diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-11-18 16:16:36 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-11-18 16:16:36 +0300 |
| commit | 311b0269b4eb9839fa63f80c8d7a58f32b8138a0 (patch) | |
| tree | 07e7870bca8aed6d61fdcc810731c50d2c40af47 /app/policies/group_policy.rb | |
| parent | 27909cef6c4170ed9205afa7426b8d3de47cbb0c (diff) | |
Add latest changes from gitlab-org/gitlab@14-5-stable-eev14.5.0-rc42
Diffstat (limited to 'app/policies/group_policy.rb')
| -rw-r--r-- | app/policies/group_policy.rb | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index 64395f69c42..833d5b9bd34 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -75,6 +75,8 @@ class GroupPolicy < BasePolicy with_scope :subject condition(:has_project_with_service_desk_enabled) { @subject.has_project_with_service_desk_enabled? } + condition(:crm_enabled, score: 0, scope: :subject) { Feature.enabled?(:customer_relations, @subject) } + rule { can?(:read_group) & design_management_enabled }.policy do enable :read_design_activity end @@ -113,8 +115,8 @@ class GroupPolicy < BasePolicy enable :read_group_member enable :read_custom_emoji enable :read_counts - enable :read_organization - enable :read_contact + enable :read_crm_organization + enable :read_crm_contact end rule { ~public_group & ~has_access }.prevent :read_counts @@ -134,8 +136,8 @@ class GroupPolicy < BasePolicy enable :create_package enable :create_package_settings enable :developer_access - enable :admin_organization - enable :admin_contact + enable :admin_crm_organization + enable :admin_crm_contact end rule { reporter }.policy do @@ -252,6 +254,13 @@ class GroupPolicy < BasePolicy enable :read_label end + rule { ~crm_enabled }.policy do + prevent :read_crm_contact + prevent :read_crm_organization + prevent :admin_crm_contact + prevent :admin_crm_organization + end + def access_level(for_any_session: false) return GroupMember::NO_ACCESS if @user.nil? return GroupMember::NO_ACCESS unless user_is_user? |