diff options
| author | http://jneen.net/ <jneen@jneen.net> | 2017-04-06 14:07:27 -0700 |
|---|---|---|
| committer | http://jneen.net/ <jneen@jneen.net> | 2017-06-27 12:44:38 -0700 |
| commit | e895b49fce13342cd33f22735069484844dd5d77 (patch) | |
| tree | fca26b2a2e709fad7b850b0acc1b158e68422813 /app/models/ability.rb | |
| parent | 37c401433b76170f0150d70865f1f4584db01fa8 (diff) | |
| download | gitlab-ce-e895b49fce13342cd33f22735069484844dd5d77.tar.gz | |
convert the special-case Ability methods to use policies
Diffstat (limited to 'app/models/ability.rb')
| -rw-r--r-- | app/models/ability.rb | 44 |
1 files changed, 10 insertions, 34 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb index 3b99e65957d..d2b8a8447b5 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -1,35 +1,20 @@ +require 'declarative_policy' + class Ability class << self # Given a list of users and a project this method returns the users that can # read the given project. def users_that_can_read_project(users, project) - if project.public? - users - else - users.select do |user| - if user.admin? - true - elsif project.internal? && !user.external? - true - elsif project.owner == user - true - elsif project.team.members.include?(user) - true - else - false - end - end + DeclarativePolicy.subject_scope do + users.select { |u| allowed?(u, :read_project, project) } end end # Given a list of users and a snippet this method returns the users that can # read the given snippet. def users_that_can_read_personal_snippet(users, snippet) - case snippet.visibility_level - when Snippet::INTERNAL, Snippet::PUBLIC - users - when Snippet::PRIVATE - users.include?(snippet.author) ? [snippet.author] : [] + DeclarativePolicy.subject_scope do + users.select { |u| allowed?(u, :read_personal_snippet, snippet) } end end @@ -38,22 +23,13 @@ class Ability # issues - The issues to reduce down to those readable by the user. # user - The User for which to check the issues def issues_readable_by_user(issues, user = nil) - return issues if user && user.admin? - - issues.select { |issue| issue.visible_to_user?(user) } + DeclarativePolicy.user_scope do + issues.select { |issue| issue.visible_to_user?(user) } + end end - # TODO: make this private and use the actual abilities stuff for this def can_edit_note?(user, note) - return false if !note.editable? || !user.present? - return true if note.author == user || user.admin? - - if note.project - max_access_level = note.project.team.max_member_access(user.id) - max_access_level >= Gitlab::Access::MASTER - else - false - end + allowed?(user, :edit_note, note) end def allowed?(user, action, subject = :global, opts = {}) |