Refactor project policy by removing duplicate declarations for readonly users.

Don't repeat declarations that are common between anonymous and auditor users.

Refactor project policy by removing duplicate declarations for readonly users.
Don't repeat declarations that are common between anonymous and auditor users.
c0136d62 · Timothy Andrew · 9a3a4a5e · c0136d62
Commit c0136d62 authored Jan 30, 2017 by Timothy Andrew
Hide whitespace changes
Inline Side-by-side

Showing with 30 additions and 42 deletions

app/policies/project_policy.rb app/policies/project_policy.rb +30 -42

No files found.
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -185,33 +185,12 @@ class ProjectPolicy < BasePolicy

  # An auditor user has read-only access to all projects
  def auditor_access!
-    can! :download_code
-    can! :download_wiki_code
-    can! :read_project
-    can! :read_board
-    can! :read_list
-    can! :read_wiki
-    can! :read_issue
-    can! :read_label
-    can! :read_milestone
-    can! :read_project_snippet
-    can! :read_project_member
-    can! :read_note
-    can! :read_cycle_analytics
-    can! :read_pipeline
-    can! :read_build
-    can! :read_commit_status
+    base_readonly_access!
+
    can! :read_build
-    can! :read_container_image
-    can! :read_pipeline
    can! :read_environment
    can! :read_deployment
-    can! :read_merge_request
    can! :read_pages
-    can! :read_commit_status
-    can! :read_pipeline
-    can! :read_container_image
-    can! :read_merge_request
  end

  def disabled_features!
@@ -260,25 +239,7 @@ class ProjectPolicy < BasePolicy
  def anonymous_rules
    return unless project.public?

-    can! :read_project
-    can! :read_board
-    can! :read_list
-    can! :read_wiki
-    can! :read_label
-    can! :read_milestone
-    can! :read_project_snippet
-    can! :read_project_member
-    can! :read_merge_request
-    can! :read_note
-    can! :read_pipeline
-    can! :read_commit_status
-    can! :read_container_image
-    can! :download_code
-    can! :download_wiki_code
-    can! :read_cycle_analytics
-
-    # NOTE: may be overridden by IssuePolicy
-    can! :read_issue
+    base_readonly_access!

    # Allow to read builds by anonymous user if guests are allowed
    can! :read_build if project.public_builds?
@@ -311,4 +272,31 @@ class ProjectPolicy < BasePolicy
      :"admin_#{name}"
    ]
  end
+
+  private
+
+  # A base set of abilities for read-only users, which
+  # is then augmented as necessary for anonymous and auditor
+  # users.
+  def base_readonly_access!
+    can! :read_project
+    can! :read_board
+    can! :read_list
+    can! :read_wiki
+    can! :read_label
+    can! :read_milestone
+    can! :read_project_snippet
+    can! :read_project_member
+    can! :read_merge_request
+    can! :read_note
+    can! :read_pipeline
+    can! :read_commit_status
+    can! :read_container_image
+    can! :download_code
+    can! :download_wiki_code
+    can! :read_cycle_analytics
+
+    # NOTE: may be overridden by IssuePolicy
+    can! :read_issue
+  end
 end