summaryrefslogtreecommitdiff
path: root/app/policies/global_policy.rb
blob: 1be7bbe99533521ab4656eb8826ecb57bd9a6b26 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
class GlobalPolicy < BasePolicy
  desc "User is blocked"
  with_options scope: :user, score: 0
  condition(:blocked) { @user.blocked? }

  desc "User is an internal user"
  with_options scope: :user, score: 0
  condition(:internal) { @user.internal? }

  desc "User's access has been locked"
  with_options scope: :user, score: 0
  condition(:access_locked) { @user.access_locked? }

  rule { anonymous }.policy do
    prevent :log_in
    prevent :access_api
    prevent :access_git
    prevent :receive_notifications
    prevent :use_quick_actions
    prevent :create_group
  end

  rule { default }.policy do
    enable :log_in
    enable :access_api
    enable :access_git
    enable :receive_notifications
    enable :use_quick_actions
  end

  rule { blocked | internal }.policy do
    prevent :log_in
    prevent :access_api
    prevent :access_git
    prevent :receive_notifications
    prevent :use_quick_actions
  end

  rule { can_create_group }.policy do
    enable :create_group
  end

  rule { access_locked }.policy do
    prevent :log_in
  end

  rule { ~(anonymous & restricted_public_level) }.policy do
    enable :read_users_list
  end
end