From 7320684c00ada153c0a9b102f8cf2db38367129a Mon Sep 17 00:00:00 2001
From: Dylan Griffith <dyl.griffith@gmail.com>
Date: Wed, 9 May 2018 16:41:15 +0200
Subject: Use can? policies for lib/api/runners.rb

---
 app/policies/ci/runner_policy.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'app/policies/ci')

diff --git a/app/policies/ci/runner_policy.rb b/app/policies/ci/runner_policy.rb
index 7dff8470e23..2908989b154 100644
--- a/app/policies/ci/runner_policy.rb
+++ b/app/policies/ci/runner_policy.rb
@@ -1,8 +1,5 @@
 module Ci
   class RunnerPolicy < BasePolicy
-    with_options scope: :subject, score: 0
-    condition(:shared) { @subject.is_shared? }
-
     with_options scope: :subject, score: 0
     condition(:locked, scope: :subject) { @subject.locked? }
 
@@ -10,7 +7,10 @@ module Ci
 
     rule { anonymous }.prevent_all
     rule { admin | authorized_runner }.enable :assign_runner
-    rule { ~admin & shared }.prevent :assign_runner
+    rule { admin | authorized_runner }.enable :read_runner
+    rule { admin | authorized_runner }.enable :update_runner
+    rule { admin | authorized_runner }.enable :delete_runner
+    rule { admin | authorized_runner }.enable :list_runner_jobs
     rule { ~admin & locked }.prevent :assign_runner
   end
 end
-- 
cgit v1.2.3


From 18821b157dbf3a73637ab741e8154b5133ce0e72 Mon Sep 17 00:00:00 2001
From: Dylan Griffith <dyl.griffith@gmail.com>
Date: Wed, 9 May 2018 16:59:59 +0200
Subject: Improve efficiency of authorized_runner policy query

---
 app/policies/ci/runner_policy.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/policies/ci')

diff --git a/app/policies/ci/runner_policy.rb b/app/policies/ci/runner_policy.rb
index 2908989b154..82d8e86ae05 100644
--- a/app/policies/ci/runner_policy.rb
+++ b/app/policies/ci/runner_policy.rb
@@ -3,7 +3,7 @@ module Ci
     with_options scope: :subject, score: 0
     condition(:locked, scope: :subject) { @subject.locked? }
 
-    condition(:authorized_runner) { @user.ci_authorized_runners.include?(@subject) }
+    condition(:authorized_runner) { @user.ci_authorized_runners.exists?(@subject.id) }
 
     rule { anonymous }.prevent_all
     rule { admin | authorized_runner }.enable :assign_runner
-- 
cgit v1.2.3


From c3f9d80a6e0950361e056ded4107015d3923f56d Mon Sep 17 00:00:00 2001
From: Dylan Griffith <dyl.griffith@gmail.com>
Date: Thu, 10 May 2018 14:42:55 +0200
Subject: Rename User#ci_authorized_runners -> ci_owned_runners

---
 app/policies/ci/runner_policy.rb | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'app/policies/ci')

diff --git a/app/policies/ci/runner_policy.rb b/app/policies/ci/runner_policy.rb
index 82d8e86ae05..61912696e88 100644
--- a/app/policies/ci/runner_policy.rb
+++ b/app/policies/ci/runner_policy.rb
@@ -3,14 +3,14 @@ module Ci
     with_options scope: :subject, score: 0
     condition(:locked, scope: :subject) { @subject.locked? }
 
-    condition(:authorized_runner) { @user.ci_authorized_runners.exists?(@subject.id) }
+    condition(:owned_runner) { @user.ci_owned_runners.exists?(@subject.id) }
 
     rule { anonymous }.prevent_all
-    rule { admin | authorized_runner }.enable :assign_runner
-    rule { admin | authorized_runner }.enable :read_runner
-    rule { admin | authorized_runner }.enable :update_runner
-    rule { admin | authorized_runner }.enable :delete_runner
-    rule { admin | authorized_runner }.enable :list_runner_jobs
+    rule { admin | owned_runner }.enable :assign_runner
+    rule { admin | owned_runner }.enable :read_runner
+    rule { admin | owned_runner }.enable :update_runner
+    rule { admin | owned_runner }.enable :delete_runner
+    rule { admin | owned_runner  }.enable :list_runner_jobs
     rule { ~admin & locked }.prevent :assign_runner
   end
 end
-- 
cgit v1.2.3


From 8583e4a1478ffe94dfd75c51c8480b323cada6df Mon Sep 17 00:00:00 2001
From: Dylan Griffith <dyl.griffith@gmail.com>
Date: Thu, 10 May 2018 14:53:24 +0200
Subject: Change policy list_runner_jobs -> read_runner

---
 app/policies/ci/runner_policy.rb | 1 -
 1 file changed, 1 deletion(-)

(limited to 'app/policies/ci')

diff --git a/app/policies/ci/runner_policy.rb b/app/policies/ci/runner_policy.rb
index 61912696e88..4649dc645ba 100644
--- a/app/policies/ci/runner_policy.rb
+++ b/app/policies/ci/runner_policy.rb
@@ -10,7 +10,6 @@ module Ci
     rule { admin | owned_runner }.enable :read_runner
     rule { admin | owned_runner }.enable :update_runner
     rule { admin | owned_runner }.enable :delete_runner
-    rule { admin | owned_runner  }.enable :list_runner_jobs
     rule { ~admin & locked }.prevent :assign_runner
   end
 end
-- 
cgit v1.2.3


From 1cfa5ed07065f04531900fe0931deaaaef3e69d2 Mon Sep 17 00:00:00 2001
From: Dylan Griffith <dyl.griffith@gmail.com>
Date: Wed, 16 May 2018 09:56:28 +0200
Subject: Refactor out duplication in runner_policy.rb

---
 app/policies/ci/runner_policy.rb | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'app/policies/ci')

diff --git a/app/policies/ci/runner_policy.rb b/app/policies/ci/runner_policy.rb
index 4649dc645ba..895abe87d86 100644
--- a/app/policies/ci/runner_policy.rb
+++ b/app/policies/ci/runner_policy.rb
@@ -6,10 +6,14 @@ module Ci
     condition(:owned_runner) { @user.ci_owned_runners.exists?(@subject.id) }
 
     rule { anonymous }.prevent_all
-    rule { admin | owned_runner }.enable :assign_runner
-    rule { admin | owned_runner }.enable :read_runner
-    rule { admin | owned_runner }.enable :update_runner
-    rule { admin | owned_runner }.enable :delete_runner
+
+    rule { admin | owned_runner }.policy do
+      enable :assign_runner
+      enable :read_runner
+      enable :update_runner
+      enable :delete_runner
+    end
+
     rule { ~admin & locked }.prevent :assign_runner
   end
 end
-- 
cgit v1.2.3