blob: 61c935af8badc42f1d7b88427d88c81c40086099 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
# frozen_string_literal: true
module Ci
class JobArtifactPolicy < BasePolicy
delegate { @subject.job.project }
condition(:public_access, scope: :subject) do
@subject.public_access?
end
condition(:can_read_project_build, scope: :subject) do
can?(:read_build, @subject.job.project)
end
condition(:has_access_to_project) do
can?(:developer_access, @subject.job.project)
end
rule { can_read_project_build }.enable :read_job_artifacts
rule { ~public_access & ~has_access_to_project }.prevent :read_job_artifacts
end
end
|