Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/policies/project_policy.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/policies/project_policy.rb')
-rw-r--r--app/policies/project_policy.rb24
1 files changed, 18 insertions, 6 deletions
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index 3cb4644a60d..85547834a2e 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -51,11 +51,12 @@ class ProjectPolicy < BasePolicy
desc "Container registry is disabled"
condition(:container_registry_disabled, scope: :subject) do
- if ::Feature.enabled?(:read_container_registry_access_level, @subject&.namespace, default_enabled: :yaml)
- !access_allowed_to?(:container_registry)
- else
- !project.container_registry_enabled
- end
+ !access_allowed_to?(:container_registry)
+ end
+
+ desc "Container registry is enabled for everyone with access to the project"
+ condition(:container_registry_enabled_for_everyone_with_access, scope: :subject) do
+ project.container_registry_access_level == ProjectFeature::ENABLED
end
desc "Project has an external wiki"
@@ -158,6 +159,10 @@ class ProjectPolicy < BasePolicy
::Feature.enabled?(:build_service_proxy, @subject)
end
+ condition(:respect_protected_tag_for_release_permissions) do
+ ::Feature.enabled?(:evalute_protected_tag_for_release_permissions, @subject, default_enabled: :yaml)
+ end
+
condition(:user_defined_variables_allowed) do
!@subject.restrict_user_defined_variables?
end
@@ -297,10 +302,13 @@ class ProjectPolicy < BasePolicy
enable :guest_access
enable :build_download_code
- enable :build_read_container_image
enable :request_access
end
+ rule { container_registry_enabled_for_everyone_with_access & can?(:public_user_access) }.policy do
+ enable :build_read_container_image
+ end
+
rule { (can?(:public_user_access) | can?(:reporter_access)) & forking_allowed }.policy do
enable :fork_project
end
@@ -649,6 +657,10 @@ class ProjectPolicy < BasePolicy
rule { build_service_proxy_enabled }.enable :build_service_proxy_enabled
+ rule { respect_protected_tag_for_release_permissions & can?(:developer_access) }.policy do
+ enable :destroy_release
+ end
+
rule { can?(:download_code) }.policy do
enable :read_repository_graphs
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 20:39:18 +0300