Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2023-09-21 12:10:54 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2023-09-21 12:10:54 +0300
commit: 7e29b8f3fcc32a6adcf735a5a9069de5d9d814d6 (patch)
tree: db9cd61369d239bf092628a8796395374f0c4468 /app/policies/achievements/user_achievement_policy.rb
parent: fccfc5332f11e87433ada819c2467713f2dbb8f3 (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/app/policies/achievements/user_achievement_policy.rb b/app/policies/achievements/user_achievement_policy.rb
index 05650a05490..2710c9c0a5b 100644
--- a/app/policies/achievements/user_achievement_policy.rb
+++ b/app/policies/achievements/user_achievement_policy.rb
@@ -5,8 +5,17 @@ module Achievements
     delegate { @subject.achievement.namespace }
     delegate { @subject.user }
 
+    condition(:user_is_owner) { @subject.user == @user }
+
     rule { can?(:read_user_profile) | can?(:admin_achievement) }.enable :read_user_achievement
 
-    rule { ~can?(:read_achievement) }.prevent :read_user_achievement
+    rule { user_is_owner }.enable :update_owned_user_achievement
+
+    rule { can?(:update_owned_user_achievement) }.enable :update_user_achievement
+
+    rule { ~can?(:read_achievement) }.policy do
+      prevent :read_user_achievement
+      prevent :update_user_achievement
+    end
   end
 end
author	GitLab Bot <gitlab-bot@gitlab.com>	2023-09-21 12:10:54 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2023-09-21 12:10:54 +0300
commit	7e29b8f3fcc32a6adcf735a5a9069de5d9d814d6 (patch)
tree	db9cd61369d239bf092628a8796395374f0c4468 /app/policies/achievements/user_achievement_policy.rb
parent	fccfc5332f11e87433ada819c2467713f2dbb8f3 (diff)