summaryrefslogtreecommitdiff
path: root/app/models
diff options
context:
space:
mode:
authorhttp://jneen.net/ <jneen@jneen.net>2016-08-11 15:12:52 -0700
committerhttp://jneen.net/ <jneen@jneen.net>2016-08-30 11:35:06 -0700
commite208765a92748086cacbc56225e827c8463750a5 (patch)
treebe9bb5c39c1b88cb3bab21d05c7a6a07398b4f7e /app/models
parent5853c96b49010aaf33b85caeb94dfc18873d5656 (diff)
downloadgitlab-ce-e208765a92748086cacbc56225e827c8463750a5.tar.gz
add policies, and factor out ProjectPolicy
Diffstat (limited to 'app/models')
-rw-r--r--app/models/ability.rb35
1 files changed, 4 insertions, 31 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 891c5ba9276..4f0ffa09a1f 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -71,7 +71,7 @@ class Ability
def abilities_by_subject_class(user:, subject:)
case subject
when CommitStatus then commit_status_abilities(user, subject)
- when Project then project_abilities(user, subject)
+ when Project then ProjectPolicy.new(user, subject).abilities
when Issue then issue_abilities(user, subject)
when Note then note_abilities(user, subject)
when ProjectSnippet then project_snippet_abilities(user, subject)
@@ -85,7 +85,7 @@ class Ability
when ExternalIssue, Deployment, Environment then project_abilities(user, subject.project)
when Ci::Runner then runner_abilities(user, subject)
else []
- end.concat(global_abilities(user))
+ end + global_abilities(user)
end
# List of possible abilities for anonymous user
@@ -193,35 +193,8 @@ class Ability
end
def project_abilities(user, project)
- rules = []
-
- # Push abilities on the users team role
- rules.push(*project_team_rules(project.team, user))
-
- owner = user.admin? ||
- project.owner == user ||
- (project.group && project.group.has_owner?(user))
-
- if owner
- rules.push(*project_owner_rules)
- end
-
- if project.public? || (project.internal? && !user.external?)
- rules.push(*public_project_rules)
-
- # Allow to read builds for internal projects
- rules << :read_build if project.public_builds?
-
- unless owner || project.team.member?(user) || project_group_member?(project, user)
- rules << :request_access if project.request_access_enabled
- end
- end
-
- if project.archived?
- rules -= project_archived_rules
- end
-
- rules - project_disabled_features_rules(project)
+ # temporary patch, deleteme before merge
+ ProjectPolicy.new(user, project).abilities.to_a
end
def project_team_rules(team, user)
View Lorry Controller Status