blob: f61f758a8e8540598fbf396a5bcc397467c0fb1d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
# frozen_string_literal: true
class GroupMemberPolicy < BasePolicy
include MemberPolicyHelpers
delegate :group
with_scope :subject
condition(:last_owner) { @subject.group.member_last_owner?(@subject) || @subject.group.member_last_blocked_owner?(@subject) }
condition(:project_bot) { @subject.user&.project_bot? && @subject.group.member?(@subject.user) }
desc "Membership is users' own"
with_score 0
condition(:target_is_self) { record_belongs_to_self? }
desc "Membership is users' own access request"
with_score 0
condition(:access_request_of_self) { record_is_access_request_of_self? }
rule { anonymous }.policy do
prevent :update_group_member
prevent :destroy_group_member
end
rule { last_owner }.policy do
prevent :update_group_member
prevent :destroy_group_member
end
rule { ~project_bot & can?(:admin_group_member) }.policy do
enable :update_group_member
enable :destroy_group_member
end
rule { project_bot & can?(:admin_group_member) }.enable :destroy_project_bot_member
rule { target_is_self }.policy do
enable :destroy_group_member
end
rule { access_request_of_self }.policy do
enable :withdraw_member_access_request
end
end
GroupMemberPolicy.prepend_mod_with('GroupMemberPolicy')
|
