diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-11-18 16:16:36 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-11-18 16:16:36 +0300 |
commit | 311b0269b4eb9839fa63f80c8d7a58f32b8138a0 (patch) | |
tree | 07e7870bca8aed6d61fdcc810731c50d2c40af47 /app/policies/project_policy.rb | |
parent | 27909cef6c4170ed9205afa7426b8d3de47cbb0c (diff) |
Add latest changes from gitlab-org/gitlab@14-5-stable-eev14.5.0-rc42
Diffstat (limited to 'app/policies/project_policy.rb')
-rw-r--r-- | app/policies/project_policy.rb | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index 87573c9ad13..d81db357162 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -47,6 +47,9 @@ class ProjectPolicy < BasePolicy desc "Project is archived" condition(:archived, scope: :subject, score: 0) { project.archived? } + desc "Project is in the process of being deleted" + condition(:pending_delete) { project.pending_delete? } + condition(:default_issues_tracker, scope: :subject) { project.default_issues_tracker? } desc "Container registry is disabled" @@ -248,7 +251,7 @@ class ProjectPolicy < BasePolicy enable :read_insights end - rule { can?(:guest_access) & can?(:create_issue) }.enable :create_incident + rule { can?(:reporter_access) & can?(:create_issue) }.enable :create_incident # These abilities are not allowed to admins that are not members of the project, # that's why they are defined separately. @@ -439,7 +442,7 @@ class ProjectPolicy < BasePolicy enable :destroy_freeze_period enable :admin_feature_flags_client enable :update_runners_registration_token - enable :manage_project_google_cloud + enable :admin_project_google_cloud end rule { public_project & metrics_dashboard_allowed }.policy do @@ -457,7 +460,13 @@ class ProjectPolicy < BasePolicy prevent(*readonly_abilities) readonly_features.each do |feature| - prevent(*create_update_admin_destroy(feature)) + prevent(*create_update_admin(feature)) + end + end + + rule { archived & ~pending_delete }.policy do + readonly_features.each do |feature| + prevent(:"destroy_#{feature}") end end |