diff options
Diffstat (limited to 'app/policies/ci')
-rw-r--r-- | app/policies/ci/build_policy.rb | 8 | ||||
-rw-r--r-- | app/policies/ci/pipeline_policy.rb | 12 |
2 files changed, 15 insertions, 5 deletions
diff --git a/app/policies/ci/build_policy.rb b/app/policies/ci/build_policy.rb index 386822d3ff6..984e5482288 100644 --- a/app/policies/ci/build_policy.rb +++ b/app/policies/ci/build_policy.rb @@ -1,17 +1,15 @@ module Ci class BuildPolicy < CommitStatusPolicy - condition(:protected_action) do - next false unless @subject.action? - + condition(:protected_ref) do access = ::Gitlab::UserAccess.new(@user, project: @subject.project) if @subject.tag? !access.can_create_tag?(@subject.ref) else - !access.can_merge_to_branch?(@subject.ref) + !access.can_update_branch?(@subject.ref) end end - rule { protected_action }.prevent :update_build + rule { protected_ref }.prevent :update_build end end diff --git a/app/policies/ci/pipeline_policy.rb b/app/policies/ci/pipeline_policy.rb index a2dde95dbc8..4e689a9efd5 100644 --- a/app/policies/ci/pipeline_policy.rb +++ b/app/policies/ci/pipeline_policy.rb @@ -1,5 +1,17 @@ module Ci class PipelinePolicy < BasePolicy delegate { @subject.project } + + condition(:protected_ref) do + access = ::Gitlab::UserAccess.new(@user, project: @subject.project) + + if @subject.tag? + !access.can_create_tag?(@subject.ref) + else + !access.can_update_branch?(@subject.ref) + end + end + + rule { protected_ref }.prevent :update_pipeline end end |