Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
5019185e
Commit
5019185e
authored
Aug 18, 2016
by
http://jneen.net/
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
port runners, namespaces, group/project_members
parent
29059c2e
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
42 additions
and
58 deletions
+42
-58
app/models/ability.rb
app/models/ability.rb
+0
-58
app/policies/ci/runner_policy.rb
app/policies/ci/runner_policy.rb
+13
-0
app/policies/group_member_policy.rb
app/policies/group_member_policy.rb
+19
-0
app/policies/namespace_policy.rb
app/policies/namespace_policy.rb
+10
-0
No files found.
app/models/ability.rb
View file @
5019185e
...
...
@@ -73,12 +73,8 @@ class Ability
def
abilities_by_subject_class
(
user
:,
subject
:)
case
subject
when
Namespace
then
namespace_abilities
(
user
,
subject
)
when
GroupMember
then
group_member_abilities
(
user
,
subject
)
when
ProjectMember
then
project_member_abilities
(
user
,
subject
)
when
User
then
user_abilities
when
ExternalIssue
,
Deployment
,
Environment
then
project_abilities
(
user
,
subject
.
project
)
when
Ci
::
Runner
then
runner_abilities
(
user
,
subject
)
else
[]
end
+
global_abilities
(
user
)
end
...
...
@@ -112,48 +108,6 @@ class Ability
ProjectPolicy
.
abilities
(
user
,
project
).
to_a
end
def
can_read_group?
(
user
,
group
)
return
true
if
user
.
admin?
return
true
if
group
.
public?
return
true
if
group
.
internal?
&&
!
user
.
external?
return
true
if
group
.
users
.
include?
(
user
)
GroupProjectsFinder
.
new
(
group
).
execute
(
user
).
any?
end
def
namespace_abilities
(
user
,
namespace
)
rules
=
[]
# Only namespace owner and administrators can admin it
if
namespace
.
owner
==
user
||
user
.
admin?
rules
+=
[
:create_projects
,
:admin_namespace
]
end
rules
.
flatten
end
def
group_member_abilities
(
user
,
subject
)
rules
=
[]
target_user
=
subject
.
user
group
=
subject
.
group
unless
group
.
last_owner?
(
target_user
)
can_manage
=
allowed?
(
user
,
:admin_group_member
,
group
)
if
can_manage
rules
<<
:update_group_member
rules
<<
:destroy_group_member
elsif
user
==
target_user
rules
<<
:destroy_group_member
end
end
rules
end
def
project_member_abilities
(
user
,
subject
)
rules
=
[]
target_user
=
subject
.
user
...
...
@@ -182,18 +136,6 @@ class Ability
rules
end
def
runner_abilities
(
user
,
runner
)
if
user
.
is_admin?
[
:assign_runner
]
elsif
runner
.
is_shared?
||
runner
.
locked?
[]
elsif
user
.
ci_authorized_runners
.
include?
(
runner
)
[
:assign_runner
]
else
[]
end
end
def
user_abilities
[
:read_user
]
end
...
...
app/policies/ci/runner_policy.rb
0 → 100644
View file @
5019185e
module
Ci
class
RunnerPolicy
<
BasePolicy
def
rules
return
unless
@user
can!
:assign_runner
if
@user
.
is_admin?
return
if
@subject
.
is_shared?
||
@subject
.
locked?
can!
:assign_runner
if
@user
.
ci_authorized_runners
.
include?
(
@subject
)
end
end
end
app/policies/group_member_policy.rb
0 → 100644
View file @
5019185e
class
GroupMemberPolicy
<
BasePolicy
def
rules
return
unless
@user
target_user
=
@subject
.
user
group
=
@subject
.
group
return
if
group
.
last_owner?
(
target_user
)
can_manage
=
Ability
.
allowed?
(
@user
,
:admin_group_member
,
group
)
if
can_manage
can!
:update_group_member
can!
:destroy_group_member
elsif
@user
==
target_user
can!
:destroy_group_member
end
end
end
app/policies/namespace_policy.rb
0 → 100644
View file @
5019185e
class
NamespacePolicy
<
BasePolicy
def
rules
return
unless
@user
if
@subject
.
owner
==
@user
||
@user
.
admin?
can!
:create_projects
can!
:admin_namespace
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment