diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-07-19 17:16:28 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-07-19 17:16:28 +0300 |
commit | e4384360a16dd9a19d4d2d25d0ef1f2b862ed2a6 (patch) | |
tree | 2fcdfa7dcdb9db8f5208b2562f4b4e803d671243 /app/policies/project_policy.rb | |
parent | ffda4e7bcac36987f936b4ba515995a6698698f0 (diff) |
Add latest changes from gitlab-org/gitlab@16-2-stable-eev16.2.0-rc42
Diffstat (limited to 'app/policies/project_policy.rb')
-rw-r--r-- | app/policies/project_policy.rb | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index c70dc288710..ad6155258ab 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -253,12 +253,12 @@ class ProjectPolicy < BasePolicy !Gitlab.config.terraform_state.enabled end - condition(:create_runner_workflow_enabled) do - Feature.enabled?(:create_runner_workflow_for_namespace, project.namespace) - end - condition(:namespace_catalog_available) { namespace_catalog_available? } + condition(:created_and_owned_by_banned_user, scope: :subject) do + Feature.enabled?(:hide_projects_of_banned_users) && @subject.created_and_owned_by_banned_user? + end + # `:read_project` may be prevented in EE, but `:read_project_for_iids` should # not. rule { guest | admin }.enable :read_project_for_iids @@ -886,10 +886,6 @@ class ProjectPolicy < BasePolicy enable :read_code end - rule { ~create_runner_workflow_enabled }.policy do - prevent :create_runner - end - # Should be matched with GroupPolicy#read_internal_note rule { admin | can?(:reporter_access) }.enable :read_internal_note @@ -909,6 +905,14 @@ class ProjectPolicy < BasePolicy enable :read_model_experiments end + rule { can?(:reporter_access) & model_experiments_enabled }.policy do + enable :write_model_experiments + end + + rule { ~admin & created_and_owned_by_banned_user }.policy do + prevent :read_project + end + private def user_is_user? |