Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/policies/group_policy.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/policies/group_policy.rb')
-rw-r--r--app/policies/group_policy.rb34
1 files changed, 33 insertions, 1 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb
index 5e252c8e564..a34217d90dd 100644
--- a/app/policies/group_policy.rb
+++ b/app/policies/group_policy.rb
@@ -1,6 +1,7 @@
# frozen_string_literal: true
class GroupPolicy < BasePolicy
+ include CrudPolicyHelpers
include FindGroupProjects
desc "Group is public"
@@ -42,15 +43,23 @@ class GroupPolicy < BasePolicy
@subject.subgroup_creation_level == ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS
end
+ desc "Group has wiki disabled"
+ condition(:wiki_disabled, score: 32) { !feature_available?(:wiki) }
+
rule { public_group }.policy do
enable :read_group
enable :read_package
+ enable :read_wiki
end
- rule { logged_in_viewable }.enable :read_group
+ rule { logged_in_viewable }.policy do
+ enable :read_group
+ enable :read_wiki
+ end
rule { guest }.policy do
enable :read_group
+ enable :read_wiki
enable :upload_file
end
@@ -78,10 +87,12 @@ class GroupPolicy < BasePolicy
enable :create_metrics_dashboard_annotation
enable :delete_metrics_dashboard_annotation
enable :update_metrics_dashboard_annotation
+ enable :create_wiki
end
rule { reporter }.policy do
enable :read_container_image
+ enable :download_wiki_code
enable :admin_label
enable :admin_list
enable :admin_issue
@@ -100,6 +111,7 @@ class GroupPolicy < BasePolicy
enable :destroy_deploy_token
enable :read_deploy_token
enable :create_deploy_token
+ enable :admin_wiki
end
rule { owner }.policy do
@@ -145,6 +157,11 @@ class GroupPolicy < BasePolicy
rule { maintainer & can?(:create_projects) }.enable :transfer_projects
+ rule { wiki_disabled }.policy do
+ prevent(*create_read_update_admin_destroy(:wiki))
+ prevent(:download_wiki_code)
+ end
+
def access_level
return GroupMember::NO_ACCESS if @user.nil?
@@ -154,6 +171,21 @@ class GroupPolicy < BasePolicy
def lookup_access_level!
@subject.max_member_access_for_user(@user)
end
+
+ # TODO: Extract this into a helper shared with ProjectPolicy, once we implement group-level features.
+ # https://gitlab.com/gitlab-org/gitlab/-/issues/208412
+ def feature_available?(feature)
+ return false unless feature == :wiki
+
+ case @subject.wiki_access_level
+ when ProjectFeature::DISABLED
+ false
+ when ProjectFeature::PRIVATE
+ admin? || access_level >= ProjectFeature.required_minimum_access_level(feature)
+ else
+ true
+ end
+ end
end
GroupPolicy.prepend_if_ee('EE::GroupPolicy')
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 10:40:21 +0300