Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/policies
diff options
context:
space:
mode:
Diffstat (limited to 'app/policies')
-rw-r--r--app/policies/container_registry/referrer_policy.rb7
-rw-r--r--app/policies/global_policy.rb4
-rw-r--r--app/policies/organizations/organization_policy.rb8
-rw-r--r--app/policies/project_policy.rb1
4 files changed, 19 insertions, 1 deletions
diff --git a/app/policies/container_registry/referrer_policy.rb b/app/policies/container_registry/referrer_policy.rb
new file mode 100644
index 00000000000..96eb4c60c84
--- /dev/null
+++ b/app/policies/container_registry/referrer_policy.rb
@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module ContainerRegistry
+ class ReferrerPolicy < BasePolicy
+ delegate { @subject.tag }
+ end
+end
diff --git a/app/policies/global_policy.rb b/app/policies/global_policy.rb
index 175f86c9673..85ddf61fbd4 100644
--- a/app/policies/global_policy.rb
+++ b/app/policies/global_policy.rb
@@ -15,6 +15,8 @@ class GlobalPolicy < BasePolicy
@user&.required_terms_not_accepted?
end
+ condition(:can_create_group_and_projects, scope: :user) { @user&.allow_user_to_create_group_and_project? }
+
condition(:password_expired, scope: :user) do
@user&.password_expired_if_applicable?
end
@@ -90,6 +92,8 @@ class GlobalPolicy < BasePolicy
enable :create_group
end
+ rule { ~can_create_group_and_projects }.prevent :create_group
+
rule { can_create_organization }.policy do
enable :create_organization
end
diff --git a/app/policies/organizations/organization_policy.rb b/app/policies/organizations/organization_policy.rb
index d538b786f78..a203a58b164 100644
--- a/app/policies/organizations/organization_policy.rb
+++ b/app/policies/organizations/organization_policy.rb
@@ -3,6 +3,7 @@
module Organizations
class OrganizationPolicy < BasePolicy
condition(:organization_user) { @subject.user?(@user) }
+ condition(:organization_owner) { @subject.owner?(@user) }
desc 'Organization is public'
condition(:public_organization, scope: :subject, score: 0) { true }
@@ -13,14 +14,19 @@ module Organizations
rule { admin }.policy do
enable :admin_organization
+ enable :create_group
enable :read_organization
enable :read_organization_user
end
- rule { organization_user }.policy do
+ rule { organization_owner }.policy do
enable :admin_organization
+ end
+
+ rule { organization_user }.policy do
enable :read_organization
enable :read_organization_user
+ enable :create_group
end
end
end
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index 255538c538a..a26758974d6 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -914,6 +914,7 @@ class ProjectPolicy < BasePolicy
rule { can?(:admin_project) }.policy do
enable :read_usage_quotas
+ enable :view_edit_page
end
rule { can?(:project_bot_access) }.policy do
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-09 06:18:26 +0300