diff options
author | Timothy Andrew <mail@timothyandrew.net> | 2017-02-05 21:54:19 +0300 |
---|---|---|
committer | Timothy Andrew <mail@timothyandrew.net> | 2017-02-05 22:47:33 +0300 |
commit | 2e0e2b22d65efddf21c03d8c0785281724675ece (patch) | |
tree | bbce365affa9e5f0abf8577f67ddf5007a763a24 /app/policies/project_policy.rb | |
parent | 4d11903dcf818342c4bde1af198eac7a45460318 (diff) |
Backport changes from gitlab-org/gitlab-ee!998
Some changes in EE for the auditor user feature need
to be backported to CE to avoid merge conflicts. This
commit encapsulates all these backports.
Diffstat (limited to 'app/policies/project_policy.rb')
-rw-r--r-- | app/policies/project_policy.rb | 47 |
1 files changed, 28 insertions, 19 deletions
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index 71ef8901932..be1c4d868ed 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -214,25 +214,7 @@ class ProjectPolicy < BasePolicy def anonymous_rules return unless project.public? - can! :read_project - can! :read_board - can! :read_list - can! :read_wiki - can! :read_label - can! :read_milestone - can! :read_project_snippet - can! :read_project_member - can! :read_merge_request - can! :read_note - can! :read_pipeline - can! :read_commit_status - can! :read_container_image - can! :download_code - can! :download_wiki_code - can! :read_cycle_analytics - - # NOTE: may be overridden by IssuePolicy - can! :read_issue + base_readonly_access! # Allow to read builds by anonymous user if guests are allowed can! :read_build if project.public_builds? @@ -265,4 +247,31 @@ class ProjectPolicy < BasePolicy :"admin_#{name}" ] end + + private + + # A base set of abilities for read-only users, which + # is then augmented as necessary for anonymous and other + # read-only users. + def base_readonly_access! + can! :read_project + can! :read_board + can! :read_list + can! :read_wiki + can! :read_label + can! :read_milestone + can! :read_project_snippet + can! :read_project_member + can! :read_merge_request + can! :read_note + can! :read_pipeline + can! :read_commit_status + can! :read_container_image + can! :download_code + can! :download_wiki_code + can! :read_cycle_analytics + + # NOTE: may be overridden by IssuePolicy + can! :read_issue + end end |