diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-11-17 14:33:21 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-11-17 14:33:21 +0300 |
commit | 7021455bd1ed7b125c55eb1b33c5a01f2bc55ee0 (patch) | |
tree | 5bdc2229f5198d516781f8d24eace62fc7e589e9 /app/policies/group_policy.rb | |
parent | 185b095e93520f96e9cfc31d9c3e69b498cdab7c (diff) |
Add latest changes from gitlab-org/gitlab@15-6-stable-eev15.6.0-rc42
Diffstat (limited to 'app/policies/group_policy.rb')
-rw-r--r-- | app/policies/group_policy.rb | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index 7a0fb10928a..806c57bab74 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -22,7 +22,7 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy condition(:share_with_group_locked, scope: :subject) { @subject.share_with_group_lock? } condition(:parent_share_with_group_locked, scope: :subject) { @subject.parent&.share_with_group_lock? } condition(:can_change_parent_share_with_group_lock) { can?(:change_share_with_group_lock, @subject.parent) } - condition(:migration_bot, scope: :user) { @user.migration_bot? } + condition(:migration_bot, scope: :user) { @user&.migration_bot? } condition(:can_read_group_member) { can_read_group_member? } desc "User is a project bot" @@ -283,6 +283,11 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy prevent :create_resource_access_tokens end + rule { can?(:admin_group_member) }.policy do + # ability to read, approve or reject member access requests of other users + enable :admin_member_access_request + end + rule { support_bot & has_project_with_service_desk_enabled }.policy do enable :read_label end |