Commit 3299c9b5 authored by Douglas Barbosa Alexandre's avatar Douglas Barbosa Alexandre

Merge branch 'ajk-group-member-policy' into 'master'

Fix overly aggressive prevent call

See merge request gitlab-org/gitlab!47455
parents 15c89699 90ca01af
......@@ -11,7 +11,10 @@ class GroupMemberPolicy < BasePolicy
condition(:is_target_user) { @user && @subject.user_id == @user.id }
rule { anonymous }.prevent_all
rule { last_owner }.prevent_all
rule { last_owner }.policy do
prevent :update_group_member
prevent :destroy_group_member
end
rule { can?(:admin_group_member) }.policy do
enable :update_group_member
......
---
title: Fix overly aggressive prevent call
merge_request: 47455
author:
type: fixed
......@@ -42,6 +42,7 @@ RSpec.describe GroupMemberPolicy do
it do
expect_disallowed(:destroy_group_member)
expect_disallowed(:update_group_member)
expect_allowed(:read_group)
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment