Block access to API & git when terms are enforced

When terms are enforced, but the user has not accepted the terms access to the API & git is rejected with a message directing the user to the web app to accept the terms.
author: Bob Van Landuyt <bob@vanlanduyt.co> 2018-05-08 16:07:55 +0300
committer: Bob Van Landuyt <bob@vanlanduyt.co> 2018-05-10 18:02:27 +0300
commit: f7f13f9db0da92c7b43481dfe5559f317711e533 (patch)
tree: 59359aecb555f844de1a81a0aebbd70336fbb8c1 /app/policies/global_policy.rb
parent: f667bbceaba7556d5fb2adadce4b7d170b914e8a (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/app/policies/global_policy.rb b/app/policies/global_policy.rb
index 64e550d19d0..e2736d3bb61 100644
--- a/app/policies/global_policy.rb
+++ b/app/policies/global_policy.rb
@@ -13,6 +13,10 @@ class GlobalPolicy < BasePolicy
 
   condition(:can_create_fork, scope: :user) { @user.manageable_namespaces.any? { |namespace| @user.can?(:create_projects, namespace) } }
 
+  condition(:required_terms_not_accepted, scope: :user, score: 0) do
+    @user&.required_terms_not_accepted?
+  end
+
   rule { anonymous }.policy do
     prevent :log_in
     prevent :access_api
@@ -38,6 +42,11 @@ class GlobalPolicy < BasePolicy
     prevent :use_quick_actions
   end
 
+  rule { required_terms_not_accepted }.policy do
+    prevent :access_api
+    prevent :access_git
+  end
+
   rule { can_create_group }.policy do
     enable :create_group
   end
author	Bob Van Landuyt <bob@vanlanduyt.co>	2018-05-08 16:07:55 +0300
committer	Bob Van Landuyt <bob@vanlanduyt.co>	2018-05-10 18:02:27 +0300
commit	f7f13f9db0da92c7b43481dfe5559f317711e533 (patch)
tree	59359aecb555f844de1a81a0aebbd70336fbb8c1 /app/policies/global_policy.rb
parent	f667bbceaba7556d5fb2adadce4b7d170b914e8a (diff)