Add latest changes from gitlab-org/gitlab@16-0-stable-eev16.0.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2023-05-17 19:05:49 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2023-05-17 19:05:49 +0300
commit: 43a25d93ebdabea52f99b05e15b06250cd8f07d7 (patch)
tree: dceebdc68925362117480a5d672bcff122fb625b /app/policies/clusters
parent: 20c84b99005abd1c82101dfeff264ac50d2df211 (diff)
2 files changed, 15 insertions, 0 deletions
diff --git a/app/policies/clusters/agent_policy.rb b/app/policies/clusters/agent_policy.rb
index 25e78c84802..ecd83cceb8b 100644
--- a/app/policies/clusters/agent_policy.rb
+++ b/app/policies/clusters/agent_policy.rb
@@ -5,5 +5,19 @@ module Clusters
     alias_method :cluster_agent, :subject
 
     delegate { cluster_agent.project }
+
+    # This condition is more expensive than the same permission check in ProjectPolicy,
+    # so having a higher score.
+    condition(:ci_access_authorized_agent, score: 10) do
+      @subject.ci_access_authorized_for?(@user)
+    end
+
+    condition(:user_access_authorized_agent, score: 10) do
+      @subject.user_access_authorized_for?(@user)
+    end
+
+    rule { ci_access_authorized_agent | user_access_authorized_agent }.policy do
+      enable :read_cluster_agent
+    end
   end
 end
diff --git a/app/policies/clusters/instance_policy.rb b/app/policies/clusters/instance_policy.rb
index 3c5ca4bf4e1..2781e943bae 100644
--- a/app/policies/clusters/instance_policy.rb
+++ b/app/policies/clusters/instance_policy.rb
@@ -9,6 +9,7 @@ module Clusters
       enable :update_cluster
       enable :admin_cluster
       enable :read_prometheus
+      enable :use_k8s_proxies
     end
   end
 end
author	GitLab Bot <gitlab-bot@gitlab.com>	2023-05-17 19:05:49 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2023-05-17 19:05:49 +0300
commit	43a25d93ebdabea52f99b05e15b06250cd8f07d7 (patch)
tree	dceebdc68925362117480a5d672bcff122fb625b /app/policies/clusters
parent	20c84b99005abd1c82101dfeff264ac50d2df211 (diff)