Commit c2dd4239 authored by http://jneen.net/'s avatar http://jneen.net/

short-circuit if there is no policy, and add :read_project check

parent 488e8e79
...@@ -76,10 +76,13 @@ class NotificationRecipient ...@@ -76,10 +76,13 @@ class NotificationRecipient
end end
def has_access? def has_access?
return false unless user.can?(:receive_notifications)
return true unless @read_ability
DeclarativePolicy.subject_scope do DeclarativePolicy.subject_scope do
return false unless user.can?(:receive_notifications)
return false if @project && !user.can?(:read_project, @project)
return true unless @read_ability
return true unless DeclarativePolicy.has_policy?(@target)
user.can?(@read_ability, @target) user.can?(@read_ability, @target)
end end
end end
......
...@@ -308,11 +308,7 @@ module NotificationRecipientService ...@@ -308,11 +308,7 @@ module NotificationRecipientService
end end
def read_ability def read_ability
@read_ability ||= @read_ability ||= :"read_#{target.class.model_name.name.underscore}"
case target
when Commit then nil
else :"read_#{target.class.model_name.name.underscore}"
end
end end
def subject def subject
......
...@@ -28,7 +28,12 @@ module DeclarativePolicy ...@@ -28,7 +28,12 @@ module DeclarativePolicy
subject = find_delegate(subject) subject = find_delegate(subject)
class_for_class(subject.class) class_for_class(subject.class) \
or raise "no policy for #{subject.class.name}"
end
def has_policy?(subject)
!class_for_class(subject.class).nil?
end end
private private
...@@ -51,9 +56,7 @@ module DeclarativePolicy ...@@ -51,9 +56,7 @@ module DeclarativePolicy
end end
end end
policy_class = subject_class.instance_variable_get(CLASS_CACHE_IVAR) subject_class.instance_variable_get(CLASS_CACHE_IVAR)
raise "no policy for #{subject.class.name}" if policy_class.nil?
policy_class
end end
def compute_class_for_class(subject_class) def compute_class_for_class(subject_class)
...@@ -71,6 +74,8 @@ module DeclarativePolicy ...@@ -71,6 +74,8 @@ module DeclarativePolicy
nil nil
end end
end end
nil
end end
def find_delegate(subject) def find_delegate(subject)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment