diff options
Diffstat (limited to 'app/policies/group_policy.rb')
-rw-r--r-- | app/policies/group_policy.rb | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index 44393539327..96da0518dc0 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -59,6 +59,10 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy access_level(for_any_session: true) >= GroupMember::GUEST || valid_dependency_proxy_deploy_token end + condition(:observability_enabled) do + Feature.enabled?(:observability_group_tab, @subject) + end + desc "Deploy token with read_package_registry scope" condition(:read_package_registry_deploy_token) do @user.is_a?(DeployToken) && @user.groups.include?(@subject) && @user.read_package_registry @@ -82,10 +86,6 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy Feature.disabled?(:runner_registration_control) || Gitlab::CurrentSettings.valid_runner_registrars.include?('group') end - condition(:change_prevent_sharing_groups_outside_hierarchy_available) do - change_prevent_sharing_groups_outside_hierarchy_available? - end - rule { can?(:read_group) & design_management_enabled }.policy do enable :read_design_activity end @@ -196,6 +196,8 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy enable :set_note_created_at enable :set_emails_disabled + enable :change_prevent_sharing_groups_outside_hierarchy + enable :set_show_diff_preview_in_email enable :change_new_user_signups_cap enable :update_default_branch_protection enable :create_deploy_token @@ -204,10 +206,6 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy enable :owner_access end - rule { owner & change_prevent_sharing_groups_outside_hierarchy_available }.policy do - enable :change_prevent_sharing_groups_outside_hierarchy - end - rule { can?(:read_nested_project_resources) }.policy do enable :read_group_activity enable :read_group_issues @@ -299,6 +297,10 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy enable :destroy_resource_access_tokens end + rule { can?(:developer_access) & observability_enabled }.policy do + enable :read_observability + end + def access_level(for_any_session: false) return GroupMember::NO_ACCESS if @user.nil? return GroupMember::NO_ACCESS unless user_is_user? @@ -335,10 +337,6 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy def valid_dependency_proxy_deploy_token @user.is_a?(DeployToken) && @user&.valid_for_dependency_proxy? && @user&.has_access_to_group?(@subject) end - - def change_prevent_sharing_groups_outside_hierarchy_available? - true - end end GroupPolicy.prepend_mod_with('GroupPolicy') |