diff options
| author | Pavel Shutsin <pshutsin@gitlab.com> | 2019-03-18 17:36:34 +0300 |
|---|---|---|
| committer | Pavel Shutsin <pshutsin@gitlab.com> | 2019-03-19 15:38:16 +0300 |
| commit | 8ee1927db90d43205b4e6f8bd13f209c74b41bd1 (patch) | |
| tree | 247e5f813947c1bdeb838e2776835208e6a7e2bc /app/policies/identity_provider_policy.rb | |
| parent | a4b18040778d7272bd8fbbb3746e199699ffd893 (diff) | |
Move out link\unlink ability checks to a policy
We can extend the policy in EE for additional behavior
Diffstat (limited to 'app/policies/identity_provider_policy.rb')
| -rw-r--r-- | app/policies/identity_provider_policy.rb | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/app/policies/identity_provider_policy.rb b/app/policies/identity_provider_policy.rb new file mode 100644 index 00000000000..d34cdd5bdd4 --- /dev/null +++ b/app/policies/identity_provider_policy.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +class IdentityProviderPolicy < BasePolicy + desc "Provider is SAML or CAS3" + condition(:protected_provider, scope: :subject, score: 0) { %w(saml cas3).include?(@subject.to_s) } + + rule { anonymous }.prevent_all + + rule { default }.policy do + enable :unlink + enable :link + end + + rule { protected_provider }.prevent(:unlink) +end |