Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
4c7b7a84
Commit
4c7b7a84
authored
Dec 18, 2018
by
Rémy Coutable
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Make ProjectSnippetPolicy EE-ready
Signed-off-by:
Rémy Coutable
<
remy@rymai.me
>
parent
549ee8ad
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
9 additions
and
6 deletions
+9
-6
app/policies/base_policy.rb
app/policies/base_policy.rb
+4
-0
app/policies/project_snippet_policy.rb
app/policies/project_snippet_policy.rb
+5
-6
No files found.
app/policies/base_policy.rb
View file @
4c7b7a84
...
...
@@ -7,6 +7,10 @@ class BasePolicy < DeclarativePolicy::Base
with_options
scope: :user
,
score:
0
condition
(
:admin
)
{
@user
&
.
admin?
}
desc
"User has access to all private groups & projects"
with_options
scope: :user
,
score:
0
condition
(
:full_private_access
)
{
@user
&
.
full_private_access?
}
with_options
scope: :user
,
score:
0
condition
(
:external_user
)
{
@user
.
nil?
||
@user
.
external?
}
...
...
app/policies/project_snippet_policy.rb
View file @
4c7b7a84
...
...
@@ -5,13 +5,12 @@ class ProjectSnippetPolicy < BasePolicy
desc
"Snippet is public"
condition
(
:public_snippet
,
scope: :subject
)
{
@subject
.
public?
}
condition
(
:internal_snippet
,
scope: :subject
)
{
@subject
.
internal?
}
condition
(
:private_snippet
,
scope: :subject
)
{
@subject
.
private?
}
condition
(
:public_project
,
scope: :subject
)
{
@subject
.
project
.
public?
}
condition
(
:is_author
)
{
@user
&&
@subject
.
author
==
@user
}
condition
(
:internal
,
scope: :subject
)
{
@subject
.
internal?
}
# We have to check both project feature visibility and a snippet visibility and take the stricter one
# This will be simplified - check https://gitlab.com/gitlab-org/gitlab-ce/issues/27573
rule
{
~
can?
(
:read_project
)
}.
policy
do
...
...
@@ -26,13 +25,13 @@ class ProjectSnippetPolicy < BasePolicy
# is used to hide/show various snippet-related controls, so we can't just move
# all of the handling here.
rule
do
all?
(
private_snippet
|
(
internal
&
external_user
),
all?
(
private_snippet
|
(
internal
_snippet
&
external_user
),
~
project
.
guest
,
~
admin
,
~
is_author
)
~
is_author
,
~
full_private_access
)
end
.
prevent
:read_project_snippet
rule
{
internal
&
~
is_author
&
~
admin
}.
policy
do
rule
{
internal
_snippet
&
~
is_author
&
~
admin
}.
policy
do
prevent
:update_project_snippet
prevent
:admin_project_snippet
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment