diff options
Diffstat (limited to 'app/policies/group_policy.rb')
-rw-r--r-- | app/policies/group_policy.rb | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index 9219283992f..84b1873c05d 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -16,8 +16,6 @@ class GroupPolicy < BasePolicy condition(:maintainer) { access_level >= GroupMember::MAINTAINER } condition(:reporter) { access_level >= GroupMember::REPORTER } - condition(:nested_groups_supported, scope: :global) { Group.supports_nested_objects? } - condition(:has_parent, scope: :subject) { @subject.has_parent? } condition(:share_with_group_locked, scope: :subject) { @subject.share_with_group_lock? } condition(:parent_share_with_group_locked, scope: :subject) { @subject.parent&.share_with_group_lock? } @@ -38,6 +36,10 @@ class GroupPolicy < BasePolicy @subject.project_creation_level == ::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS end + condition(:maintainer_can_create_group) do + @subject.subgroup_creation_level == ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end + rule { public_group }.policy do enable :read_group enable :read_list @@ -104,7 +106,8 @@ class GroupPolicy < BasePolicy enable :read_nested_project_resources end - rule { owner & nested_groups_supported }.enable :create_subgroup + rule { owner }.enable :create_subgroup + rule { maintainer & maintainer_can_create_group }.enable :create_subgroup rule { public_group | logged_in_viewable }.enable :view_globally |