diff options
Diffstat (limited to 'app/policies/ci/pipeline_policy.rb')
-rw-r--r-- | app/policies/ci/pipeline_policy.rb | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/app/policies/ci/pipeline_policy.rb b/app/policies/ci/pipeline_policy.rb index 4d21da0226b..1d60b1e79de 100644 --- a/app/policies/ci/pipeline_policy.rb +++ b/app/policies/ci/pipeline_policy.rb @@ -18,6 +18,10 @@ module Ci @subject.triggered_by?(@user) end + condition(:project_allows_read_dependency) do + can?(:read_dependency, @subject.project) + end + # Disallow users without permissions from accessing internal pipelines rule { ~can?(:read_build) & ~external_pipeline }.policy do prevent :read_pipeline @@ -41,6 +45,10 @@ module Ci enable :read_pipeline_variable end + rule { project_allows_read_dependency }.policy do + enable :read_dependency + end + def ref_protected?(user, project, tag, ref) access = ::Gitlab::UserAccess.new(user, container: project) |