Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
846e5817
Commit
846e5817
authored
Feb 28, 2017
by
http://jneen.net/
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
use a magic default :global symbol instead of nil
to make sure we mean the global permissions
parent
130fd255
Changes
10
Hide whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
21 additions
and
15 deletions
+21
-15
app/controllers/application_controller.rb
app/controllers/application_controller.rb
+1
-1
app/controllers/groups_controller.rb
app/controllers/groups_controller.rb
+1
-1
app/models/ability.rb
app/models/ability.rb
+4
-3
app/models/guest.rb
app/models/guest.rb
+1
-1
app/models/user.rb
app/models/user.rb
+2
-2
app/policies/base_policy.rb
app/policies/base_policy.rb
+7
-2
lib/api/helpers.rb
lib/api/helpers.rb
+2
-2
lib/api/users.rb
lib/api/users.rb
+1
-1
lib/banzai/reference_parser/base_parser.rb
lib/banzai/reference_parser/base_parser.rb
+1
-1
lib/gitlab/allowable.rb
lib/gitlab/allowable.rb
+1
-1
No files found.
app/controllers/application_controller.rb
View file @
846e5817
...
@@ -90,7 +90,7 @@ class ApplicationController < ActionController::Base
...
@@ -90,7 +90,7 @@ class ApplicationController < ActionController::Base
current_application_settings
.
after_sign_out_path
.
presence
||
new_user_session_path
current_application_settings
.
after_sign_out_path
.
presence
||
new_user_session_path
end
end
def
can?
(
object
,
action
,
subject
)
def
can?
(
object
,
action
,
subject
=
:global
)
Ability
.
allowed?
(
object
,
action
,
subject
)
Ability
.
allowed?
(
object
,
action
,
subject
)
end
end
...
...
app/controllers/groups_controller.rb
View file @
846e5817
...
@@ -118,7 +118,7 @@ class GroupsController < Groups::ApplicationController
...
@@ -118,7 +118,7 @@ class GroupsController < Groups::ApplicationController
end
end
def
authorize_create_group!
def
authorize_create_group!
unless
can?
(
current_user
,
:create_group
,
nil
)
unless
can?
(
current_user
,
:create_group
)
return
render_404
return
render_404
end
end
end
end
...
...
app/models/ability.rb
View file @
846e5817
...
@@ -56,15 +56,16 @@ class Ability
...
@@ -56,15 +56,16 @@ class Ability
end
end
end
end
def
allowed?
(
user
,
action
,
subject
)
def
allowed?
(
user
,
action
,
subject
=
:global
)
allowed
(
user
,
subject
).
include?
(
action
)
allowed
(
user
,
subject
).
include?
(
action
)
end
end
def
allowed
(
user
,
subject
)
def
allowed
(
user
,
subject
=
:global
)
return
BasePolicy
::
RuleSet
.
none
if
subject
.
nil?
return
uncached_allowed
(
user
,
subject
)
unless
RequestStore
.
active?
return
uncached_allowed
(
user
,
subject
)
unless
RequestStore
.
active?
user_key
=
user
?
user
.
id
:
'anonymous'
user_key
=
user
?
user
.
id
:
'anonymous'
subject_key
=
subject
?
"
#{
subject
.
class
.
name
}
/
#{
subject
.
id
}
"
:
'global'
subject_key
=
subject
==
:global
?
'global'
:
"
#{
subject
.
class
.
name
}
/
#{
subject
.
id
}
"
key
=
"/ability/
#{
user_key
}
/
#{
subject_key
}
"
key
=
"/ability/
#{
user_key
}
/
#{
subject_key
}
"
RequestStore
[
key
]
||=
uncached_allowed
(
user
,
subject
).
freeze
RequestStore
[
key
]
||=
uncached_allowed
(
user
,
subject
).
freeze
end
end
...
...
app/models/guest.rb
View file @
846e5817
class
Guest
class
Guest
class
<<
self
class
<<
self
def
can?
(
action
,
subject
)
def
can?
(
action
,
subject
=
:global
)
Ability
.
allowed?
(
nil
,
action
,
subject
)
Ability
.
allowed?
(
nil
,
action
,
subject
)
end
end
end
end
...
...
app/models/user.rb
View file @
846e5817
...
@@ -563,14 +563,14 @@ class User < ActiveRecord::Base
...
@@ -563,14 +563,14 @@ class User < ActiveRecord::Base
end
end
def
can_create_group?
def
can_create_group?
can?
(
:create_group
,
nil
)
can?
