diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-11-19 11:27:35 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-11-19 11:27:35 +0300 |
commit | 7e9c479f7de77702622631cff2628a9c8dcbc627 (patch) | |
tree | c8f718a08e110ad7e1894510980d2155a6549197 /app/policies/group_policy.rb | |
parent | e852b0ae16db4052c1c567d9efa4facc81146e88 (diff) |
Add latest changes from gitlab-org/gitlab@13-6-stable-eev13.6.0-rc42
Diffstat (limited to 'app/policies/group_policy.rb')
-rw-r--r-- | app/policies/group_policy.rb | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index f9ec026a6d2..231843c5f23 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -46,6 +46,10 @@ class GroupPolicy < BasePolicy group_projects_for(user: @user, group: @subject, only_owned: false).any? { |p| p.design_management_enabled? } end + condition(:dependency_proxy_available) do + @subject.dependency_proxy_feature_available? + end + desc "Deploy token with read_package_registry scope" condition(:read_package_registry_deploy_token) do @user.is_a?(DeployToken) && @user.groups.include?(@subject) && @user.read_package_registry @@ -59,6 +63,9 @@ class GroupPolicy < BasePolicy with_scope :subject condition(:resource_access_token_available) { resource_access_token_available? } + with_scope :subject + condition(:has_project_with_service_desk_enabled) { @subject.has_project_with_service_desk_enabled? } + rule { design_management_enabled }.policy do enable :read_design_activity end @@ -94,6 +101,7 @@ class GroupPolicy < BasePolicy enable :read_label enable :read_board enable :read_group_member + enable :read_custom_emoji end rule { ~can?(:read_group) }.policy do @@ -107,6 +115,7 @@ class GroupPolicy < BasePolicy enable :create_metrics_dashboard_annotation enable :delete_metrics_dashboard_annotation enable :update_metrics_dashboard_annotation + enable :create_custom_emoji end rule { reporter }.policy do @@ -187,13 +196,24 @@ class GroupPolicy < BasePolicy rule { write_package_registry_deploy_token }.policy do enable :create_package + enable :read_package enable :read_group end + rule { can?(:read_group) & dependency_proxy_available } + .enable :read_dependency_proxy + + rule { developer & dependency_proxy_available } + .enable :admin_dependency_proxy + rule { resource_access_token_available & can?(:admin_group) }.policy do enable :admin_resource_access_tokens end + rule { support_bot & has_project_with_service_desk_enabled }.policy do + enable :read_label + end + def access_level return GroupMember::NO_ACCESS if @user.nil? return GroupMember::NO_ACCESS unless user_is_user? |