diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-04-20 12:18:59 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-04-20 12:18:59 +0300 |
commit | c7eec01f1b68b2e047cdd709751cb695ab329933 (patch) | |
tree | 47609cd0e5f00afdd1532cf951f9c0055a125641 /app/policies | |
parent | 9b863f753f0320a95af1ff774cd0c1d4ec7d2754 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/policies')
-rw-r--r-- | app/policies/group_policy.rb | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index 1f8e003b09a..d84ba880e71 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -36,7 +36,20 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy condition(:request_access_enabled) { @subject.request_access_enabled } condition(:create_projects_disabled, scope: :subject) do - @subject.project_creation_level == ::Gitlab::Access::NO_ONE_PROJECT_ACCESS + next true if @user.nil? + + visibility_levels = if @user.can_admin_all_resources? + # admin can create projects even with restricted visibility levels + Gitlab::VisibilityLevel.values + else + Gitlab::VisibilityLevel.allowed_levels + end + + allowed_visibility_levels = visibility_levels.select do |level| + Project.new(namespace: @subject).visibility_level_allowed?(level) + end + + @subject.project_creation_level == ::Gitlab::Access::NO_ONE_PROJECT_ACCESS || allowed_visibility_levels.empty? end condition(:developer_maintainer_access, scope: :subject) do |