diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-07-02 03:07:53 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-07-02 03:07:53 +0300 |
commit | dc483c85ef1b3bcb8dee1fa269ced6e52f48c22c (patch) | |
tree | 8a1d7d84a460a2daf7ef17f1efc71cf27531ef71 /app/policies/release_policy.rb | |
parent | f8975b16d11afde69e398a8c607a27e0c05b48f9 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/policies/release_policy.rb')
-rw-r--r-- | app/policies/release_policy.rb | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/app/policies/release_policy.rb b/app/policies/release_policy.rb index d7f9e5d7445..6f99eb34bb3 100644 --- a/app/policies/release_policy.rb +++ b/app/policies/release_policy.rb @@ -2,4 +2,32 @@ class ReleasePolicy < BasePolicy delegate { @subject.project } + + condition(:protected_tag) do + access = ::Gitlab::UserAccess.new(@user, container: @subject.project) + + !access.can_create_tag?(@subject.tag) + end + + condition(:respect_protected_tag) do + ::Feature.enabled?(:evalute_protected_tag_for_release_permissions, @subject.project, default_enabled: :yaml) + end + + condition(:project_developer) do + can?(:developer_access, @subject.project) + end + + rule { respect_protected_tag & protected_tag }.policy do + prevent :create_release + prevent :update_release + prevent :destroy_release + end + + # NOTE: Developer role (or above) can create, update and destroy release entries. + # When we remove the `evalute_protected_tag_for_release_permissions` feature flag, + # we should move `enable :destroy_release` to ProjectPolicy alongside with . + # See https://gitlab.com/gitlab-org/gitlab/-/issues/327505 for more information. + rule { respect_protected_tag & project_developer }.policy do + enable :destroy_release + end end |