Commit 16254e21 authored by Terri Chu's avatar Terri Chu

Merge branch '341124-use-usernamespacepolicy-for-user-namespaces' into 'master'

Use UserNamespacePolicy for user namespaces

See merge request gitlab-org/gitlab!70820
parents dd0ec12f a8420489
# frozen_string_literal: true
class NamespacePolicy < BasePolicy
rule { anonymous }.prevent_all
condition(:personal_project, scope: :subject) { @subject.kind == 'user' }
condition(:can_create_personal_project, scope: :user) { @user.can_create_project? }
condition(:owner) { @subject.owner == @user }
rule { owner | admin }.policy do
enable :owner_access
enable :create_projects
enable :admin_namespace
enable :read_namespace
enable :read_statistics
enable :create_jira_connect_subscription
enable :create_package_settings
enable :read_package_settings
end
rule { personal_project & ~can_create_personal_project }.prevent :create_projects
rule { (owner | admin) & can?(:create_projects) }.enable :transfer_projects
class NamespacePolicy < ::Namespaces::UserNamespacePolicy
# NamespacePolicy has been traditionally for user namespaces.
# So these policies have been moved into Namespaces::UserNamespacePolicy.
# Once the user namespace conversion is complete, we can look at
# either removing this file or locating common namespace policy items
# here.
end
NamespacePolicy.prepend_mod_with('NamespacePolicy')
# frozen_string_literal: true
module Namespaces
class UserNamespacePolicy < BasePolicy
rule { anonymous }.prevent_all
condition(:personal_project, scope: :subject) { @subject.kind == 'user' }
condition(:can_create_personal_project, scope: :user) { @user.can_create_project? }
condition(:owner) { @subject.owner == @user }
rule { owner | admin }.policy do
enable :owner_access
enable :create_projects
enable :admin_namespace
enable :read_namespace
enable :read_statistics
enable :create_jira_connect_subscription
enable :create_package_settings
enable :read_package_settings
end
rule { personal_project & ~can_create_personal_project }.prevent :create_projects
rule { (owner | admin) & can?(:create_projects) }.enable :transfer_projects
end
end
Namespaces::UserNamespacePolicy.prepend_mod_with('Namespaces::UserNamespacePolicy')
# frozen_string_literal: true
module EE
module NamespacePolicy
extend ActiveSupport::Concern
prepended do
condition(:over_storage_limit, scope: :subject) { @subject.over_storage_limit? }
condition(:compliance_framework_available) do
@subject.feature_available?(:custom_compliance_frameworks)
end
rule { admin & is_gitlab_com }.enable :update_subscription_limit
rule { over_storage_limit }.policy do
prevent :create_projects
end
rule { can?(:owner_access) & compliance_framework_available }.enable :admin_compliance_framework
end
end
end
# frozen_string_literal: true
module EE
module Namespaces
module UserNamespacePolicy
extend ActiveSupport::Concern
prepended do
condition(:over_storage_limit, scope: :subject) { @subject.over_storage_limit? }
condition(:compliance_framework_available) do
@subject.licensed_feature_available?(:custom_compliance_frameworks)
end
rule { admin & is_gitlab_com }.enable :update_subscription_limit
rule { over_storage_limit }.policy do
prevent :create_projects
end
rule { can?(:owner_access) & compliance_framework_available }.enable :admin_compliance_framework
end
end
end
end
......@@ -2,7 +2,7 @@
require 'spec_helper'
RSpec.describe NamespacePolicy do
RSpec.describe Namespaces::UserNamespacePolicy do
let(:owner) { build_stubbed(:user) }
let(:namespace) { build_stubbed(:namespace, owner: owner) }
let(:admin) { build_stubbed(:admin) }
......
......@@ -2,7 +2,7 @@
require 'spec_helper'
RSpec.describe NamespacePolicy do
RSpec.describe Namespaces::UserNamespacePolicy do
let(:user) { create(:user) }
let(:owner) { create(:user) }
let(:admin) { create(:admin) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment