Skip to content

G
gitlab-ce
Commit 7ca017b5 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets
Browse files
Options

Refactor issue, mr, note abilities to include project abilities too 

Signed-off-by: default avatarDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
parent 083d4604
Hide whitespace changes
Inline Side-by-side
Showing with 30 additions and 13 deletions
app/models/ability.rb
View file @ 7ca017b5
...@@ -68,6 +68,7 @@ class Ability ...@@ -68,6 +68,7 @@ class Ability
def project_abilities(user, project) def project_abilities(user, project)
rules = [] rules = []
key = "/user/#{user.id}/project/#{project.id}" key = "/user/#{user.id}/project/#{project.id}"
RequestStore.store[key] ||= begin RequestStore.store[key] ||= begin
team = project.team team = project.team
...@@ -182,7 +183,6 @@ class Ability ...@@ -182,7 +183,6 @@ class Ability
def project_master_rules def project_master_rules
project_dev_rules + [ project_dev_rules + [
:push_code_to_protected_branches, :push_code_to_protected_branches,
:update_issue,
:update_project_snippet, :update_project_snippet,
:update_merge_request, :update_merge_request,
:admin_milestone, :admin_milestone,
...@@ -244,26 +244,40 @@ class Ability ...@@ -244,26 +244,40 @@ class Ability
rules.flatten rules.flatten
end end
[:issue, :note, :project_snippet, :personal_snippet, :merge_request].each do |name|
[:issue, :merge_request].each do |name|
define_method "#{name}_abilities" do |user, subject| define_method "#{name}_abilities" do |user, subject|
if user.is_admin? rules = []
[
if subject.author == user || (subject.respond_to?(:assignee) && subject.assignee == user)
rules += [
:"read_#{name}", :"read_#{name}",
:"update_#{name}", :"update_#{name}",
:"admin_#{name}"
] ]
elsif subject.author == user || (subject.respond_to?(:assignee) && subject.assignee == user) end
[
rules += project_abilities(user, subject.project)
rules
end
end
[:note, :project_snippet, :personal_snippet].each do |name|
define_method "#{name}_abilities" do |user, subject|
rules = []
if subject.author == user
rules += [
:"read_#{name}", :"read_#{name}",
:"update_#{name}", :"update_#{name}",
:"admin_#{name}"
] ]
else
if subject.respond_to?(:project) && subject.project
project_abilities(user, subject.project)
else
[]
end
end end
if subject.respond_to?(:project) && subject.project
rules += project_abilities(user, subject.project)
end
rules
end end
end end
...@@ -272,13 +286,16 @@ class Ability ...@@ -272,13 +286,16 @@ class Ability
target_user = subject.user target_user = subject.user
group = subject.group group = subject.group
can_manage = group_abilities(user, group).include?(:admin_group) can_manage = group_abilities(user, group).include?(:admin_group)
if can_manage && (user != target_user) if can_manage && (user != target_user)
rules << :update_group_member rules << :update_group_member
rules << :destroy_group_member rules << :destroy_group_member
end end
if !group.last_owner?(user) && (can_manage || (user == target_user)) if !group.last_owner?(user) && (can_manage || (user == target_user))
rules << :destroy_group_member rules << :destroy_group_member
end end
rules rules
end end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7