Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/policies/project_policy.rb
diff options
context:
space:
mode:
authorSean McGivern <sean@gitlab.com>2017-07-24 13:35:54 +0300
committerSean McGivern <sean@gitlab.com>2017-07-24 18:58:04 +0300
commitccac2abeba419f16029c40f29063f1812c9e159c (patch)
tree975ca2e9f3fc91fae1ce0c775c8c267256fa7480 /app/policies/project_policy.rb
parentf81ed493e1f02e5a197df3e2df9c5e42cb09e7ff (diff)
Don't treat anonymous users as owners when group has pending invites
The `members` table can have entries where `user_id: nil`, because people can invite group members by email. We never want to include those as members, because it might cause confusion with the anonymous (logged out) user.
Diffstat (limited to 'app/policies/project_policy.rb')
-rw-r--r--app/policies/project_policy.rb3
1 files changed, 2 insertions, 1 deletions
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index d27bbf2948c..0133091db57 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -10,7 +10,8 @@ class ProjectPolicy < BasePolicy
desc "User is a project owner"
condition :owner do
- @user && project.owner == @user || (project.group && project.group.has_owner?(@user))
+ (project.owner.present? && project.owner == @user) ||
+ project.group&.has_owner?(@user)
end
desc "Project has public builds enabled"
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-20 12:56:42 +0300