Merge remote-tracking branch 'dev/security-2873-restrict-slash-commands-to-users-who-can-log-in'

author: John T Skarbek <jskarbek@gitlab.com> 2019-08-14 21:11:04 +0300
committer: John T Skarbek <jskarbek@gitlab.com> 2019-08-14 21:11:04 +0300
commit: 2b2efbc609a85093238ee3bec94358670021d0e5 (patch)
tree: 671ff737363c10b61e4a970e1c108319cc07e37d /app/policies
parent: affa81eb79ec0ca01a1a0c2733cc5cdffb3b9ff1 (diff)
parent: 7b52cff4896c8f681aea34fb273209400cf3e06e (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/app/policies/global_policy.rb b/app/policies/global_policy.rb
index 134de1c9ace..311aab0dcd4 100644
--- a/app/policies/global_policy.rb
+++ b/app/policies/global_policy.rb
@@ -33,6 +33,7 @@ class GlobalPolicy < BasePolicy
     enable :access_git
     enable :receive_notifications
     enable :use_quick_actions
+    enable :use_slash_commands
   end
 
   rule { blocked | internal }.policy do
@@ -40,6 +41,7 @@ class GlobalPolicy < BasePolicy
     prevent :access_api
     prevent :access_git
     prevent :receive_notifications
+    prevent :use_slash_commands
   end
 
   rule { required_terms_not_accepted }.policy do
@@ -57,6 +59,7 @@ class GlobalPolicy < BasePolicy
 
   rule { access_locked }.policy do
     prevent :log_in
+    prevent :use_slash_commands
   end
 
   rule { ~(anonymous & restricted_public_level) }.policy do
author	John T Skarbek <jskarbek@gitlab.com>	2019-08-14 21:11:04 +0300
committer	John T Skarbek <jskarbek@gitlab.com>	2019-08-14 21:11:04 +0300
commit	2b2efbc609a85093238ee3bec94358670021d0e5 (patch)
tree	671ff737363c10b61e4a970e1c108319cc07e37d /app/policies
parent	affa81eb79ec0ca01a1a0c2733cc5cdffb3b9ff1 (diff)
parent	7b52cff4896c8f681aea34fb273209400cf3e06e (diff)