Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
57def53c
Commit
57def53c
authored
Aug 30, 2016
by
http://jneen.net/
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
factor out a RuleSet so that `delegate!` retains @cannot
parent
b3b7fb1f
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
51 additions
and
9 deletions
+51
-9
app/models/ability.rb
app/models/ability.rb
+1
-1
app/policies/base_policy.rb
app/policies/base_policy.rb
+50
-8
No files found.
app/models/ability.rb
View file @
57def53c
...
@@ -55,7 +55,7 @@ class Ability
...
@@ -55,7 +55,7 @@ class Ability
user_key
=
user
?
user
.
id
:
'anonymous'
user_key
=
user
?
user
.
id
:
'anonymous'
subject_key
=
subject
?
"
#{
subject
.
class
.
name
}
/
#{
subject
.
id
}
"
:
'global'
subject_key
=
subject
?
"
#{
subject
.
class
.
name
}
/
#{
subject
.
id
}
"
:
'global'
key
=
"/ability/
#{
user_key
}
/
#{
subject_key
}
"
key
=
"/ability/
#{
user_key
}
/
#{
subject_key
}
"
RequestStore
[
key
]
||=
Set
.
new
(
uncached_allowed
(
user
,
subject
)
).
freeze
RequestStore
[
key
]
||=
uncached_allowed
(
user
,
subject
).
freeze
end
end
private
private
...
...
app/policies/base_policy.rb
View file @
57def53c
class
BasePolicy
class
BasePolicy
class
RuleSet
attr_reader
:can_set
,
:cannot_set
def
initialize
(
can_set
,
cannot_set
)
@can_set
=
can_set
@cannot_set
=
cannot_set
end
def
self
.
empty
new
(
Set
.
new
,
Set
.
new
)
end
def
can?
(
ability
)
@can_set
.
include?
(
ability
)
&&
!
@cannot_set
.
include?
(
ability
)
end
def
include?
(
ability
)
can?
(
ability
)
end
def
to_set
@can_set
-
@cannot_set
end
def
merge
(
other
)
@can_set
.
merge
(
other
.
can_set
)
@cannot_set
.
merge
(
other
.
cannot_set
)
end
def
can!
(
*
abilities
)
@can_set
.
merge
(
abilities
)
end
def
cannot!
(
*
abilities
)
@cannot_set
.
merge
(
abilities
)
end
def
freeze
@can_set
.
freeze
@cannot_set
.
freeze
super
end
end
def
self
.
abilities
(
user
,
subject
)
def
self
.
abilities
(
user
,
subject
)
new
(
user
,
subject
).
abilities
new
(
user
,
subject
).
abilities
end
end
...
@@ -30,7 +73,7 @@ class BasePolicy
...
@@ -30,7 +73,7 @@ class BasePolicy
end
end
def
abilities
def
abilities
return
[]
if
@user
&&
@user
.
blocked?
return
RuleSet
.
empty
if
@user
&&
@user
.
blocked?
return
anonymous_abilities
if
@user
.
nil?
return
anonymous_abilities
if
@user
.
nil?
collect_rules
{
rules
}
collect_rules
{
rules
}
end
end
...
@@ -44,27 +87,26 @@ class BasePolicy
...
@@ -44,27 +87,26 @@ class BasePolicy
end
end
def
delegate!
(
new_subject
)
def
delegate!
(
new_subject
)
@
can
.
merge
(
Ability
.
allowed
(
@user
,
new_subject
))
@
rule_set
.
merge
(
Ability
.
allowed
(
@user
,
new_subject
))
end
end
def
can?
(
rule
)
def
can?
(
rule
)
@
can
.
include?
(
rule
)
&&
!
@cannot
.
include
?
(
rule
)
@
rule_set
.
can
?
(
rule
)
end
end
def
can!
(
*
rules
)
def
can!
(
*
rules
)
@
can
.
merge
(
rules
)
@
rule_set
.
can!
(
*
rules
)
end
end
def
cannot!
(
*
rules
)
def
cannot!
(
*
rules
)
@
cannot
.
merge
(
rules
)
@
rule_set
.
cannot!
(
*
rules
)
end
end
private
private
def
collect_rules
(
&
b
)
def
collect_rules
(
&
b
)
@can
=
Set
.
new
@rule_set
=
RuleSet
.
empty
@cannot
=
Set
.
new
yield
yield
@
can
-
@canno
t
@
rule_se
t
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment