diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-20 17:22:11 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-20 17:22:11 +0300 |
commit | 0c872e02b2c822e3397515ec324051ff540f0cd5 (patch) | |
tree | ce2fb6ce7030e4dad0f4118d21ab6453e5938cdd /app/policies/project_policy.rb | |
parent | f7e05a6853b12f02911494c4b3fe53d9540d74fc (diff) |
Add latest changes from gitlab-org/gitlab@15-7-stable-eev15.7.0-rc42
Diffstat (limited to 'app/policies/project_policy.rb')
-rw-r--r-- | app/policies/project_policy.rb | 35 |
1 files changed, 9 insertions, 26 deletions
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index bfeb1a602ab..7f67e80e432 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -2,7 +2,7 @@ class ProjectPolicy < BasePolicy include CrudPolicyHelpers - include ReadonlyAbilities + include ArchivedAbilities desc "Project has public builds enabled" condition(:public_builds, scope: :subject, score: 0) { project.public_builds? } @@ -121,7 +121,7 @@ class ProjectPolicy < BasePolicy desc "If user is authenticated via CI job token then the target project should be in scope" condition(:project_allowed_for_job_token) do - !@user&.from_ci_job_token? || @user.ci_job_token_scope.includes?(project) + !@user&.from_ci_job_token? || @user.ci_job_token_scope.allows?(project) end with_scope :subject @@ -369,29 +369,12 @@ class ProjectPolicy < BasePolicy prevent(:metrics_dashboard) end - condition(:split_operations_visibility_permissions) do - ::Feature.enabled?(:split_operations_visibility_permissions, @subject) - end - - rule { ~split_operations_visibility_permissions & operations_disabled }.policy do - prevent(*create_read_update_admin_destroy(:feature_flag)) - prevent(*create_read_update_admin_destroy(:environment)) - prevent(*create_read_update_admin_destroy(:sentry_issue)) - prevent(*create_read_update_admin_destroy(:alert_management_alert)) - prevent(*create_read_update_admin_destroy(:cluster)) - prevent(*create_read_update_admin_destroy(:terraform_state)) - prevent(*create_read_update_admin_destroy(:deployment)) - prevent(:metrics_dashboard) - prevent(:read_pod_logs) - prevent(:read_prometheus) - end - - rule { split_operations_visibility_permissions & environments_disabled }.policy do + rule { environments_disabled }.policy do prevent(*create_read_update_admin_destroy(:environment)) prevent(*create_read_update_admin_destroy(:deployment)) end - rule { split_operations_visibility_permissions & feature_flags_disabled }.policy do + rule { feature_flags_disabled }.policy do prevent(*create_read_update_admin_destroy(:feature_flag)) prevent(:admin_feature_flags_user_lists) prevent(:admin_feature_flags_client) @@ -401,13 +384,13 @@ class ProjectPolicy < BasePolicy prevent(*create_read_update_admin_destroy(:release)) end - rule { split_operations_visibility_permissions & monitor_disabled }.policy do + rule { monitor_disabled }.policy do prevent(:metrics_dashboard) prevent(*create_read_update_admin_destroy(:sentry_issue)) prevent(*create_read_update_admin_destroy(:alert_management_alert)) end - rule { split_operations_visibility_permissions & infrastructure_disabled }.policy do + rule { infrastructure_disabled }.policy do prevent(*create_read_update_admin_destroy(:terraform_state)) prevent(*create_read_update_admin_destroy(:cluster)) prevent(:read_pod_logs) @@ -552,15 +535,15 @@ class ProjectPolicy < BasePolicy rule { can?(:push_code) }.enable :admin_tag rule { archived }.policy do - prevent(*readonly_abilities) + prevent(*archived_abilities) - readonly_features.each do |feature| + archived_features.each do |feature| prevent(*create_update_admin(feature)) end end rule { archived & ~pending_delete }.policy do - readonly_features.each do |feature| + archived_features.each do |feature| prevent(:"destroy_#{feature}") end end |