summaryrefslogtreecommitdiff
path: root/app/models/ability.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/models/ability.rb')
-rw-r--r--app/models/ability.rb79
1 files changed, 46 insertions, 33 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb
index c90c99c5b5f..3ee3a7857ee 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -68,6 +68,7 @@ class Ability
def project_abilities(user, project)
rules = []
key = "/user/#{user.id}/project/#{project.id}"
+
RequestStore.store[key] ||= begin
team = project.team
@@ -144,9 +145,9 @@ class Ability
:read_project_member,
:read_merge_request,
:read_note,
- :write_project,
- :write_issue,
- :write_note
+ :create_project,
+ :create_issue,
+ :create_note
]
end
@@ -154,15 +155,15 @@ class Ability
project_guest_rules + [
:download_code,
:fork_project,
- :write_project_snippet
+ :create_project_snippet
]
end
def project_dev_rules
project_report_rules + [
- :write_merge_request,
- :write_wiki,
- :modify_issue,
+ :create_merge_request,
+ :create_wiki,
+ :update_issue,
:admin_issue,
:admin_label,
:push_code
@@ -171,10 +172,10 @@ class Ability
def project_archived_rules
[
- :write_merge_request,
+ :create_merge_request,
:push_code,
:push_code_to_protected_branches,
- :modify_merge_request,
+ :update_merge_request,
:admin_merge_request
]
end
@@ -182,9 +183,8 @@ class Ability
def project_master_rules
project_dev_rules + [
:push_code_to_protected_branches,
- :modify_issue,
- :modify_project_snippet,
- :modify_merge_request,
+ :update_project_snippet,
+ :update_merge_request,
:admin_milestone,
:admin_project_snippet,
:admin_project_member,
@@ -244,30 +244,40 @@ class Ability
rules.flatten
end
- [:issue, :note, :project_snippet, :personal_snippet, :merge_request].each do |name|
+
+ [:issue, :merge_request].each do |name|
define_method "#{name}_abilities" do |user, subject|
- if subject.author == user || user.is_admin?
- rules = [
+ rules = []
+
+ if subject.author == user || (subject.respond_to?(:assignee) && subject.assignee == user)
+ rules += [
:"read_#{name}",
- :"write_#{name}",
- :"modify_#{name}",
- :"admin_#{name}"
+ :"update_#{name}",
]
- rules.push(:change_visibility_level) if subject.is_a?(Snippet)
- rules
- elsif subject.respond_to?(:assignee) && subject.assignee == user
- [
+ end
+
+ rules += project_abilities(user, subject.project)
+ rules
+ end
+ end
+
+ [:note, :project_snippet, :personal_snippet].each do |name|
+ define_method "#{name}_abilities" do |user, subject|
+ rules = []
+
+ if subject.author == user
+ rules += [
:"read_#{name}",
- :"write_#{name}",
- :"modify_#{name}",
+ :"update_#{name}",
+ :"admin_#{name}"
]
- else
- if subject.respond_to?(:project) && subject.project
- project_abilities(user, subject.project)
- else
- []
- end
end
+
+ if subject.respond_to?(:project) && subject.project
+ rules += project_abilities(user, subject.project)
+ end
+
+ rules
end
end
@@ -276,13 +286,16 @@ class Ability
target_user = subject.user
group = subject.group
can_manage = group_abilities(user, group).include?(:admin_group)
+
if can_manage && (user != target_user)
- rules << :modify_group_member
+ rules << :update_group_member
rules << :destroy_group_member
end
+
if !group.last_owner?(user) && (can_manage || (user == target_user))
rules << :destroy_group_member
end
+
rules
end
@@ -299,8 +312,8 @@ class Ability
def named_abilities(name)
[
:"read_#{name}",
- :"write_#{name}",
- :"modify_#{name}",
+ :"create_#{name}",
+ :"update_#{name}",
:"admin_#{name}"
]
end
View Lorry Controller Status