diff options
Diffstat (limited to 'app/policies')
-rw-r--r-- | app/policies/ci/build_policy.rb | 8 | ||||
-rw-r--r-- | app/policies/ci/pipeline_policy.rb | 8 |
2 files changed, 11 insertions, 5 deletions
diff --git a/app/policies/ci/build_policy.rb b/app/policies/ci/build_policy.rb index a886efc1360..129ed756477 100644 --- a/app/policies/ci/build_policy.rb +++ b/app/policies/ci/build_policy.rb @@ -1,13 +1,11 @@ module Ci class BuildPolicy < CommitStatusPolicy - condition(:protected_action) do - next false unless @subject.action? - + condition(:user_cannot_update) do !::Gitlab::UserAccess .new(@user, project: @subject.project) - .can_merge_to_branch?(@subject.ref) + .can_push_or_merge_to_branch?(@subject.ref) end - rule { protected_action }.prevent :update_build + rule { user_cannot_update }.prevent :update_build end end diff --git a/app/policies/ci/pipeline_policy.rb b/app/policies/ci/pipeline_policy.rb index a2dde95dbc8..8dba28b8d97 100644 --- a/app/policies/ci/pipeline_policy.rb +++ b/app/policies/ci/pipeline_policy.rb @@ -1,5 +1,13 @@ module Ci class PipelinePolicy < BasePolicy delegate { @subject.project } + + condition(:user_cannot_update) do + !::Gitlab::UserAccess + .new(@user, project: @subject.project) + .can_push_or_merge_to_branch?(@subject.ref) + end + + rule { user_cannot_update }.prevent :update_pipeline end end |