blob: ecd83cceb8bc54b33f5bab427ba34a94c31232f0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
# frozen_string_literal: true
module Clusters
class AgentPolicy < BasePolicy
alias_method :cluster_agent, :subject
delegate { cluster_agent.project }
# This condition is more expensive than the same permission check in ProjectPolicy,
# so having a higher score.
condition(:ci_access_authorized_agent, score: 10) do
@subject.ci_access_authorized_for?(@user)
end
condition(:user_access_authorized_agent, score: 10) do
@subject.user_access_authorized_for?(@user)
end
rule { ci_access_authorized_agent | user_access_authorized_agent }.policy do
enable :read_cluster_agent
end
end
end
|