diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-17 14:59:07 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-17 14:59:07 +0300 |
commit | 8b573c94895dc0ac0e1d9d59cf3e8745e8b539ca (patch) | |
tree | 544930fb309b30317ae9797a9683768705d664c4 /app/policies/project_policy.rb | |
parent | 4b1de649d0168371549608993deac953eb692019 (diff) |
Add latest changes from gitlab-org/gitlab@13-7-stable-eev13.7.0-rc42
Diffstat (limited to 'app/policies/project_policy.rb')
-rw-r--r-- | app/policies/project_policy.rb | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index 13073ed68a1..403fb34803e 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -135,6 +135,10 @@ class ProjectPolicy < BasePolicy ::Feature.enabled?(:build_service_proxy, @subject) end + condition(:project_bot_is_member) do + user.project_bot? & team_member? + end + with_scope :subject condition(:packages_disabled) { !@subject.packages_enabled } @@ -147,6 +151,8 @@ class ProjectPolicy < BasePolicy builds pages metrics_dashboard + analytics + operations ] features.each do |f| @@ -211,6 +217,7 @@ class ProjectPolicy < BasePolicy enable :award_emoji enable :read_pages_content enable :read_release + enable :read_analytics end # These abilities are not allowed to admins that are not members of the project, @@ -272,6 +279,19 @@ class ProjectPolicy < BasePolicy prevent(:metrics_dashboard) end + rule { operations_disabled }.policy do + prevent(*create_read_update_admin_destroy(:feature_flag)) + prevent(*create_read_update_admin_destroy(:environment)) + prevent(*create_read_update_admin_destroy(:sentry_issue)) + prevent(*create_read_update_admin_destroy(:alert_management_alert)) + prevent(*create_read_update_admin_destroy(:cluster)) + prevent(*create_read_update_admin_destroy(:terraform_state)) + prevent(*create_read_update_admin_destroy(:deployment)) + prevent(:metrics_dashboard) + prevent(:read_pod_logs) + prevent(:read_prometheus) + end + rule { can?(:metrics_dashboard) }.policy do enable :read_prometheus enable :read_deployment @@ -424,6 +444,10 @@ class ProjectPolicy < BasePolicy prevent(*create_read_update_admin_destroy(:snippet)) end + rule { analytics_disabled }.policy do + prevent(:read_analytics) + end + rule { wiki_disabled }.policy do prevent(*create_read_update_admin_destroy(:wiki)) prevent(:download_wiki_code) @@ -494,6 +518,7 @@ class ProjectPolicy < BasePolicy enable :download_wiki_code enable :read_cycle_analytics enable :read_pages_content + enable :read_analytics # NOTE: may be overridden by IssuePolicy enable :read_issue @@ -594,6 +619,8 @@ class ProjectPolicy < BasePolicy enable :admin_resource_access_tokens end + rule { project_bot_is_member & ~blocked }.enable :bot_log_in + private def user_is_user? |