(
:create_group
)
end
end
def
can_select_namespace?
def
can_select_namespace?
several_namespaces?
||
admin
several_namespaces?
||
admin
end
end
def
can?
(
action
,
subject
)
def
can?
(
action
,
subject
=
:global
)
Ability
.
allowed?
(
self
,
action
,
subject
)
Ability
.
allowed?
(
self
,
action
,
subject
)
end
end
...
...
app/policies/base_policy.rb
View file @
846e5817
...
@@ -12,6 +12,10 @@ class BasePolicy
...
@@ -12,6 +12,10 @@ class BasePolicy
new
(
Set
.
new
,
Set
.
new
)
new
(
Set
.
new
,
Set
.
new
)
end
end
def
self
.
none
empty
.
freeze
end
def
can?
(
ability
)
def
can?
(
ability
)
@can_set
.
include?
(
ability
)
&&
!
@cannot_set
.
include?
(
ability
)
@can_set
.
include?
(
ability
)
&&
!
@cannot_set
.
include?
(
ability
)
end
end
...
@@ -49,7 +53,8 @@ class BasePolicy
...
@@ -49,7 +53,8 @@ class BasePolicy
end
end
def
self
.
class_for
(
subject
)
def
self
.
class_for
(
subject
)
return
GlobalPolicy
if
subject
.
nil?
return
GlobalPolicy
if
subject
==
:global
raise
ArgumentError
,
'no policy for nil'
if
subject
.
nil?
if
subject
.
class
.
try
(
:presenter?
)
if
subject
.
class
.
try
(
:presenter?
)
subject
=
subject
.
subject
subject
=
subject
.
subject
...
@@ -79,7 +84,7 @@ class BasePolicy
...
@@ -79,7 +84,7 @@ class BasePolicy
end
end
def
abilities
def
abilities
return
RuleSet
.
empty
if
@user
&&
@user
.
blocked?
return
RuleSet
.
none
if
@user
&&
@user
.
blocked?
return
anonymous_abilities
if
@user
.
nil?
return
anonymous_abilities
if
@user
.
nil?
collect_rules
{
rules
}
collect_rules
{
rules
}
end
end
...
...
lib/api/helpers.rb
View file @
846e5817
...
@@ -116,7 +116,7 @@ module API
...
@@ -116,7 +116,7 @@ module API
forbidden!
unless
current_user
.
is_admin?
forbidden!
unless
current_user
.
is_admin?
end
end
def
authorize!
(
action
,
subject
=
ni
l
)
def
authorize!
(
action
,
subject
=
:globa
l
)
forbidden!
unless
can?
(
current_user
,
action
,
subject
)
forbidden!
unless
can?
(
current_user
,
action
,
subject
)
end
end
...
@@ -134,7 +134,7 @@ module API
...
@@ -134,7 +134,7 @@ module API
end
end
end
end
def
can?
(
object
,
action
,
subject
)
def
can?
(
object
,
action
,
subject
=
:global
)
Ability
.
allowed?
(
object
,
action
,
subject
)
Ability
.
allowed?
(
object
,
action
,
subject
)
end
end
...
...
lib/api/users.rb
View file @
846e5817
...
@@ -45,7 +45,7 @@ module API
...
@@ -45,7 +45,7 @@ module API
use
:pagination
use
:pagination
end
end
get
do
get
do
unless
can?
(
current_user
,
:read_users_list
,
nil
)
unless
can?
(
current_user
,
:read_users_list
)
render_api_error!
(
"Not authorized."
,
403
)
render_api_error!
(
"Not authorized."
,
403
)
end
end
...
...
lib/banzai/reference_parser/base_parser.rb
View file @
846e5817
...
@@ -210,7 +210,7 @@ module Banzai
...
@@ -210,7 +210,7 @@ module Banzai
grouped_objects_for_nodes
(
nodes
,
Project
,
'data-project'
)
grouped_objects_for_nodes
(
nodes
,
Project
,
'data-project'
)
end
end
def
can?
(
user
,
permission
,
subject
)
def
can?
(
user
,
permission
,
subject
=
:global
)
Ability
.
allowed?
(
user
,
permission
,
subject
)
Ability
.
allowed?
(
user
,
permission
,
subject
)
end
end
...
...
lib/gitlab/allowable.rb
View file @
846e5817
module
Gitlab
module
Gitlab
module
Allowable
module
Allowable
def
can?
(
user
,
action
,
subject
)
def
can?
(
user
,
action
,
subject
=
:global
)
Ability
.
allowed?
(
user
,
action
,
subject
)
Ability
.
allowed?
(
user
,
action
,
subject
)
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment