blob: 85245528602f89e8108c5e4bc01bc4ba19a7239f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
module Ci
class BuildPolicy < CommitStatusPolicy
alias_method :build, :subject
def rules
super
# If we can't read build we should also not have that
# ability when looking at this in context of commit_status
%w[read create update admin].each do |rule|
cannot! :"#{rule}_commit_status" unless can? :"#{rule}_build"
end
if can?(:update_build) && !can_user_update?
cannot! :update_build
end
end
private
def can_user_update?
user_access.can_push_or_merge_to_branch?(build.ref)
end
def user_access
@user_access ||= ::Gitlab::UserAccess
.new(user, project: build.project)
end
end
end
|