diff options
Diffstat (limited to 'app/policies')
-rw-r--r-- | app/policies/container_registry/referrer_policy.rb | 7 | ||||
-rw-r--r-- | app/policies/global_policy.rb | 4 | ||||
-rw-r--r-- | app/policies/organizations/organization_policy.rb | 8 | ||||
-rw-r--r-- | app/policies/project_policy.rb | 1 |
4 files changed, 19 insertions, 1 deletions
diff --git a/app/policies/container_registry/referrer_policy.rb b/app/policies/container_registry/referrer_policy.rb new file mode 100644 index 00000000000..96eb4c60c84 --- /dev/null +++ b/app/policies/container_registry/referrer_policy.rb @@ -0,0 +1,7 @@ +# frozen_string_literal: true + +module ContainerRegistry + class ReferrerPolicy < BasePolicy + delegate { @subject.tag } + end +end diff --git a/app/policies/global_policy.rb b/app/policies/global_policy.rb index 175f86c9673..85ddf61fbd4 100644 --- a/app/policies/global_policy.rb +++ b/app/policies/global_policy.rb @@ -15,6 +15,8 @@ class GlobalPolicy < BasePolicy @user&.required_terms_not_accepted? end + condition(:can_create_group_and_projects, scope: :user) { @user&.allow_user_to_create_group_and_project? } + condition(:password_expired, scope: :user) do @user&.password_expired_if_applicable? end @@ -90,6 +92,8 @@ class GlobalPolicy < BasePolicy enable :create_group end + rule { ~can_create_group_and_projects }.prevent :create_group + rule { can_create_organization }.policy do enable :create_organization end diff --git a/app/policies/organizations/organization_policy.rb b/app/policies/organizations/organization_policy.rb index d538b786f78..a203a58b164 100644 --- a/app/policies/organizations/organization_policy.rb +++ b/app/policies/organizations/organization_policy.rb @@ -3,6 +3,7 @@ module Organizations class OrganizationPolicy < BasePolicy condition(:organization_user) { @subject.user?(@user) } + condition(:organization_owner) { @subject.owner?(@user) } desc 'Organization is public' condition(:public_organization, scope: :subject, score: 0) { true } @@ -13,14 +14,19 @@ module Organizations rule { admin }.policy do enable :admin_organization + enable :create_group enable :read_organization enable :read_organization_user end - rule { organization_user }.policy do + rule { organization_owner }.policy do enable :admin_organization + end + + rule { organization_user }.policy do enable :read_organization enable :read_organization_user + enable :create_group end end end diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index 255538c538a..a26758974d6 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -914,6 +914,7 @@ class ProjectPolicy < BasePolicy rule { can?(:admin_project) }.policy do enable :read_usage_quotas + enable :view_edit_page end rule { can?(:project_bot_access) }.policy do |