app/policies/releases/evidence_policy.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

# frozen_string_literal: true

module Releases
  class EvidencePolicy < BasePolicy
    delegate { @subject.release.project }

    rule { allowed_to_read_evidence & external_authorization_service_disabled }.policy do
      enable :read_release_evidence
    end

    ##
    # evidence.summary includes the following entities:
    # - Release
    # - git-tag (Repository)
    # - Project
    # - Milestones
    # - Issues
    # TODO: remove issues from this check: https://gitlab.com/gitlab-org/gitlab/-/issues/259674
    condition(:allowed_to_read_evidence) do
      can?(:read_release) &&
        can?(:download_code) &&
        can?(:read_project) &&
        can?(:read_milestone) &&
        can?(:read_issue)
    end

    ##
    # Currently, we don't support release evidence for the GitLab instances
    # that enables external authorization services.
    # See https://gitlab.com/gitlab-org/gitlab/issues/121930.
    condition(:external_authorization_service_disabled) do
      !Gitlab::ExternalAuthorization::Config.enabled?
    end
  end
end