diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-11 21:09:57 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-11 21:09:57 +0300 |
| commit | 3172281335efddd1078fa6c601f3ba8782f73192 (patch) | |
| tree | f26352ede418cecb20b3f08b6bd04c0d7830e231 /app/policies | |
| parent | a8704bd33cb36b4e7e88bb10d61265b8ad8a058c (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/policies')
| -rw-r--r-- | app/policies/base_policy.rb | 4 | ||||
| -rw-r--r-- | app/policies/concerns/policy_actor.rb | 4 | ||||
| -rw-r--r-- | app/policies/global_policy.rb | 2 |
3 files changed, 9 insertions, 1 deletions
diff --git a/app/policies/base_policy.rb b/app/policies/base_policy.rb index 580a348b408..51694ec7c50 100644 --- a/app/policies/base_policy.rb +++ b/app/policies/base_policy.rb @@ -25,6 +25,10 @@ class BasePolicy < DeclarativePolicy::Base with_options scope: :user, score: 0 condition(:support_bot) { @user&.support_bot? } + desc "User is security bot" + with_options scope: :user, score: 0 + condition(:security_bot) { @user&.security_bot? } + desc "User email is unconfirmed or user account is locked" with_options scope: :user, score: 0 condition(:inactive) { @user&.confirmation_required_on_sign_in? || @user&.access_locked? } diff --git a/app/policies/concerns/policy_actor.rb b/app/policies/concerns/policy_actor.rb index 7eca6f4c6c8..75849fb10c8 100644 --- a/app/policies/concerns/policy_actor.rb +++ b/app/policies/concerns/policy_actor.rb @@ -49,6 +49,10 @@ module PolicyActor false end + def security_bot? + false + end + def deactivated? false end diff --git a/app/policies/global_policy.rb b/app/policies/global_policy.rb index c9aa7f2567c..b5c1ec0181e 100644 --- a/app/policies/global_policy.rb +++ b/app/policies/global_policy.rb @@ -48,7 +48,7 @@ class GlobalPolicy < BasePolicy prevent :use_slash_commands end - rule { blocked | (internal & ~migration_bot) }.policy do + rule { blocked | (internal & ~migration_bot & ~security_bot) }.policy do prevent :access_git end |