Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/models/ability.rb
diff options
context:
space:
mode:
authorhttp://jneen.net/ <jneen@jneen.net>2016-08-18 19:52:35 +0300
committerhttp://jneen.net/ <jneen@jneen.net>2016-08-30 21:39:22 +0300
commit5019185edd7718b262eb5ae94f21763f230f0557 (patch)
tree87fe3b1d6ed440dc4d0ef09138010e801cdaac5a /app/models/ability.rb
parent29059c2e9c7be418d2a99a136934c6d9cca5fccd (diff)
port runners, namespaces, group/project_members
Diffstat (limited to 'app/models/ability.rb')
-rw-r--r--app/models/ability.rb58
1 files changed, 0 insertions, 58 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 794fb1223e3..7c4210f0706 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -73,12 +73,8 @@ class Ability
def abilities_by_subject_class(user:, subject:)
case subject
- when Namespace then namespace_abilities(user, subject)
- when GroupMember then group_member_abilities(user, subject)
- when ProjectMember then project_member_abilities(user, subject)
when User then user_abilities
when ExternalIssue, Deployment, Environment then project_abilities(user, subject.project)
- when Ci::Runner then runner_abilities(user, subject)
else []
end + global_abilities(user)
end
@@ -112,48 +108,6 @@ class Ability
ProjectPolicy.abilities(user, project).to_a
end
- def can_read_group?(user, group)
- return true if user.admin?
- return true if group.public?
- return true if group.internal? && !user.external?
- return true if group.users.include?(user)
-
- GroupProjectsFinder.new(group).execute(user).any?
- end
-
- def namespace_abilities(user, namespace)
- rules = []
-
- # Only namespace owner and administrators can admin it
- if namespace.owner == user || user.admin?
- rules += [
- :create_projects,
- :admin_namespace
- ]
- end
-
- rules.flatten
- end
-
- def group_member_abilities(user, subject)
- rules = []
- target_user = subject.user
- group = subject.group
-
- unless group.last_owner?(target_user)
- can_manage = allowed?(user, :admin_group_member, group)
-
- if can_manage
- rules << :update_group_member
- rules << :destroy_group_member
- elsif user == target_user
- rules << :destroy_group_member
- end
- end
-
- rules
- end
-
def project_member_abilities(user, subject)
rules = []
target_user = subject.user
@@ -182,18 +136,6 @@ class Ability
rules
end
- def runner_abilities(user, runner)
- if user.is_admin?
- [:assign_runner]
- elsif runner.is_shared? || runner.locked?
- []
- elsif user.ci_authorized_runners.include?(runner)
- [:assign_runner]
- else
- []
- end
- end
-
def user_abilities
[:read_user]
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 20:18:42 +0300