diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-05-31 14:42:18 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-05-31 14:42:44 +0300 |
commit | 15c040a6bd71894260b66a90685070c0babfee76 (patch) | |
tree | 27021108f64428697744973cddaede55930f4ef7 /app | |
parent | 6e4e4023b46c786a99e1cfe8832fa5eff2728e0d (diff) |
Add latest changes from gitlab-org/security/gitlab@13-12-stable-ee
Diffstat (limited to 'app')
-rw-r--r-- | app/policies/concerns/policy_actor.rb | 4 | ||||
-rw-r--r-- | app/policies/global_policy.rb | 10 | ||||
-rw-r--r-- | app/serializers/member_entity.rb | 4 |
3 files changed, 17 insertions, 1 deletions
diff --git a/app/policies/concerns/policy_actor.rb b/app/policies/concerns/policy_actor.rb index cd19b46ad6c..08a26da6673 100644 --- a/app/policies/concerns/policy_actor.rb +++ b/app/policies/concerns/policy_actor.rb @@ -80,6 +80,10 @@ module PolicyActor def can_read_all_resources? false end + + def password_expired? + false + end end PolicyActor.prepend_mod_with('PolicyActor') diff --git a/app/policies/global_policy.rb b/app/policies/global_policy.rb index 85263ec7c87..73757891cd6 100644 --- a/app/policies/global_policy.rb +++ b/app/policies/global_policy.rb @@ -15,6 +15,10 @@ class GlobalPolicy < BasePolicy @user&.required_terms_not_accepted? end + condition(:password_expired, scope: :user) do + @user&.password_expired? + end + condition(:project_bot, scope: :user) { @user&.project_bot? } condition(:migration_bot, scope: :user) { @user&.migration_bot? } @@ -73,6 +77,12 @@ class GlobalPolicy < BasePolicy prevent :access_git end + rule { password_expired }.policy do + prevent :access_api + prevent :access_git + prevent :use_slash_commands + end + rule { can_create_group }.policy do enable :create_group end diff --git a/app/serializers/member_entity.rb b/app/serializers/member_entity.rb index 7559a03bd3b..5100a41638e 100644 --- a/app/serializers/member_entity.rb +++ b/app/serializers/member_entity.rb @@ -40,7 +40,9 @@ class MemberEntity < Grape::Entity expose :valid_level_roles, as: :valid_roles - expose :user, if: -> (member) { member.user.present? }, using: MemberUserEntity + expose :user, if: -> (member) { member.user.present? } do |member, options| + MemberUserEntity.represent(member.user, source: options[:source]) + end expose :invite, if: -> (member) { member.invite? } do expose :email do |member| |