blob: 6363c382ff8a1256c15436bbd3e955456b40d5e1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
module Ci
class PipelinePolicy < BasePolicy
delegate { @subject.project }
condition(:protected_ref) { ref_protected?(@user, @subject.project, @subject.tag?, @subject.ref) }
rule { protected_ref }.prevent :update_pipeline
def ref_protected?(user, project, tag, ref)
access = ::Gitlab::UserAccess.new(user, project: project)
if tag
!access.can_create_tag?(ref)
else
!access.can_update_branch?(ref)
end
end
end
end
|