diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-09-30 00:08:27 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-09-30 00:08:27 +0300 |
commit | 836ddfc35d1778675b3bd6d51f51972f36a96bbe (patch) | |
tree | bc1c0247c76a2cbdbab94b3884bc040b179f41fe /app/policies/todo_policy.rb | |
parent | 488e1b59feb4314b034636990bcc4e220e61f0ce (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/policies/todo_policy.rb')
-rw-r--r-- | app/policies/todo_policy.rb | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/app/policies/todo_policy.rb b/app/policies/todo_policy.rb index 6237fbc50fa..5c24964f24a 100644 --- a/app/policies/todo_policy.rb +++ b/app/policies/todo_policy.rb @@ -5,10 +5,25 @@ class TodoPolicy < BasePolicy condition(:own_todo) do @user && @subject.user_id == @user.id end + + desc "User can read the todo's target" condition(:can_read_target) do @user && @subject.target&.readable_by?(@user) end + desc "Todo has confidential note" + condition(:has_confidential_note, scope: :subject) { @subject&.note&.confidential? } + + desc "User can read the todo's confidential note" + condition(:can_read_todo_confidential_note) do + @user && @user.can?(:read_confidential_notes, @subject.target) + end + rule { own_todo & can_read_target }.enable :read_todo - rule { own_todo & can_read_target }.enable :update_todo + rule { can?(:read_todo) }.enable :update_todo + + rule { has_confidential_note & ~can_read_todo_confidential_note }.policy do + prevent :read_todo + prevent :update_todo + end end |