Add latest changes from gitlab-org/security/gitlab@13-12-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-05-31 14:42:18 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-05-31 14:42:44 +0300
commit: 15c040a6bd71894260b66a90685070c0babfee76 (patch)
tree: 27021108f64428697744973cddaede55930f4ef7 /app/policies
parent: 6e4e4023b46c786a99e1cfe8832fa5eff2728e0d (diff)
2 files changed, 14 insertions, 0 deletions
diff --git a/app/policies/concerns/policy_actor.rb b/app/policies/concerns/policy_actor.rb
index cd19b46ad6c..08a26da6673 100644
--- a/app/policies/concerns/policy_actor.rb
+++ b/app/policies/concerns/policy_actor.rb
@@ -80,6 +80,10 @@ module PolicyActor
   def can_read_all_resources?
     false
   end
+
+  def password_expired?
+    false
+  end
 end
 
 PolicyActor.prepend_mod_with('PolicyActor')
diff --git a/app/policies/global_policy.rb b/app/policies/global_policy.rb
index 85263ec7c87..73757891cd6 100644
--- a/app/policies/global_policy.rb
+++ b/app/policies/global_policy.rb
@@ -15,6 +15,10 @@ class GlobalPolicy < BasePolicy
     @user&.required_terms_not_accepted?
   end
 
+  condition(:password_expired, scope: :user) do
+    @user&.password_expired?
+  end
+
   condition(:project_bot, scope: :user) { @user&.project_bot? }
   condition(:migration_bot, scope: :user) { @user&.migration_bot? }
 
@@ -73,6 +77,12 @@ class GlobalPolicy < BasePolicy
     prevent :access_git
   end
 
+  rule { password_expired }.policy do
+    prevent :access_api
+    prevent :access_git
+    prevent :use_slash_commands
+  end
+
   rule { can_create_group }.policy do
     enable :create_group
   end
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-05-31 14:42:18 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-05-31 14:42:44 +0300
commit	15c040a6bd71894260b66a90685070c0babfee76 (patch)
tree	27021108f64428697744973cddaede55930f4ef7 /app/policies
parent	6e4e4023b46c786a99e1cfe8832fa5eff2728e0d (diff)