gitlab-org--gitlab-foss/app/policies/issuable_policy.rb

# frozen_string_literal: true

class IssuablePolicy < BasePolicy
  delegate { @subject.project }

  condition(:locked, scope: :subject, score: 0) { @subject.discussion_locked? }
  condition(:is_project_member) { @user && @subject.project && @subject.project.team.member?(@user) }
  condition(:can_read_issuable) { can?(:"read_#{@subject.to_ability_name}") }

  desc "User is the assignee or author"
  condition(:assignee_or_author) do
    @user && @subject.assignee_or_author?(@user)
  end

  condition(:is_author) { @subject&.author == @user }

  condition(:is_incident) { @subject.incident? }

  rule { can?(:guest_access) & assignee_or_author & ~is_incident }.policy do
    enable :read_issue
    enable :update_issue
    enable :reopen_issue
  end

  rule { can?(:read_merge_request) & assignee_or_author }.policy do
    enable :update_merge_request
    enable :reopen_merge_request
  end

  rule { is_author }.policy do
    enable :resolve_note
  end

  rule { locked & ~is_project_member }.policy do
    prevent :create_note
    prevent :admin_note
    prevent :resolve_note
    prevent :award_emoji
  end

  rule { can?(:read_issue) }.policy do
    enable :read_incident_management_timeline_event
  end

  rule { can?(:read_issue) & can?(:developer_access) }.policy do
    enable :admin_incident_management_timeline_event
  end

  rule { can?(:reporter_access) }.policy do
    enable :create_timelog
  end

  rule { can_read_issuable }.policy do
    enable :read_issuable
    enable :read_issuable_participables
  end

  # This rule replicates permissions in NotePolicy#can_read_confidential
  rule { can?(:reporter_access) | admin }.policy do
    enable :read_internal_note
  end
end

IssuablePolicy.prepend_mod_with('IssuablePolicy')
Enable frozen string in presenters and policies Enable frozen string in: * app/presenters * app/policies Partially addresses #47424. 2018-07-24 06:00:56 -04:00			`# frozen_string_literal: true`

port issues to Issu{able,e}Policy 2016-08-16 14:10:34 -04:00			`class IssuablePolicy < BasePolicy`
convert all the policies to DeclarativePolicy 2017-04-06 17:06:42 -04:00			`delegate { @subject.project }`
port issues to Issu{able,e}Policy 2016-08-16 14:10:34 -04:00
Create system notes for MR too, improve doc + clean up code 2017-09-01 08:03:57 -04:00			`condition(:locked, scope: :subject, score: 0) { @subject.discussion_locked? }`
Support discussion locking in the backend 2017-08-30 10:57:50 -04:00			`condition(:is_project_member) { @user && @subject.project && @subject.project.team.member?(@user) }`
Add latest changes from gitlab-org/gitlab@master 2022-08-30 11:10:02 -04:00			`condition(:can_read_issuable) { can?(:"read_#{@subject.to_ability_name}") }`
Support discussion locking in the backend 2017-08-30 10:57:50 -04:00
convert all the policies to DeclarativePolicy 2017-04-06 17:06:42 -04:00			`desc "User is the assignee or author"`
			`condition(:assignee_or_author) do`
			`@user && @subject.assignee_or_author?(@user)`
			`end`
port issues to Issu{able,e}Policy 2016-08-16 14:10:34 -04:00
Add latest changes from gitlab-org/gitlab@master 2021-10-28 14:14:18 -04:00			`condition(:is_author) { @subject&.author == @user }`

Add latest changes from gitlab-org/gitlab@master 2022-05-20 08:08:50 -04:00			`condition(:is_incident) { @subject.incident? }`

			`rule { can?(:guest_access) & assignee_or_author & ~is_incident }.policy do`
convert all the policies to DeclarativePolicy 2017-04-06 17:06:42 -04:00			`enable :read_issue`
			`enable :update_issue`
Restrict reopening locked issues for issue authors 2018-08-19 15:43:41 -04:00			`enable :reopen_issue`
Add latest changes from gitlab-org/gitlab@master 2021-12-06 22:12:22 -05:00			`end`

			`rule { can?(:read_merge_request) & assignee_or_author }.policy do`
convert all the policies to DeclarativePolicy 2017-04-06 17:06:42 -04:00			`enable :update_merge_request`
Disallow reopening of locked merge requests Fixes #56864 2019-03-08 03:34:20 -05:00			`enable :reopen_merge_request`
port issues to Issu{able,e}Policy 2016-08-16 14:10:34 -04:00			`end`
Support discussion locking in the backend 2017-08-30 10:57:50 -04:00
Add latest changes from gitlab-org/gitlab@master 2021-10-28 14:14:18 -04:00			`rule { is_author }.policy do`
			`enable :resolve_note`
			`end`

Create system notes for MR too, improve doc + clean up code 2017-09-01 08:03:57 -04:00			`rule { locked & ~is_project_member }.policy do`
			`prevent :create_note`
			`prevent :admin_note`
			`prevent :resolve_note`
Add latest changes from gitlab-org/gitlab@master 2020-08-24 17:10:17 -04:00			`prevent :award_emoji`
Create system notes for MR too, improve doc + clean up code 2017-09-01 08:03:57 -04:00			`end`
Add latest changes from gitlab-org/gitlab@master 2022-05-11 08:09:03 -04:00
			`rule { can?(:read_issue) }.policy do`
			`enable :read_incident_management_timeline_event`
			`end`

			`rule { can?(:read_issue) & can?(:developer_access) }.policy do`
			`enable :admin_incident_management_timeline_event`
			`end`
Add latest changes from gitlab-org/gitlab@master 2022-07-27 11:09:42 -04:00
			`rule { can?(:reporter_access) }.policy do`
			`enable :create_timelog`
			`end`
Add latest changes from gitlab-org/gitlab@master 2022-08-30 11:10:02 -04:00
			`rule { can_read_issuable }.policy do`
			`enable :read_issuable`
Add latest changes from gitlab-org/gitlab@master 2022-10-03 05:09:43 -04:00			`enable :read_issuable_participables`
			`end`

			`# This rule replicates permissions in NotePolicy#can_read_confidential`
Add latest changes from gitlab-org/gitlab@master 2022-10-21 11:11:29 -04:00			`rule { can?(:reporter_access) \| admin }.policy do`
Add latest changes from gitlab-org/gitlab@master 2022-10-03 05:09:43 -04:00			`enable :read_internal_note`
Add latest changes from gitlab-org/gitlab@master 2022-08-30 11:10:02 -04:00			`end`
port issues to Issu{able,e}Policy 2016-08-16 14:10:34 -04:00			`end`
Add latest changes from gitlab-org/gitlab@master 2020-11-20 07:09:35 -05:00
Add latest changes from gitlab-org/gitlab@master 2021-05-11 17:10:21 -04:00			`IssuablePolicy.prepend_mod_with('IssuablePolicy')`