diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-04-29 11:23:17 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-04-29 11:23:24 +0300 |
commit | 2234b4382091add4dfe8d44f4e0764bf64ff8c5e (patch) | |
tree | 2e16ea43616574e4612223b7cdb70322ce914648 /app/policies | |
parent | 6c85cb2ff17cf4ea34372e84ef579734fd607cec (diff) |
Add latest changes from gitlab-org/security/gitlab@14-10-stable-ee
Diffstat (limited to 'app/policies')
-rw-r--r-- | app/policies/ci/pipeline_schedule_policy.rb | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/app/policies/ci/pipeline_schedule_policy.rb b/app/policies/ci/pipeline_schedule_policy.rb index 2ef5ffd6a5a..3a674bfef92 100644 --- a/app/policies/ci/pipeline_schedule_policy.rb +++ b/app/policies/ci/pipeline_schedule_policy.rb @@ -15,11 +15,14 @@ module Ci rule { can?(:create_pipeline) }.enable :play_pipeline_schedule rule { can?(:admin_pipeline) | (can?(:update_build) & owner_of_schedule) }.policy do - enable :update_pipeline_schedule enable :admin_pipeline_schedule enable :read_pipeline_schedule_variables end + rule { admin | (owner_of_schedule & can?(:update_build)) }.policy do + enable :update_pipeline_schedule + end + rule { can?(:admin_pipeline_schedule) & ~owner_of_schedule }.policy do enable :take_ownership_pipeline_schedule end |