Prevent auditor from managing vulnerabilities

bdc95c8b · Tetiana Chupryna · d5e7fc5a · bdc95c8b
Commit bdc95c8b authored Dec 09, 2019 by Tetiana Chupryna
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

ee/app/policies/ee/project_policy.rb ee/app/policies/ee/project_policy.rb +5 -0

No files found.
--- a/ee/app/policies/ee/project_policy.rb
+++ b/ee/app/policies/ee/project_policy.rb
@@ -216,6 +216,11 @@ module EE
        enable :read_vulnerability
      end

+      rule { auditor & ~developer }.policy do
+        prevent :create_vulnerability
+        prevent :admin_vulnerability
+      end
+
      rule { auditor & ~guest }.policy do
        prevent :create_project
        prevent :create_issue