Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/policies/project_policy.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/policies/project_policy.rb')
-rw-r--r--app/policies/project_policy.rb35
1 files changed, 17 insertions, 18 deletions
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index 8df4fc5e88c..f87c72007ec 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -147,6 +147,10 @@ class ProjectPolicy < BasePolicy
@user && @user.confirmed?
end
+ condition(:build_service_proxy_enabled) do
+ ::Feature.enabled?(:build_service_proxy, @subject)
+ end
+
features = %w[
merge_requests
issues
@@ -278,7 +282,6 @@ class ProjectPolicy < BasePolicy
rule { can?(:metrics_dashboard) }.policy do
enable :read_prometheus
- enable :read_environment
enable :read_deployment
end
@@ -429,27 +432,11 @@ class ProjectPolicy < BasePolicy
rule { builds_disabled | repository_disabled }.policy do
prevent(*create_read_update_admin_destroy(:build))
prevent(*create_read_update_admin_destroy(:pipeline_schedule))
+ prevent(*create_read_update_admin_destroy(:environment))
prevent(*create_read_update_admin_destroy(:cluster))
prevent(*create_read_update_admin_destroy(:deployment))
end
- # Enabling `read_environment` specifically for the condition of `metrics_dashboard_allowed` is
- # necessary due to the route for metrics dashboard requiring an environment id.
- # This will be addressed in https://gitlab.com/gitlab-org/gitlab/-/issues/213833 when
- # environments and metrics are decoupled and these rules will be removed.
-
- rule { (builds_disabled | repository_disabled) & ~metrics_dashboard_allowed}.policy do
- prevent(*create_read_update_admin_destroy(:environment))
- end
-
- rule { (builds_disabled | repository_disabled) & metrics_dashboard_allowed}.policy do
- prevent :create_environment
- prevent :update_environment
- prevent :admin_environment
- prevent :destroy_environment
- enable :read_environment
- end
-
# There's two separate cases when builds_disabled is true:
# 1. When internal CI is disabled - builds_disabled && internal_builds_disabled
# - We do not prevent the user from accessing Pipelines to allow them to access external CI
@@ -577,6 +564,18 @@ class ProjectPolicy < BasePolicy
enable :read_project
end
+ rule { can?(:create_pipeline) & can?(:maintainer_access) }.enable :create_web_ide_terminal
+
+ rule { build_service_proxy_enabled }.enable :build_service_proxy_enabled
+
+ rule { can?(:download_code) }.policy do
+ enable :read_repository_graphs
+ end
+
+ rule { can?(:read_build) & can?(:read_pipeline) }.policy do
+ enable :read_build_report_results
+ end
+
private
def team_member?
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-14 13:20:05 +0300