Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-09-30 18:09:52 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-09-30 18:09:52 +0000
commit: 6010cf135a52a37b200112fa353900a690f958a7 (patch)
tree: 74b0ab61b564ea9fa47099fb85cf888add5405e7 /app/policies
parent: dd240e5cc4e0abc4eef8b97962c247dab43e3777 (diff)
download: gitlab-ce-6010cf135a52a37b200112fa353900a690f958a7.tar.gz
2 files changed, 26 insertions, 0 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb
index 4d466e1842b..f9ec026a6d2 100644
--- a/app/policies/group_policy.rb
+++ b/app/policies/group_policy.rb
@@ -56,6 +56,9 @@ class GroupPolicy < BasePolicy
     @user.is_a?(DeployToken) && @user.groups.include?(@subject) && @user.write_package_registry
   end
 
+  with_scope :subject
+  condition(:resource_access_token_available) { resource_access_token_available? }
+
   rule { design_management_enabled }.policy do
     enable :read_design_activity
   end
@@ -187,6 +190,10 @@ class GroupPolicy < BasePolicy
     enable :read_group
   end
 
+  rule { resource_access_token_available & can?(:admin_group) }.policy do
+    enable :admin_resource_access_tokens
+  end
+
   def access_level
     return GroupMember::NO_ACCESS if @user.nil?
     return GroupMember::NO_ACCESS unless user_is_user?
@@ -203,6 +210,14 @@ class GroupPolicy < BasePolicy
   def user_is_user?
     user.is_a?(User)
   end
+
+  def group
+    @subject
+  end
+
+  def resource_access_token_available?
+    true
+  end
 end
 
 GroupPolicy.prepend_if_ee('EE::GroupPolicy')
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index 87ee7d201e4..ea39f6c8d74 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -104,6 +104,9 @@ class ProjectPolicy < BasePolicy
   with_scope :subject
   condition(:service_desk_enabled) { @subject.service_desk_enabled? }
 
+  with_scope :subject
+  condition(:resource_access_token_available) { resource_access_token_available? }
+
   # We aren't checking `:read_issue` or `:read_merge_request` in this case
   # because it could be possible for a user to see an issuable-iid
   # (`:read_issue_iid` or `:read_merge_request_iid`) but then wouldn't be
@@ -589,6 +592,10 @@ class ProjectPolicy < BasePolicy
     prevent :read_project
   end
 
+  rule { resource_access_token_available & can?(:admin_project) }.policy do
+    enable :admin_resource_access_tokens
+  end
+
   private
 
   def user_is_user?
@@ -663,6 +670,10 @@ class ProjectPolicy < BasePolicy
     end
   end
 
+  def resource_access_token_available?
+    true
+  end
+
   def project
     @subject
   end
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-09-30 18:09:52 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-09-30 18:09:52 +0000
commit	6010cf135a52a37b200112fa353900a690f958a7 (patch)
tree	74b0ab61b564ea9fa47099fb85cf888add5405e7 /app/policies
parent	dd240e5cc4e0abc4eef8b97962c247dab43e3777 (diff)
download	gitlab-ce-6010cf135a52a37b200112fa353900a690f958a7.tar.gz