make almost everything on Ability private

c218dd90 · http://jneen.net/ · 8702cef2 · c218dd90
Commit c218dd90 authored Aug 23, 2016 by http://jneen.net/
Hide whitespace changes
Inline Side-by-side

Showing with 44 additions and 46 deletions

app/models/ability.rb app/models/ability.rb +44 -46

No files found.
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
 class Ability
  class << self
+    # Given a list of users and a project this method returns the users that can
+    # read the given project.
+    def users_that_can_read_project(users, project)
+      if project.public?
+        users
+      else
+        users.select do |user|
+          if user.admin?
+            true
+          elsif project.internal? && !user.external?
+            true
+          elsif project.owner == user
+            true
+          elsif project.team.members.include?(user)
+            true
+          else
+            false
+          end
+        end
+      end
+    end

+    # Returns an Array of Issues that can be read by the given user.
+    #
+    # issues - The issues to reduce down to those readable by the user.
+    # user - The User for which to check the issues
+    def issues_readable_by_user(issues, user = nil)
+      return issues if user && user.admin?
+
+      issues.select { |issue| issue.visible_to_user?(user) }
+    end
+
+    # TODO: make this private and use the actual abilities stuff for this
+    def can_edit_note?(user, note)
+      return false if !note.editable? || !user.present?
+      return true if note.author == user || user.admin?
+
+      if note.project
+        max_access_level = note.project.team.max_member_access(user.id)
+        max_access_level >= Gitlab::Access::MASTER
+      else
+        false
+      end
    end

    def allowed?(user, action, subject)
@@ -16,6 +58,8 @@ class Ability
      RequestStore[key] ||= Set.new(uncached_allowed(user, subject)).freeze
    end

+    private
+
    def uncached_allowed(user, subject)
      return anonymous_abilities(subject) if user.nil?
      return [] unless user.is_a?(User)
@@ -44,38 +88,6 @@ class Ability
      end.concat(global_abilities(user))
    end

-    # Given a list of users and a project this method returns the users that can
-    # read the given project.
-    def users_that_can_read_project(users, project)
-      if project.public?
-        users
-      else
-        users.select do |user|
-          if user.admin?
-            true
-          elsif project.internal? && !user.external?
-            true
-          elsif project.owner == user
-            true
-          elsif project.team.members.include?(user)
-            true
-          else
-            false
-          end
-        end
-      end
-    end
-
-    # Returns an Array of Issues that can be read by the given user.
-    #
-    # issues - The issues to reduce down to those readable by the user.
-    # user - The User for which to check the issues
-    def issues_readable_by_user(issues, user = nil)
-      return issues if user && user.admin?
-
-      issues.select { |issue| issue.visible_to_user?(user) }
-    end
-
    # List of possible abilities for anonymous user
    def anonymous_abilities(user, subject)
      if subject.is_a?(PersonalSnippet)
@@ -420,18 +432,6 @@ class Ability
      GroupProjectsFinder.new(group).execute(user).any?
    end

-    def can_edit_note?(user, note)
-      return false if !note.editable? || !user.present?
-      return true if note.author == user || user.admin?
-
-      if note.project
-        max_access_level = note.project.team.max_member_access(user.id)
-        max_access_level >= Gitlab::Access::MASTER
-      else
-        false
-      end
-    end
-
    def namespace_abilities(user, namespace)
      rules = []

@@ -597,8 +597,6 @@ class Ability
      self
    end

-    private
-
    def restricted_public_level?
      current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC)
    end