diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-11-27 12:09:14 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-11-27 12:09:14 +0000 |
| commit | 95ff19a65c5236863e4c7c7e198bfc1e2fa70f07 (patch) | |
| tree | e543a0b23941611b93a7d435b7644eafcdd8cbeb /app/policies | |
| parent | 2df573afed782aebce8c020d92b42e9da7d2868e (diff) | |
| download | gitlab-ce-95ff19a65c5236863e4c7c7e198bfc1e2fa70f07.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/policies')
| -rw-r--r-- | app/policies/group_policy.rb | 5 | ||||
| -rw-r--r-- | app/policies/namespace_policy.rb | 1 | ||||
| -rw-r--r-- | app/policies/project_policy.rb | 14 |
3 files changed, 19 insertions, 1 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index 231843c5f23..7d0db222eaf 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -185,7 +185,10 @@ class GroupPolicy < BasePolicy rule { developer & developer_maintainer_access }.enable :create_projects rule { create_projects_disabled }.prevent :create_projects - rule { owner | admin }.enable :read_statistics + rule { owner | admin }.policy do + enable :owner_access + enable :read_statistics + end rule { maintainer & can?(:create_projects) }.enable :transfer_projects diff --git a/app/policies/namespace_policy.rb b/app/policies/namespace_policy.rb index aa87442cadd..b1d680b4264 100644 --- a/app/policies/namespace_policy.rb +++ b/app/policies/namespace_policy.rb @@ -8,6 +8,7 @@ class NamespacePolicy < BasePolicy condition(:owner) { @subject.owner == @user } rule { owner | admin }.policy do + enable :owner_access enable :create_projects enable :admin_namespace enable :read_namespace diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index 13073ed68a1..333bd0345db 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -147,6 +147,7 @@ class ProjectPolicy < BasePolicy builds pages metrics_dashboard + operations ] features.each do |f| @@ -272,6 +273,19 @@ class ProjectPolicy < BasePolicy prevent(:metrics_dashboard) end + rule { operations_disabled }.policy do + prevent(*create_read_update_admin_destroy(:feature_flag)) + prevent(*create_read_update_admin_destroy(:environment)) + prevent(*create_read_update_admin_destroy(:sentry_issue)) + prevent(*create_read_update_admin_destroy(:alert_management_alert)) + prevent(*create_read_update_admin_destroy(:cluster)) + prevent(*create_read_update_admin_destroy(:terraform_state)) + prevent(*create_read_update_admin_destroy(:deployment)) + prevent(:metrics_dashboard) + prevent(:read_pod_logs) + prevent(:read_prometheus) + end + rule { can?(:metrics_dashboard) }.policy do enable :read_prometheus enable :read_deployment |