Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/models/ability.rb
diff options
context:
space:
mode:
authorhttp://jneen.net/ <jneen@jneen.net>2016-08-17 02:28:47 +0300
committerhttp://jneen.net/ <jneen@jneen.net>2016-08-30 21:39:22 +0300
commitccfa032ebc101339c1c0842d0fbeb5b555db9278 (patch)
tree3a97463ad3332c9f9be6def044cc456fdbab4109 /app/models/ability.rb
parent4016c5351362a409b9d8bb258e0330089cdb4394 (diff)
port groups
Diffstat (limited to 'app/models/ability.rb')
-rw-r--r--app/models/ability.rb39
1 files changed, 3 insertions, 36 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb
index c5392379b32..2360bf3d46c 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -73,7 +73,6 @@ class Ability
def abilities_by_subject_class(user:, subject:)
case subject
- when Group then group_abilities(user, subject)
when Namespace then namespace_abilities(user, subject)
when GroupMember then group_member_abilities(user, subject)
when ProjectMember then project_member_abilities(user, subject)
@@ -88,8 +87,8 @@ class Ability
def anonymous_abilities(subject)
if subject.respond_to?(:project)
ProjectPolicy.abilities(nil, subject.project)
- elsif subject.is_a?(Group) || subject.respond_to?(:group)
- anonymous_group_abilities(subject)
+ elsif subject.respond_to?(:group)
+ GroupPolicy.abilities(nil, subject.group)
elsif subject.is_a?(User)
anonymous_user_abilities
else
@@ -164,38 +163,6 @@ class Ability
ProjectPolicy.abilities(user, project).to_a
end
- def group_abilities(user, group)
- rules = []
- rules << :read_group if can_read_group?(user, group)
-
- owner = user.admin? || group.has_owner?(user)
- master = owner || group.has_master?(user)
-
- # Only group masters and group owners can create new projects
- if master
- rules += [
- :create_projects,
- :admin_milestones
- ]
- end
-
- # Only group owner and administrators can admin group
- if owner
- rules += [
- :admin_group,
- :admin_namespace,
- :admin_group_member,
- :change_visibility_level
- ]
- end
-
- if group.public? || (group.internal? && !user.external?)
- rules << :request_access if group.request_access_enabled && group.users.exclude?(user)
- end
-
- rules.flatten
- end
-
def can_read_group?(user, group)
return true if user.admin?
return true if group.public?
@@ -225,7 +192,7 @@ class Ability
group = subject.group
unless group.last_owner?(target_user)
- can_manage = group_abilities(user, group).include?(:admin_group_member)
+ can_manage = allowed?(user, :admin_group_member, group)
if can_manage
rules << :update_group_member
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-06 15:55:44 +0300