diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-20 16:18:24 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-20 16:18:24 +0300 |
| commit | 0653e08efd039a5905f3fa4f6e9cef9f5d2f799c (patch) | |
| tree | 4dcc884cf6d81db44adae4aa99f8ec1233a41f55 /app/policies/group_policy.rb | |
| parent | 744144d28e3e7fddc117924fef88de5d9674fe4c (diff) | |
Add latest changes from gitlab-org/gitlab@14-3-stable-eev14.3.0-rc42
Diffstat (limited to 'app/policies/group_policy.rb')
| -rw-r--r-- | app/policies/group_policy.rb | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index 1d0aa54c1c0..7abffd2c352 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -89,6 +89,7 @@ class GroupPolicy < BasePolicy rule { guest }.policy do enable :read_group enable :upload_file + enable :guest_access end rule { admin }.policy do @@ -111,8 +112,13 @@ class GroupPolicy < BasePolicy enable :read_issue_board enable :read_group_member enable :read_custom_emoji + enable :read_counts + enable :read_organization + enable :read_contact end + rule { ~public_group & ~has_access }.prevent :read_counts + rule { ~can?(:read_group) }.policy do prevent :read_design_activity end @@ -127,6 +133,7 @@ class GroupPolicy < BasePolicy enable :create_custom_emoji enable :create_package enable :create_package_settings + enable :developer_access end rule { reporter }.policy do @@ -140,6 +147,7 @@ class GroupPolicy < BasePolicy enable :read_prometheus enable :read_package enable :read_package_settings + enable :admin_organization end rule { maintainer }.policy do @@ -155,6 +163,7 @@ class GroupPolicy < BasePolicy enable :read_deploy_token enable :create_jira_connect_subscription enable :update_runners_registration_token + enable :maintainer_access end rule { owner }.policy do @@ -170,6 +179,7 @@ class GroupPolicy < BasePolicy enable :update_default_branch_protection enable :create_deploy_token enable :destroy_deploy_token + enable :owner_access end rule { can?(:read_nested_project_resources) }.policy do @@ -223,8 +233,9 @@ class GroupPolicy < BasePolicy rule { dependency_proxy_access_allowed & dependency_proxy_available } .enable :read_dependency_proxy - rule { developer & dependency_proxy_available } - .enable :admin_dependency_proxy + rule { developer & dependency_proxy_available }.policy do + enable :admin_dependency_proxy + end rule { can?(:admin_group) & resource_access_token_feature_available }.policy do enable :read_resource_access_tokens |