diff options
Diffstat (limited to 'app/policies/base_policy.rb')
-rw-r--r-- | app/policies/base_policy.rb | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/app/policies/base_policy.rb b/app/policies/base_policy.rb index 18c23cbd13a..8f5c6957a20 100644 --- a/app/policies/base_policy.rb +++ b/app/policies/base_policy.rb @@ -21,10 +21,6 @@ class BasePolicy < DeclarativePolicy::Base with_options scope: :user, score: 0 condition(:deactivated) { @user&.deactivated? } - desc "User has access to all private groups & projects" - with_options scope: :user, score: 0 - condition(:full_private_access) { @user&.full_private_access? } - with_options scope: :user, score: 0 condition(:external_user) { @user.nil? || @user.external? } @@ -40,10 +36,12 @@ class BasePolicy < DeclarativePolicy::Base ::Gitlab::ExternalAuthorization.perform_check? end - rule { external_authorization_enabled & ~full_private_access }.policy do + rule { external_authorization_enabled & ~can?(:read_all_resources) }.policy do prevent :read_cross_project end + rule { admin }.enable :read_all_resources + rule { default }.enable :read_cross_project end |