diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-04-21 02:50:22 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-04-21 02:50:22 +0300 |
commit | 9dc93a4519d9d5d7be48ff274127136236a3adb3 (patch) | |
tree | 70467ae3692a0e35e5ea56bcb803eb512a10bedb /app/policies/group_policy.rb | |
parent | 4b0f34b6d759d6299322b3a54453e930c6121ff0 (diff) |
Add latest changes from gitlab-org/gitlab@13-11-stable-eev13.11.0-rc43
Diffstat (limited to 'app/policies/group_policy.rb')
-rw-r--r-- | app/policies/group_policy.rb | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index 53286cf1fdf..fc24525ade7 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -61,7 +61,8 @@ class GroupPolicy < BasePolicy end with_scope :subject - condition(:resource_access_token_available) { resource_access_token_available? } + condition(:resource_access_token_feature_available) { resource_access_token_feature_available? } + condition(:resource_access_token_creation_allowed) { resource_access_token_creation_allowed? } with_scope :subject condition(:has_project_with_service_desk_enabled) { @subject.has_project_with_service_desk_enabled? } @@ -130,6 +131,7 @@ class GroupPolicy < BasePolicy enable :read_prometheus enable :read_package enable :read_package_settings + enable :read_group_timelogs end rule { maintainer }.policy do @@ -212,8 +214,14 @@ class GroupPolicy < BasePolicy rule { developer & dependency_proxy_available } .enable :admin_dependency_proxy - rule { resource_access_token_available & can?(:admin_group) }.policy do - enable :admin_resource_access_tokens + rule { can?(:admin_group) & resource_access_token_feature_available }.policy do + enable :read_resource_access_tokens + enable :destroy_resource_access_tokens + enable :admin_setting_to_allow_project_access_token_creation + end + + rule { resource_access_token_creation_allowed & can?(:read_resource_access_tokens) }.policy do + enable :create_resource_access_tokens end rule { support_bot & has_project_with_service_desk_enabled }.policy do @@ -241,9 +249,13 @@ class GroupPolicy < BasePolicy @subject end - def resource_access_token_available? + def resource_access_token_feature_available? true end + + def resource_access_token_creation_allowed? + resource_access_token_feature_available? && group.root_ancestor.namespace_settings.resource_access_token_creation_allowed? + end end GroupPolicy.prepend_if_ee('EE::GroupPolicy') |