Add latest changes from gitlab-org/gitlab@14-8-stable-eev14.8.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-02-18 12:45:46 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-02-18 12:45:46 +0300
commit: a7b3560714b4d9cc4ab32dffcd1f74a284b93580 (patch)
tree: 7452bd5c3545c2fa67a28aa013835fb4fa071baf /app/policies
parent: ee9173579ae56a3dbfe5afe9f9410c65bb327ca7 (diff)
6 files changed, 32 insertions, 4 deletions
diff --git a/app/policies/ci/project_pipelines_policy.rb b/app/policies/ci/project_pipelines_policy.rb
new file mode 100644
index 00000000000..aab1208a8fe
--- /dev/null
+++ b/app/policies/ci/project_pipelines_policy.rb
@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Ci
+  class ProjectPipelinesPolicy < BasePolicy
+    delegate { @subject.project }
+  end
+end
diff --git a/app/policies/ci/runner_policy.rb b/app/policies/ci/runner_policy.rb
index 43478cf36c2..bdbe7021276 100644
--- a/app/policies/ci/runner_policy.rb
+++ b/app/policies/ci/runner_policy.rb
@@ -11,6 +11,10 @@ module Ci
 
     rule { anonymous }.prevent_all
 
+    rule { admin }.policy do
+      enable :read_builds
+    end
+
     rule { admin | owned_runner }.policy do
       enable :assign_runner
       enable :read_runner
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb
index fee47fe0ae9..76e5b3ece53 100644
--- a/app/policies/group_policy.rb
+++ b/app/policies/group_policy.rb
@@ -100,6 +100,7 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy
     enable :read_group
     enable :upload_file
     enable :guest_access
+    enable :read_release
   end
 
   rule { admin }.policy do
@@ -144,6 +145,7 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy
     enable :developer_access
     enable :admin_crm_organization
     enable :admin_crm_contact
+    enable :read_cluster
   end
 
   rule { reporter }.policy do
@@ -166,7 +168,6 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy
     enable :create_projects
     enable :admin_pipeline
     enable :admin_build
-    enable :read_cluster
     enable :add_cluster
     enable :create_cluster
     enable :update_cluster
diff --git a/app/policies/note_policy.rb b/app/policies/note_policy.rb
index d9ea7c38f11..e85f18f2d37 100644
--- a/app/policies/note_policy.rb
+++ b/app/policies/note_policy.rb
@@ -16,7 +16,7 @@ class NotePolicy < BasePolicy
 
   condition(:for_design) { @subject.for_design? }
 
-  condition(:is_visible) { @subject.system_note_with_references_visible_for?(@user) }
+  condition(:is_visible) { @subject.system_note_visible_for?(@user) }
 
   condition(:confidential, scope: :subject) { @subject.confidential? }
 
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index 55f43cd9f7b..4cc5ed06d61 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -240,6 +240,7 @@ class ProjectPolicy < BasePolicy
     enable :read_wiki
     enable :read_issue
     enable :read_label
+    enable :read_planning_hierarchy
     enable :read_milestone
     enable :read_snippet
     enable :read_project_member
@@ -258,11 +259,13 @@ class ProjectPolicy < BasePolicy
 
   rule { can?(:reporter_access) & can?(:create_issue) }.enable :create_incident
 
-  rule { can?(:guest_access) & can?(:create_issue) }.policy do
+  rule { can?(:create_issue) }.policy do
     enable :create_task
     enable :create_work_item
   end
 
+  rule { can?(:update_issue) }.enable :update_work_item
+
   # These abilities are not allowed to admins that are not members of the project,
   # that's why they are defined separately.
   rule { guest & can?(:download_code) }.enable :build_download_code
@@ -385,6 +388,7 @@ class ProjectPolicy < BasePolicy
     enable :destroy_environment
     enable :create_deployment
     enable :update_deployment
+    enable :read_cluster
     enable :create_release
     enable :update_release
     enable :destroy_release
@@ -433,7 +437,6 @@ class ProjectPolicy < BasePolicy
     enable :read_pages
     enable :update_pages
     enable :remove_pages
-    enable :read_cluster
     enable :add_cluster
     enable :create_cluster
     enable :update_cluster
@@ -572,6 +575,7 @@ class ProjectPolicy < BasePolicy
     enable :read_issue_board_list
     enable :read_wiki
     enable :read_label
+    enable :read_planning_hierarchy
     enable :read_milestone
     enable :read_snippet
     enable :read_project_member
diff --git a/app/policies/work_item_policy.rb b/app/policies/work_item_policy.rb
new file mode 100644
index 00000000000..7ba5102a406
--- /dev/null
+++ b/app/policies/work_item_policy.rb
@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class WorkItemPolicy < BasePolicy
+  delegate { @subject.project }
+
+  desc 'User is author of the work item'
+  condition(:author) do
+    @user && @user == @subject.author
+  end
+
+  rule { can?(:owner_access) | author }.enable :delete_work_item
+end
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-02-18 12:45:46 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-02-18 12:45:46 +0300
commit	a7b3560714b4d9cc4ab32dffcd1f74a284b93580 (patch)
tree	7452bd5c3545c2fa67a28aa013835fb4fa071baf /app/policies
parent	ee9173579ae56a3dbfe5afe9f9410c65bb327ca7 (diff)