diff options
Diffstat (limited to 'app/policies/group_member_policy.rb')
-rw-r--r-- | app/policies/group_member_policy.rb | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/app/policies/group_member_policy.rb b/app/policies/group_member_policy.rb index f7a7286aba7..a394b63fc8e 100644 --- a/app/policies/group_member_policy.rb +++ b/app/policies/group_member_policy.rb @@ -5,6 +5,7 @@ class GroupMemberPolicy < BasePolicy with_scope :subject condition(:last_owner) { @subject.group.member_last_owner?(@subject) || @subject.group.member_last_blocked_owner?(@subject) } + condition(:project_bot) { @subject.user&.project_bot? && @subject.group.member?(@subject.user) } desc "Membership is users' own" with_score 0 @@ -20,11 +21,13 @@ class GroupMemberPolicy < BasePolicy prevent :destroy_group_member end - rule { can?(:admin_group_member) }.policy do + rule { ~project_bot & can?(:admin_group_member) }.policy do enable :update_group_member enable :destroy_group_member end + rule { project_bot & can?(:admin_group_member) }.enable :destroy_project_bot_member + rule { is_target_user }.policy do enable :destroy_group_member end |