diff options
| author | http://jneen.net/ <jneen@jneen.net> | 2016-08-12 01:12:52 +0300 |
|---|---|---|
| committer | http://jneen.net/ <jneen@jneen.net> | 2016-08-30 21:35:06 +0300 |
| commit | e208765a92748086cacbc56225e827c8463750a5 (patch) | |
| tree | be9bb5c39c1b88cb3bab21d05c7a6a07398b4f7e /app/models/ability.rb | |
| parent | 5853c96b49010aaf33b85caeb94dfc18873d5656 (diff) | |
add policies, and factor out ProjectPolicy
Diffstat (limited to 'app/models/ability.rb')
| -rw-r--r-- | app/models/ability.rb | 35 |
1 files changed, 4 insertions, 31 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb index 891c5ba9276..4f0ffa09a1f 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -71,7 +71,7 @@ class Ability def abilities_by_subject_class(user:, subject:) case subject when CommitStatus then commit_status_abilities(user, subject) - when Project then project_abilities(user, subject) + when Project then ProjectPolicy.new(user, subject).abilities when Issue then issue_abilities(user, subject) when Note then note_abilities(user, subject) when ProjectSnippet then project_snippet_abilities(user, subject) @@ -85,7 +85,7 @@ class Ability when ExternalIssue, Deployment, Environment then project_abilities(user, subject.project) when Ci::Runner then runner_abilities(user, subject) else [] - end.concat(global_abilities(user)) + end + global_abilities(user) end # List of possible abilities for anonymous user @@ -193,35 +193,8 @@ class Ability end def project_abilities(user, project) - rules = [] - - # Push abilities on the users team role - rules.push(*project_team_rules(project.team, user)) - - owner = user.admin? || - project.owner == user || - (project.group && project.group.has_owner?(user)) - - if owner - rules.push(*project_owner_rules) - end - - if project.public? || (project.internal? && !user.external?) - rules.push(*public_project_rules) - - # Allow to read builds for internal projects - rules << :read_build if project.public_builds? - - unless owner || project.team.member?(user) || project_group_member?(project, user) - rules << :request_access if project.request_access_enabled - end - end - - if project.archived? - rules -= project_archived_rules - end - - rules - project_disabled_features_rules(project) + # temporary patch, deleteme before merge + ProjectPolicy.new(user, project).abilities.to_a end def project_team_rules(team, user) |