diff options
author | Douwe Maan <douwe@gitlab.com> | 2018-02-23 12:14:14 +0300 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2018-02-23 12:14:14 +0300 |
commit | f4bc6ec92e2af0b6cfd64f9ff0ca683bf62820d1 (patch) | |
tree | 9e34a9a071d0c0c5900c0ba37927de4590fa23f9 /app/serializers/group_child_entity.rb | |
parent | 0a8aebcb550b705ec5987c6f905eaf5c5abb1cc1 (diff) | |
parent | 08266ba0a14ec296b51cda6b54d1648985a11adf (diff) |
Merge branch 'bvl-external-auth-port' into 'master'
Port `read_cross_project` ability from EE
See merge request gitlab-org/gitlab-ce!17208
Diffstat (limited to 'app/serializers/group_child_entity.rb')
-rw-r--r-- | app/serializers/group_child_entity.rb | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/app/serializers/group_child_entity.rb b/app/serializers/group_child_entity.rb index aca4e4ca488..15ec0f89bb2 100644 --- a/app/serializers/group_child_entity.rb +++ b/app/serializers/group_child_entity.rb @@ -11,9 +11,7 @@ class GroupChildEntity < Grape::Entity end expose :can_edit do |instance| - return false unless request.respond_to?(:current_user) - - can?(request.current_user, "admin_#{type}", instance) + can_edit? end expose :edit_path do |instance| @@ -83,4 +81,17 @@ class GroupChildEntity < Grape::Entity def markdown_description markdown_field(object, :description) end + + def can_edit? + return false unless request.respond_to?(:current_user) + + if project? + # Avoid checking rights for each project, as it might be expensive if the + # user cannot read cross project. + can?(request.current_user, :read_cross_project) && + can?(request.current_user, :admin_project, object) + else + can?(request.current_user, :admin_group, object) + end + end end |