Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
e895b49f
Commit
e895b49f
authored
Apr 06, 2017
by
http://jneen.net/
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
convert the special-case Ability methods to use policies
parent
37c40143
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
10 additions
and
34 deletions
+10
-34
app/models/ability.rb
app/models/ability.rb
+10
-34
No files found.
app/models/ability.rb
View file @
e895b49f
require
'declarative_policy'
class
Ability
class
Ability
class
<<
self
class
<<
self
# Given a list of users and a project this method returns the users that can
# Given a list of users and a project this method returns the users that can
# read the given project.
# read the given project.
def
users_that_can_read_project
(
users
,
project
)
def
users_that_can_read_project
(
users
,
project
)
if
project
.
public?
DeclarativePolicy
.
subject_scope
do
users
users
.
select
{
|
u
|
allowed?
(
u
,
:read_project
,
project
)
}
else
users
.
select
do
|
user
|
if
user
.
admin?
true
elsif
project
.
internal?
&&
!
user
.
external?
true
elsif
project
.
owner
==
user
true
elsif
project
.
team
.
members
.
include?
(
user
)
true
else
false
end
end
end
end
end
end
# Given a list of users and a snippet this method returns the users that can
# Given a list of users and a snippet this method returns the users that can
# read the given snippet.
# read the given snippet.
def
users_that_can_read_personal_snippet
(
users
,
snippet
)
def
users_that_can_read_personal_snippet
(
users
,
snippet
)
case
snippet
.
visibility_level
DeclarativePolicy
.
subject_scope
do
when
Snippet
::
INTERNAL
,
Snippet
::
PUBLIC
users
.
select
{
|
u
|
allowed?
(
u
,
:read_personal_snippet
,
snippet
)
}
users
when
Snippet
::
PRIVATE
users
.
include?
(
snippet
.
author
)
?
[
snippet
.
author
]
:
[]
end
end
end
end
...
@@ -38,22 +23,13 @@ class Ability
...
@@ -38,22 +23,13 @@ class Ability
# issues - The issues to reduce down to those readable by the user.
# issues - The issues to reduce down to those readable by the user.
# user - The User for which to check the issues
# user - The User for which to check the issues
def
issues_readable_by_user
(
issues
,
user
=
nil
)
def
issues_readable_by_user
(
issues
,
user
=
nil
)
return
issues
if
user
&&
user
.
admin?
DeclarativePolicy
.
user_scope
do
issues
.
select
{
|
issue
|
issue
.
visible_to_user?
(
user
)
}
issues
.
select
{
|
issue
|
issue
.
visible_to_user?
(
user
)
}
end
end
end
# TODO: make this private and use the actual abilities stuff for this
def
can_edit_note?
(
user
,
note
)
def
can_edit_note?
(
user
,
note
)
return
false
if
!
note
.
editable?
||
!
user
.
present?
allowed?
(
user
,
:edit_note
,
note
)
return
true
if
note
.
author
==
user
||
user
.
admin?
if
note
.
project
max_access_level
=
note
.
project
.
team
.
max_member_access
(
user
.
id
)
max_access_level
>=
Gitlab
::
Access
::
MASTER
else
false
end
end
end
def
allowed?
(
user
,
action
,
subject
=
:global
,
opts
=
{})
def
allowed?
(
user
,
action
,
subject
=
:global
,
opts
=
{})
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment