From e8d2c2579383897a1dd7f9debd359abe8ae8373d Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Tue, 20 Jul 2021 09:55:51 +0000 Subject: Add latest changes from gitlab-org/gitlab@14-1-stable-ee --- app/policies/project_policy.rb | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) (limited to 'app/policies/project_policy.rb') diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index 3cb4644a60d..85547834a2e 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -51,11 +51,12 @@ class ProjectPolicy < BasePolicy desc "Container registry is disabled" condition(:container_registry_disabled, scope: :subject) do - if ::Feature.enabled?(:read_container_registry_access_level, @subject&.namespace, default_enabled: :yaml) - !access_allowed_to?(:container_registry) - else - !project.container_registry_enabled - end + !access_allowed_to?(:container_registry) + end + + desc "Container registry is enabled for everyone with access to the project" + condition(:container_registry_enabled_for_everyone_with_access, scope: :subject) do + project.container_registry_access_level == ProjectFeature::ENABLED end desc "Project has an external wiki" @@ -158,6 +159,10 @@ class ProjectPolicy < BasePolicy ::Feature.enabled?(:build_service_proxy, @subject) end + condition(:respect_protected_tag_for_release_permissions) do + ::Feature.enabled?(:evalute_protected_tag_for_release_permissions, @subject, default_enabled: :yaml) + end + condition(:user_defined_variables_allowed) do !@subject.restrict_user_defined_variables? end @@ -297,10 +302,13 @@ class ProjectPolicy < BasePolicy enable :guest_access enable :build_download_code - enable :build_read_container_image enable :request_access end + rule { container_registry_enabled_for_everyone_with_access & can?(:public_user_access) }.policy do + enable :build_read_container_image + end + rule { (can?(:public_user_access) | can?(:reporter_access)) & forking_allowed }.policy do enable :fork_project end @@ -649,6 +657,10 @@ class ProjectPolicy < BasePolicy rule { build_service_proxy_enabled }.enable :build_service_proxy_enabled + rule { respect_protected_tag_for_release_permissions & can?(:developer_access) }.policy do + enable :destroy_release + end + rule { can?(:download_code) }.policy do enable :read_repository_graphs end -- cgit v1.2.3