Welcome to mirror list, hosted at ThFree Co, Russian Federation.

release_policy.rb « policies « app - gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/policies/release_policy.rb
blob: 6f99eb34bb3b1e8ec7332f18dba5a0df59fa95d0 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

# frozen_string_literal: true

class ReleasePolicy < BasePolicy
  delegate { @subject.project }

  condition(:protected_tag) do
    access = ::Gitlab::UserAccess.new(@user, container: @subject.project)

    !access.can_create_tag?(@subject.tag)
  end

  condition(:respect_protected_tag) do
    ::Feature.enabled?(:evalute_protected_tag_for_release_permissions, @subject.project, default_enabled: :yaml)
  end

  condition(:project_developer) do
    can?(:developer_access, @subject.project)
  end

  rule { respect_protected_tag & protected_tag }.policy do
    prevent :create_release
    prevent :update_release
    prevent :destroy_release
  end

  # NOTE: Developer role (or above) can create, update and destroy release entries.
  # When we remove the `evalute_protected_tag_for_release_permissions` feature flag,
  # we should move `enable :destroy_release` to ProjectPolicy alongside with .
  # See https://gitlab.com/gitlab-org/gitlab/-/issues/327505 for more information.
  rule { respect_protected_tag & project_developer }.policy do
    enable :destroy_release
  end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-27 12:17:44 +0300