Commit a8420489 authored by Brett Walker's avatar Brett Walker

Shift NamespacePolicy to UserNamespacePolicy

as we convert to using Namespaces::UserNamespace
parent be4538b5
# frozen_string_literal: true # frozen_string_literal: true
class NamespacePolicy < BasePolicy class NamespacePolicy < ::Namespaces::UserNamespacePolicy
rule { anonymous }.prevent_all # NamespacePolicy has been traditionally for user namespaces.
# So these policies have been moved into Namespaces::UserNamespacePolicy.
condition(:personal_project, scope: :subject) { @subject.kind == 'user' } # Once the user namespace conversion is complete, we can look at
condition(:can_create_personal_project, scope: :user) { @user.can_create_project? } # either removing this file or locating common namespace policy items
condition(:owner) { @subject.owner == @user } # here.
rule { owner | admin }.policy do
enable :owner_access
enable :create_projects
enable :admin_namespace
enable :read_namespace
enable :read_statistics
enable :create_jira_connect_subscription
enable :create_package_settings
enable :read_package_settings
end
rule { personal_project & ~can_create_personal_project }.prevent :create_projects
rule { (owner | admin) & can?(:create_projects) }.enable :transfer_projects
end end
NamespacePolicy.prepend_mod_with('NamespacePolicy')
# frozen_string_literal: true
module Namespaces
class UserNamespacePolicy < BasePolicy
rule { anonymous }.prevent_all
condition(:personal_project, scope: :subject) { @subject.kind == 'user' }
condition(:can_create_personal_project, scope: :user) { @user.can_create_project? }
condition(:owner) { @subject.owner == @user }
rule { owner | admin }.policy do
enable :owner_access
enable :create_projects
enable :admin_namespace
enable :read_namespace
enable :read_statistics
enable :create_jira_connect_subscription
enable :create_package_settings
enable :read_package_settings
end
rule { personal_project & ~can_create_personal_project }.prevent :create_projects
rule { (owner | admin) & can?(:create_projects) }.enable :transfer_projects
end
end
Namespaces::UserNamespacePolicy.prepend_mod_with('Namespaces::UserNamespacePolicy')
# frozen_string_literal: true
module EE
module NamespacePolicy
extend ActiveSupport::Concern
prepended do
condition(:over_storage_limit, scope: :subject) { @subject.over_storage_limit? }
condition(:compliance_framework_available) do
@subject.feature_available?(:custom_compliance_frameworks)
end
rule { admin & is_gitlab_com }.enable :update_subscription_limit
rule { over_storage_limit }.policy do
prevent :create_projects
end
rule { can?(:owner_access) & compliance_framework_available }.enable :admin_compliance_framework
end
end
end
# frozen_string_literal: true
module EE
module Namespaces
module UserNamespacePolicy
extend ActiveSupport::Concern
prepended do
condition(:over_storage_limit, scope: :subject) { @subject.over_storage_limit? }
condition(:compliance_framework_available) do
@subject.licensed_feature_available?(:custom_compliance_frameworks)
end
rule { admin & is_gitlab_com }.enable :update_subscription_limit
rule { over_storage_limit }.policy do
prevent :create_projects
end
rule { can?(:owner_access) & compliance_framework_available }.enable :admin_compliance_framework
end
end
end
end
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
require 'spec_helper' require 'spec_helper'
RSpec.describe NamespacePolicy do RSpec.describe Namespaces::UserNamespacePolicy do
let(:owner) { build_stubbed(:user) } let(:owner) { build_stubbed(:user) }
let(:namespace) { build_stubbed(:namespace, owner: owner) } let(:namespace) { build_stubbed(:namespace, owner: owner) }
let(:admin) { build_stubbed(:admin) } let(:admin) { build_stubbed(:admin) }
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
require 'spec_helper' require 'spec_helper'
RSpec.describe NamespacePolicy do RSpec.describe Namespaces::UserNamespacePolicy do
let(:user) { create(:user) } let(:user) { create(:user) }
let(:owner) { create(:user) } let(:owner) { create(:user) }
let(:admin) { create(:admin) } let(:admin) { create(:admin) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment