Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
4d904bf3
Commit
4d904bf3
authored
Aug 16, 2016
by
http://jneen.net/
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
port issues to Issu{able,e}Policy
parent
1ca9b335
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
58 additions
and
4 deletions
+58
-4
app/models/ability.rb
app/models/ability.rb
+4
-2
app/policies/base_policy.rb
app/policies/base_policy.rb
+10
-2
app/policies/issuable_policy.rb
app/policies/issuable_policy.rb
+14
-0
app/policies/issue_policy.rb
app/policies/issue_policy.rb
+27
-0
app/policies/project_policy.rb
app/policies/project_policy.rb
+3
-0
No files found.
app/models/ability.rb
View file @
4d904bf3
...
@@ -72,7 +72,7 @@ class Ability
...
@@ -72,7 +72,7 @@ class Ability
case
subject
case
subject
when
CommitStatus
then
commit_status_abilities
(
user
,
subject
)
when
CommitStatus
then
commit_status_abilities
(
user
,
subject
)
when
Project
then
ProjectPolicy
.
abilities
(
user
,
subject
)
when
Project
then
ProjectPolicy
.
abilities
(
user
,
subject
)
when
Issue
then
issue_
abilities
(
user
,
subject
)
when
Issue
then
IssuePolicy
.
abilities
(
user
,
subject
)
when
Note
then
note_abilities
(
user
,
subject
)
when
Note
then
note_abilities
(
user
,
subject
)
when
ProjectSnippet
then
project_snippet_abilities
(
user
,
subject
)
when
ProjectSnippet
then
project_snippet_abilities
(
user
,
subject
)
when
PersonalSnippet
then
personal_snippet_abilities
(
user
,
subject
)
when
PersonalSnippet
then
personal_snippet_abilities
(
user
,
subject
)
...
@@ -89,7 +89,7 @@ class Ability
...
@@ -89,7 +89,7 @@ class Ability
end
end
# List of possible abilities for anonymous user
# List of possible abilities for anonymous user
def
anonymous_abilities
(
user
,
subject
)
def
anonymous_abilities
(
subject
)
if
subject
.
is_a?
(
PersonalSnippet
)
if
subject
.
is_a?
(
PersonalSnippet
)
anonymous_personal_snippet_abilities
(
subject
)
anonymous_personal_snippet_abilities
(
subject
)
elsif
subject
.
is_a?
(
ProjectSnippet
)
elsif
subject
.
is_a?
(
ProjectSnippet
)
...
@@ -98,6 +98,8 @@ class Ability
...
@@ -98,6 +98,8 @@ class Ability
anonymous_commit_status_abilities
(
subject
)
anonymous_commit_status_abilities
(
subject
)
elsif
subject
.
is_a?
(
Project
)
elsif
subject
.
is_a?
(
Project
)
ProjectPolicy
.
abilities
(
nil
,
subject
)
ProjectPolicy
.
abilities
(
nil
,
subject
)
elsif
subject
.
is_a?
(
Issue
)
IssuePolicy
.
abilities
(
nil
,
subject
)
elsif
subject
.
respond_to?
(
:project
)
elsif
subject
.
respond_to?
(
:project
)
ProjectPolicy
.
abilities
(
nil
,
subject
.
project
)
ProjectPolicy
.
abilities
(
nil
,
subject
.
project
)
elsif
subject
.
is_a?
(
Group
)
||
subject
.
respond_to?
(
:group
)
elsif
subject
.
is_a?
(
Group
)
||
subject
.
respond_to?
(
:group
)
...
...
app/policies/base_policy.rb
View file @
4d904bf3
...
@@ -3,6 +3,10 @@ class BasePolicy
...
@@ -3,6 +3,10 @@ class BasePolicy
new
(
user
,
subject
).
abilities
new
(
user
,
subject
).
abilities
end
end
def
self
.
class_for
(
subject
)
"
#{
subject
.
class
.
name
}
Policy"
.
constantize
end
attr_reader
:user
,
:subject
attr_reader
:user
,
:subject
def
initialize
(
user
,
subject
)
def
initialize
(
user
,
subject
)
@user
=
user
@user
=
user
...
@@ -18,8 +22,12 @@ class BasePolicy
...
@@ -18,8 +22,12 @@ class BasePolicy
collect_rules
{
anonymous_rules
}
collect_rules
{
anonymous_rules
}
end
end
def
generate!
def
anonymous_rules
raise
'abstract'
rules
end
def
delegate!
(
new_subject
)
@can
.
merge
(
BasePolicy
.
class_for
(
new_subject
).
abilities
(
@user
,
new_subject
))
end
end
def
can!
(
*
rules
)
def
can!
(
*
rules
)
...
...
app/policies/issuable_policy.rb
0 → 100644
View file @
4d904bf3
class
IssuablePolicy
<
BasePolicy
def
action_name
@subject
.
class
.
name
.
underscore
end
def
rules
if
@user
&&
(
@subject
.
author
==
@user
||
@subject
.
assignee
==
@user
)
can!
:"read_
#{
action_name
}
"
can!
:"update_
#{
action_name
}
"
end
delegate!
@subject
.
project
end
end
app/policies/issue_policy.rb
0 → 100644
View file @
4d904bf3
class
IssuePolicy
<
IssuablePolicy
def
issue
@subject
end
def
rules
super
if
@subject
.
confidential?
&&
!
can_read_confidential?
cannot!
:read_issue
cannot!
:admin_issue
cannot!
:update_issue
cannot!
:read_issue
end
end
private
def
can_read_confidential?
return
false
unless
@user
return
true
if
@user
.
admin?
return
true
if
@subject
.
author
==
@user
return
true
if
@subject
.
assignee
==
@user
return
true
if
@subject
.
project
.
team
.
member?
(
@user
,
Gitlab
::
Access
::
REPORTER
)
false
end
end
app/policies/project_policy.rb
View file @
4d904bf3
...
@@ -203,6 +203,9 @@ class ProjectPolicy < BasePolicy
...
@@ -203,6 +203,9 @@ class ProjectPolicy < BasePolicy
can!
:read_container_image
can!
:read_container_image
can!
:download_code
can!
:download_code
# NB: may be overridden by IssuePolicy
can!
:read_issue
# Allow to read builds by anonymous user if guests are allowed
# Allow to read builds by anonymous user if guests are allowed
can!
:read_build
if
project
.
public_builds?
can!
:read_build
if
project
.
public_builds?
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment