gitlab-ce!21342
| * Use policies to determine if attributes can be set in the APISean McGivern2018-08-221-0/+2
| | | | | | | | This is more idiomatic than checking membership explicitly.
* | Allow to delete group milestonesissue_36138Felipe Artur2018-08-061-1/+1
|/
* Enable frozen string in presenters and policiesrepo-forks/gitlab-ce-frozen-string-enable-app-presentersgfyoung2018-07-241-0/+2
| | | | | | | | | Enable frozen string in: * app/presenters * app/policies Partially addresses #47424.
* Resolve "Rename the `Master` role to `Maintainer`" BackendMark Chao2018-07-111-2/+2
|
* Create cross project group featuresBob Van Landuyt2018-07-061-0/+13
| | | | | This allows us to check specific abilities in views, while still enabling/disabling them at once.
* Fix users not seeing labels from private groups when being a member of a ↵Felipe Artur2018-04-231-2/+6
| | | | child project
* Bring one group board to CEFelipe Artur2018-03-031-1/+6
|
* EE-BACKPORT group boardsFelipe Artur2018-01-041-1/+7
|
* Support uploads for groupsJarka Kadlecova2017-12-071-1/+6
|
* Introduce :read_namespace access policy for namespace and groupTomasz Maczukin2017-11-231-0/+2
|
* Allow DEVELOPER role to admin milestonesissue_32215Felipe Artur2017-09-181-1/+2
|
* Make Members with Owner and Master roles always able to create subgroups30473-allow-creation-of-subgroups-with-gitlab_default_can_create_group-set-to-falseRuben Davila2017-09-071-1/+1
|
* Optimize policy ruleMichael Kozono2017-09-071-2/+3
|
* Refer to “Share with group lock” consistentlyimprove-share-locking-feature-for-subgroupsMichael Kozono2017-09-061-3/+3
|
* Fix ability when Share lock is offMichael Kozono2017-09-061-1/+2
|
* Refactor based on code reviewMichael Kozono2017-09-061-1/+1
|
* Fix “Share lock” policy for deeply nested groupsMichael Kozono2017-09-061-2/+2
|
* Enforce share_with_group_lock rulesMichael Kozono2017-09-061-0/+5
| | | | …in Groups::UpdateService instead of only in the browser.
* Improves subgroup creation permissions35845-improve-subgroup-creation-permissionsTiago Botelho2017-08-211-1/+3
|
* Basic BE changeShinya Maeda2017-07-071-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix static-snalysis Move the precedence of group secure variable before project secure variable. Allow project_id to be null. Separate Ci::VariableProject and Ci::VariableGroup Add the forgotton files Add migration file to update type of ci_variables Fix form_for fpr VariableProject Fix test Change the table structure according to the yorik advice Add necessary migration files. Remove unnecessary migration spec. Revert safe_model_attributes.yml Fix models Fix spec Avoid self.variable. Use becomes for correct routing. Use unique index on group_id and key Add null: false for t.timestamps Fix schema version Rename VariableProject and VariableGroup to ProjectVariable and GroupVariable Rename the rest of them Add the rest of files Basic BE change Fix static-snalysis Move the precedence of group secure variable before project secure variable. Allow project_id to be null. Separate Ci::VariableProject and Ci::VariableGroup Add the forgotton files Add migration file to update type of ci_variables Fix form_for fpr VariableProject Fix test Change the table structure according to the yorik advice Add necessary migration files. Remove unnecessary migration spec. Revert safe_model_attributes.yml Fix models Fix spec Avoid self.variable. Use becomes for correct routing. Use unique index on group_id and key Add null: false for t.timestamps Fix schema version Rename VariableProject and VariableGroup to ProjectVariable and GroupVariable Rename the rest of them Add the rest of files Implement CURD Rename codes related to VariableGroup and VariableProject FE part Remove unneccesary changes Make Fe code up-to-date Add protected flag to migration file Protected group variables essential package Update schema Improve doc Fix logic and spec for models Fix logic and spec for controllers Fix logic and spec for views(pre feature) Add feature spec Fixed bugs. placeholder. reveal button. doc. Add changelog Remove unnecessary comment godfat nice catches Improve secret_variables_for arctecture Fix spec Fix StaticAnlysys & path_regex spec Revert "Improve secret_variables_for arctecture" This reverts commit c3216ca212322ecf6ca534cb12ce75811a4e77f1. Use ayufan suggestion for secret_variables_for Use find instead of find_by Fix spec message for variable is invalid Fix spec remove variable.group_id = group.id godffat spec nitpicks Use include Gitlab::Routing.url_helpers for presenter spec
* convert all the policies to DeclarativePolicyhttp://jneen.net/2017-06-271-44/+52
|
* Allow group reporters to manage group labels33154-permissions-for-project-labels-and-group-labelsSean McGivern2017-06-051-7/+10
| | | | | | | | | Previously, only group masters could do this. However, project reporters can manage project labels, so there doesn't seem to be any need to restrict group labels further. Also, save a query or two by getting a single GroupMember object to find out if the user is a master or not.
* Merge branch 'siemens/gitlab-ce-fix/subgroup-hide-button' into 'master' Rémy Coutable2017-04-121-0/+1
|\ | | | | | | | | | | | | Hide new subgroup button if user has no permission to create one Closes #30139 See merge request !10627
| * Move permission to create subgroup into GroupPolicyDmitriy Zaporozhets2017-04-111-0/+1
| | | | | | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* | ProjectsFinder should handle more optionsJacopo2017-04-061-2/+2
|/ | | | | | | | | | | | | | | | | | | Extended ProjectFinder in order to handle the following options: - current_user - which user use - project_ids_relation: int[] - project ids to use - params: - trending: boolean - non_public: boolean - starred: boolean - sort: string - visibility_level: int - tags: string[] - personal: boolean - search: string - non_archived: boolean GroupProjectsFinder now inherits from ProjectsFinder. Changed the code in order to use the new available options.
* Remove now unnecessary `additional_rules!` method from GroupPolicyDrew Blessing2017-02-281-6/+0
| | | | | | | | | The intention was for this to be used to override group policy in EE. This led to all sort of strange problems in practice - for example, https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/1025 needed to override `owner` permissions, but `additional_rules!` passed `master` only. The better solution is to use an EE module to override the policy. Removing this now defunct method.
* Include group parents into read access for project and groupDmitriy Zaporozhets2016-12-261-1/+1
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Backport hooks on group policies for the EE-specific implementationbackport/group-policiesDouglas Barbosa Alexandre2016-12-131-0/+6
|
* Add CRUD for Group LabelsDouglas Barbosa Alexandre2016-10-191-0/+1
|
* port groupshttp://jneen.net/2016-08-301-0/+45
View Lorry Controller Status