Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/policies/project_policy.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/policies/project_policy.rb')
-rw-r--r--app/policies/project_policy.rb19
1 files changed, 15 insertions, 4 deletions
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index 2594310c498..54270dc186e 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -195,6 +195,8 @@ class ProjectPolicy < BasePolicy
with_scope :subject
condition(:packages_disabled) { !@subject.packages_enabled }
+ condition(:work_items_enabled, scope: :subject) { project&.work_items_feature_flag_enabled? }
+
features = %w[
merge_requests
issues
@@ -223,6 +225,10 @@ class ProjectPolicy < BasePolicy
Gitlab.config.registry.enabled
end
+ condition :packages_enabled do
+ Gitlab.config.packages.enabled
+ end
+
# `:read_project` may be prevented in EE, but `:read_project_for_iids` should
# not.
rule { guest | admin }.enable :read_project_for_iids
@@ -290,10 +296,9 @@ class ProjectPolicy < BasePolicy
rule { can?(:reporter_access) & can?(:create_issue) }.enable :create_incident
- rule { can?(:create_issue) }.policy do
- enable :create_task
- enable :create_work_item
- end
+ rule { can?(:create_issue) }.enable :create_work_item
+
+ rule { can?(:create_issue) & work_items_enabled }.enable :create_task
# These abilities are not allowed to admins that are not members of the project,
# that's why they are defined separately.
@@ -317,6 +322,7 @@ class ProjectPolicy < BasePolicy
enable :read_commit_status
enable :read_build
enable :read_container_image
+ enable :read_harbor_registry
enable :read_deploy_board
enable :read_pipeline
enable :read_pipeline_schedule
@@ -490,6 +496,7 @@ class ProjectPolicy < BasePolicy
enable :update_runners_registration_token
enable :admin_project_google_cloud
enable :admin_secure_files
+ enable :read_web_hooks
end
rule { public_project & metrics_dashboard_allowed }.policy do
@@ -792,6 +799,10 @@ class ProjectPolicy < BasePolicy
enable :view_package_registry_project_settings
end
+ rule { packages_enabled & can?(:admin_package) }.policy do
+ enable :view_package_registry_project_settings
+ end
+
private
def user_is_user?
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-31 05:55:56 +0300