app/policies/namespace_policy.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

# frozen_string_literal: true

class NamespacePolicy < BasePolicy
  rule { anonymous }.prevent_all

  condition(:personal_project, scope: :subject) { @subject.kind == 'user' }
  condition(:can_create_personal_project, scope: :user) { @user.can_create_project? }
  condition(:owner) { @subject.owner == @user }

  rule { owner | admin }.policy do
    enable :create_projects
    enable :admin_namespace
    enable :read_namespace
  end

  rule { personal_project & ~can_create_personal_project }.prevent :create_projects

  rule { (owner | admin) & can?(:create_projects) }.enable :transfer_projects
end