diff options
Diffstat (limited to 'app/policies/project_policy.rb')
-rw-r--r-- | app/policies/project_policy.rb | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index c70dc288710..ad6155258ab 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -253,12 +253,12 @@ class ProjectPolicy < BasePolicy !Gitlab.config.terraform_state.enabled end - condition(:create_runner_workflow_enabled) do - Feature.enabled?(:create_runner_workflow_for_namespace, project.namespace) - end - condition(:namespace_catalog_available) { namespace_catalog_available? } + condition(:created_and_owned_by_banned_user, scope: :subject) do + Feature.enabled?(:hide_projects_of_banned_users) && @subject.created_and_owned_by_banned_user? + end + # `:read_project` may be prevented in EE, but `:read_project_for_iids` should # not. rule { guest | admin }.enable :read_project_for_iids @@ -886,10 +886,6 @@ class ProjectPolicy < BasePolicy enable :read_code end - rule { ~create_runner_workflow_enabled }.policy do - prevent :create_runner - end - # Should be matched with GroupPolicy#read_internal_note rule { admin | can?(:reporter_access) }.enable :read_internal_note @@ -909,6 +905,14 @@ class ProjectPolicy < BasePolicy enable :read_model_experiments end + rule { can?(:reporter_access) & model_experiments_enabled }.policy do + enable :write_model_experiments + end + + rule { ~admin & created_and_owned_by_banned_user }.policy do + prevent :read_project + end + private def user_is_user? |