ability.rb 2.01 KB
Newer Older
gitlabhq's avatar
gitlabhq committed
1
class Ability
Andrey Kumanyaev's avatar
Andrey Kumanyaev committed
2 3 4 5 6 7 8 9 10 11
  class << self
    def allowed(object, subject)
      case subject.class.name
      when "Project" then project_abilities(object, subject)
      when "Issue" then issue_abilities(object, subject)
      when "Note" then note_abilities(object, subject)
      when "Snippet" then snippet_abilities(object, subject)
      when "MergeRequest" then merge_request_abilities(object, subject)
      else []
      end
gitlabhq's avatar
gitlabhq committed
12 13
    end

Andrey Kumanyaev's avatar
Andrey Kumanyaev committed
14 15
    def project_abilities(user, project)
      rules = []
gitlabhq's avatar
gitlabhq committed
16

Andrey Kumanyaev's avatar
Andrey Kumanyaev committed
17 18 19 20 21 22 23 24 25 26 27 28 29
      rules << [
        :read_project,
        :read_wiki,
        :read_issue,
        :read_milestone,
        :read_snippet,
        :read_team_member,
        :read_merge_request,
        :read_note,
        :write_project,
        :write_issue,
        :write_note
      ] if project.guest_access_for?(user)
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
30

Andrey Kumanyaev's avatar
Andrey Kumanyaev committed
31 32 33 34 35
      rules << [
        :download_code,
        :write_merge_request,
        :write_snippet
      ] if project.report_access_for?(user)
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
36

Andrey Kumanyaev's avatar
Andrey Kumanyaev committed
37 38 39
      rules << [
        :write_wiki
      ] if project.dev_access_for?(user)
gitlabhq's avatar
gitlabhq committed
40

Andrey Kumanyaev's avatar
Andrey Kumanyaev committed
41 42 43 44 45 46 47 48 49 50 51 52 53 54
      rules << [
        :modify_issue,
        :modify_snippet,
        :modify_merge_request,
        :admin_project,
        :admin_issue,
        :admin_milestone,
        :admin_snippet,
        :admin_team_member,
        :admin_merge_request,
        :admin_note,
        :accept_mr,
        :admin_wiki
      ] if project.master_access_for?(user) || project.owner == user
gitlabhq's avatar
gitlabhq committed
55

Andrey Kumanyaev's avatar
Andrey Kumanyaev committed
56 57
      rules.flatten
    end
gitlabhq's avatar
gitlabhq committed
58

Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
59
    [:issue, :note, :snippet, :merge_request].each do |name|
gitlabhq's avatar
gitlabhq committed
60 61 62 63 64
      define_method "#{name}_abilities" do |user, subject|
        if subject.author == user
          [
            :"read_#{name}",
            :"write_#{name}",
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
65
            :"modify_#{name}",
gitlabhq's avatar
gitlabhq committed
66 67
            :"admin_#{name}"
          ]
68 69 70 71 72 73
        elsif subject.respond_to?(:assignee) && subject.assignee == user
          [
            :"read_#{name}",
            :"write_#{name}",
            :"modify_#{name}",
          ]
gitlabhq's avatar
gitlabhq committed
74
        else
Andrey Kumanyaev's avatar
Andrey Kumanyaev committed
75
          subject.respond_to?(:project) ? project_abilities(user, subject.project) : []
gitlabhq's avatar
gitlabhq committed
76 77 78 79
        end
      end
    end
  end
gitlabhq's avatar
gitlabhq committed
80
end