Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
c218dd90
Commit
c218dd90
authored
Aug 23, 2016
by
http://jneen.net/
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
make almost everything on Ability private
parent
8702cef2
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
44 additions
and
46 deletions
+44
-46
app/models/ability.rb
app/models/ability.rb
+44
-46
No files found.
app/models/ability.rb
View file @
c218dd90
class
Ability
class
Ability
class
<<
self
class
<<
self
# Given a list of users and a project this method returns the users that can
# read the given project.
def
users_that_can_read_project
(
users
,
project
)
if
project
.
public?
users
else
users
.
select
do
|
user
|
if
user
.
admin?
true
elsif
project
.
internal?
&&
!
user
.
external?
true
elsif
project
.
owner
==
user
true
elsif
project
.
team
.
members
.
include?
(
user
)
true
else
false
end
end
end
end
# Returns an Array of Issues that can be read by the given user.
#
# issues - The issues to reduce down to those readable by the user.
# user - The User for which to check the issues
def
issues_readable_by_user
(
issues
,
user
=
nil
)
return
issues
if
user
&&
user
.
admin?
issues
.
select
{
|
issue
|
issue
.
visible_to_user?
(
user
)
}
end
# TODO: make this private and use the actual abilities stuff for this
def
can_edit_note?
(
user
,
note
)
return
false
if
!
note
.
editable?
||
!
user
.
present?
return
true
if
note
.
author
==
user
||
user
.
admin?
if
note
.
project
max_access_level
=
note
.
project
.
team
.
max_member_access
(
user
.
id
)
max_access_level
>=
Gitlab
::
Access
::
MASTER
else
false
end
end
end
def
allowed?
(
user
,
action
,
subject
)
def
allowed?
(
user
,
action
,
subject
)
...
@@ -16,6 +58,8 @@ class Ability
...
@@ -16,6 +58,8 @@ class Ability
RequestStore
[
key
]
||=
Set
.
new
(
uncached_allowed
(
user
,
subject
)).
freeze
RequestStore
[
key
]
||=
Set
.
new
(
uncached_allowed
(
user
,
subject
)).
freeze
end
end
private
def
uncached_allowed
(
user
,
subject
)
def
uncached_allowed
(
user
,
subject
)
return
anonymous_abilities
(
subject
)
if
user
.
nil?
return
anonymous_abilities
(
subject
)
if
user
.
nil?
return
[]
unless
user
.
is_a?
(
User
)
return
[]
unless
user
.
is_a?
(
User
)
...
@@ -44,38 +88,6 @@ class Ability
...
@@ -44,38 +88,6 @@ class Ability
end
.
concat
(
global_abilities
(
user
))
end
.
concat
(
global_abilities
(
user
))
end
end
# Given a list of users and a project this method returns the users that can
# read the given project.
def
users_that_can_read_project
(
users
,
project
)
if
project
.
public?
users
else
users
.
select
do
|
user
|
if
user
.
admin?
true
elsif
project
.
internal?
&&
!
user
.
external?
true
elsif
project
.
owner
==
user
true
elsif
project
.
team
.
members
.
include?
(
user
)
true
else
false
end
end
end
end
# Returns an Array of Issues that can be read by the given user.
#
# issues - The issues to reduce down to those readable by the user.
# user - The User for which to check the issues
def
issues_readable_by_user
(
issues
,
user
=
nil
)
return
issues
if
user
&&
user
.
admin?
issues
.
select
{
|
issue
|
issue
.
visible_to_user?
(
user
)
}
end
# List of possible abilities for anonymous user
# List of possible abilities for anonymous user
def
anonymous_abilities
(
user
,
subject
)
def
anonymous_abilities
(
user
,
subject
)
if
subject
.
is_a?
(
PersonalSnippet
)
if
subject
.
is_a?
(
PersonalSnippet
)
...
@@ -420,18 +432,6 @@ class Ability
...
@@ -420,18 +432,6 @@ class Ability
GroupProjectsFinder
.
new
(
group
).
execute
(
user
).
any?
GroupProjectsFinder
.
new
(
group
).
execute
(
user
).
any?
end
end
def
can_edit_note?
(
user
,
note
)
return
false
if
!
note
.
editable?
||
!
user
.
present?
return
true
if
note
.
author
==
user
||
user
.
admin?
if
note
.
project
max_access_level
=
note
.
project
.
team
.
max_member_access
(
user
.
id
)
max_access_level
>=
Gitlab
::
Access
::
MASTER
else
false
end
end
def
namespace_abilities
(
user
,
namespace
)
def
namespace_abilities
(
user
,
namespace
)
rules
=
[]
rules
=
[]
...
@@ -597,8 +597,6 @@ class Ability
...
@@ -597,8 +597,6 @@ class Ability
self
self
end
end
private
def
restricted_public_level?
def
restricted_public_level?
current_application_settings
.
restricted_visibility_levels
.
include?
(
Gitlab
::
VisibilityLevel
::
PUBLIC
)
current_application_settings
.
restricted_visibility_levels
.
include?
(
Gitlab
::
VisibilityLevel
::
PUBLIC
)
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment