gitlab-org--gitlab-foss/app/models/ability.rb

class Ability
  class << self
    # Given a list of users and a project this method returns the users that can
    # read the given project.
    def users_that_can_read_project(users, project)
      if project.public?
        users
      else
        users.select do |user|
          if user.admin?
            true
          elsif project.internal? && !user.external?
            true
          elsif project.owner == user
            true
          elsif project.team.members.include?(user)
            true
          else
            false
          end
        end
      end
    end

    # Returns an Array of Issues that can be read by the given user.
    #
    # issues - The issues to reduce down to those readable by the user.
    # user - The User for which to check the issues
    def issues_readable_by_user(issues, user = nil)
      return issues if user && user.admin?

      issues.select { |issue| issue.visible_to_user?(user) }
    end

    # TODO: make this private and use the actual abilities stuff for this
    def can_edit_note?(user, note)
      return false if !note.editable? || !user.present?
      return true if note.author == user || user.admin?

      if note.project
        max_access_level = note.project.team.max_member_access(user.id)
        max_access_level >= Gitlab::Access::MASTER
      else
        false
      end
    end

    def allowed?(user, action, subject)
      allowed(user, subject).include?(action)
    end

    def allowed(user, subject)
      return uncached_allowed(user, subject) unless RequestStore.active?

      user_key = user ? user.id : 'anonymous'
      subject_key = subject ? "#{subject.class.name}/#{subject.id}" : 'global'
      key = "/ability/#{user_key}/#{subject_key}"
      RequestStore[key] ||= Set.new(uncached_allowed(user, subject)).freeze
    end

    private

    def uncached_allowed(user, subject)
      policy_class = BasePolicy.class_for(subject) rescue nil
      return policy_class.abilities(user, subject) if policy_class

      return anonymous_abilities(subject) if user.nil?
      return [] unless user.is_a?(User)
      return [] if user.blocked?

      abilities_by_subject_class(user: user, subject: subject)
    end

    def abilities_by_subject_class(user:, subject:)
      case subject
      when ExternalIssue, Deployment, Environment then project_abilities(user, subject.project)
      else []
      end + global_abilities(user)
    end

    # List of possible abilities for anonymous user
    def anonymous_abilities(subject)
      if subject.respond_to?(:project)
        ProjectPolicy.abilities(nil, subject.project)
      elsif subject.respond_to?(:group)
        GroupPolicy.abilities(nil, subject.group)
      else
        []
      end
    end

    def global_abilities(user)
      rules = []
      rules << :create_group if user.can_create_group
      rules << :read_users_list
      rules
    end

    def project_abilities(user, project)
      # temporary patch, deleteme before merge
      ProjectPolicy.abilities(user, project).to_a
    end

    def project_member_abilities(user, subject)
      rules = []
      target_user = subject.user
      project = subject.project

      unless target_user == project.owner
        can_manage = allowed?(user, :admin_project_member, project)

        if can_manage
          rules << :update_project_member
          rules << :destroy_project_member
        elsif user == target_user
          rules << :destroy_project_member
        end
      end

      rules
    end

    def filter_build_abilities(rules)
      # If we can't read build we should also not have that
      # ability when looking at this in context of commit_status
      %w(read create update admin).each do |rule|
        rules.delete(:"#{rule}_commit_status") unless rules.include?(:"#{rule}_build")
      end
      rules
    end

    def restricted_public_level?
      current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC)
    end

    def filter_confidential_issues_abilities(user, issue, rules)
      return rules if user.admin? || !issue.confidential?

      unless issue.author == user || issue.assignee == user || issue.project.team.member?(user, Gitlab::Access::REPORTER)
        rules.delete(:admin_issue)
        rules.delete(:read_issue)
        rules.delete(:update_issue)
      end

      rules
    end
  end
end
init commit 2011-10-08 21:36:38 +00:00			`class Ability`
simple refactoring 2012-10-09 00:10:04 +00:00			`class << self`
make almost everything on Ability private 2016-08-24 00:29:40 +00:00			`# Given a list of users and a project this method returns the users that can`
			`# read the given project.`
			`def users_that_can_read_project(users, project)`
			`if project.public?`
			`users`
			`else`
			`users.select do \|user\|`
			`if user.admin?`
			`true`
			`elsif project.internal? && !user.external?`
			`true`
			`elsif project.owner == user`
			`true`
			`elsif project.team.members.include?(user)`
			`true`
			`else`
			`false`
			`end`
			`end`
			`end`
			`end`
remove six, and use a Set instead 2016-08-08 17:07:15 +00:00
make almost everything on Ability private 2016-08-24 00:29:40 +00:00			`# Returns an Array of Issues that can be read by the given user.`
			`#`
			`# issues - The issues to reduce down to those readable by the user.`
			`# user - The User for which to check the issues`
			`def issues_readable_by_user(issues, user = nil)`
			`return issues if user && user.admin?`

			`issues.select { \|issue\| issue.visible_to_user?(user) }`
			`end`

			`# TODO: make this private and use the actual abilities stuff for this`
			`def can_edit_note?(user, note)`
			`return false if !note.editable? \|\| !user.present?`
			`return true if note.author == user \|\| user.admin?`

			`if note.project`
			`max_access_level = note.project.team.max_member_access(user.id)`
			`max_access_level >= Gitlab::Access::MASTER`
			`else`
			`false`
			`end`
remove six, and use a Set instead 2016-08-08 17:07:15 +00:00			`end`

			`def allowed?(user, action, subject)`
			`allowed(user, subject).include?(action)`
			`end`

allow/deny user to create group/team 2013-01-25 09:30:49 +00:00			`def allowed(user, subject)`
remove six, and use a Set instead 2016-08-08 17:07:15 +00:00			`return uncached_allowed(user, subject) unless RequestStore.active?`

			`user_key = user ? user.id : 'anonymous'`
			`subject_key = subject ? "#{subject.class.name}/#{subject.id}" : 'global'`
			`key = "/ability/#{user_key}/#{subject_key}"`
			`RequestStore[key] \|\|= Set.new(uncached_allowed(user, subject)).freeze`
			`end`

make almost everything on Ability private 2016-08-24 00:29:40 +00:00			`private`

remove six, and use a Set instead 2016-08-08 17:07:15 +00:00			`def uncached_allowed(user, subject)`
add automatic detection of the policy class 2016-08-16 19:55:44 +00:00			`policy_class = BasePolicy.class_for(subject) rescue nil`
			`return policy_class.abilities(user, subject) if policy_class`

remove six, and use a Set instead 2016-08-08 17:07:15 +00:00			`return anonymous_abilities(subject) if user.nil?`
Minor refactoring 2015-11-17 15:24:02 +00:00			`return [] unless user.is_a?(User)`
Return empty abilities if user is blocked 2013-08-27 09:41:49 +00:00			`return [] if user.blocked?`
allow/deny user to create group/team 2013-01-25 09:30:49 +00:00
Move abilities by subject class to a dedicated method This will avoid lame conflicts when merging CE to EE Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-08-04 14:00:31 +00:00			`abilities_by_subject_class(user: user, subject: subject)`
			`end`

			`def abilities_by_subject_class(user:, subject:)`
Update ability model after comments 2016-02-04 13:43:52 +00:00			`case subject`
Improve cyclomatic of ability::allowed 2016-06-15 10:12:26 +00:00			`when ExternalIssue, Deployment, Environment then project_abilities(user, subject.project)`
fixing rubocop indents 2015-11-12 08:43:30 +00:00			`else []`
add policies, and factor out ProjectPolicy 2016-08-11 22:12:52 +00:00			`end + global_abilities(user)`
allow/deny user to create group/team 2013-01-25 09:30:49 +00:00			`end`

Rename `not_auth_` ability methods to `anonymous_` 2015-11-17 20:00:14 +00:00			`# List of possible abilities for anonymous user`
port issues to Issu{able,e}Policy 2016-08-16 18:10:34 +00:00			`def anonymous_abilities(subject)`
port personal snippets 2016-08-16 22:31:01 +00:00			`if subject.respond_to?(:project)`
add support for anonymous abilities 2016-08-12 18:36:16 +00:00			`ProjectPolicy.abilities(nil, subject.project)`
port groups 2016-08-16 23:28:47 +00:00			`elsif subject.respond_to?(:group)`
			`GroupPolicy.abilities(nil, subject.group)`
Minor refactoring 2015-11-17 15:24:02 +00:00			`else`
			`[]`
			`end`
Improve personal snippet access workflow. Fixes #3258 2015-10-29 20:42:29 +00:00			`end`

allow/deny user to create group/team 2013-01-25 09:30:49 +00:00			`def global_abilities(user)`
			`rules = []`
			`rules << :create_group if user.can_create_group`
Fix documentation and improve permissions code 2016-04-12 15:04:33 +00:00			`rules << :read_users_list`
allow/deny user to create group/team 2013-01-25 09:30:49 +00:00			`rules`
init commit 2011-10-08 21:36:38 +00:00			`end`

simple refactoring 2012-10-09 00:10:04 +00:00			`def project_abilities(user, project)`
add policies, and factor out ProjectPolicy 2016-08-11 22:12:52 +00:00			`# temporary patch, deleteme before merge`
add support for anonymous abilities 2016-08-12 18:36:16 +00:00			`ProjectPolicy.abilities(user, project).to_a`
Fix access to disabled features for unauthenticated users Unauthenticated users had access to disabled features of public projects. The code has been slightly refactored so that feature checks are done in a separate method and can also be applied for public access. 2015-07-19 21:21:33 +00:00			`end`

refactored permissions and added update_project_member ability logic. Also refactored owner methods to a concern. 2015-11-03 11:11:56 +00:00			`def project_member_abilities(user, subject)`
			`rules = []`
			`target_user = subject.user`
			`project = subject.project`

Add a migration to remove requesters that are owners of their project Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-05 16:55:35 +00:00			`unless target_user == project.owner`
trim more dead code 2016-08-16 23:29:10 +00:00			`can_manage = allowed?(user, :admin_project_member, project)`
refactored permissions and added update_project_member ability logic. Also refactored owner methods to a concern. 2015-11-03 11:11:56 +00:00
Signed in admin should be able to add/remove himself to a project 2015-12-01 22:47:26 +00:00			`if can_manage`
Refactor ability changes 2015-11-17 14:49:37 +00:00			`rules << :update_project_member`
			`rules << :destroy_project_member`
Signed in admin should be able to add/remove himself to a project 2015-12-01 22:47:26 +00:00			`elsif user == target_user`
Refactor ability changes 2015-11-17 14:49:37 +00:00			`rules << :destroy_project_member`
			`end`
refactored permissions and added update_project_member ability logic. Also refactored owner methods to a concern. 2015-11-03 11:11:56 +00:00			`end`
Refactor ability changes 2015-11-17 14:49:37 +00:00
refactored permissions and added update_project_member ability logic. Also refactored owner methods to a concern. 2015-11-03 11:11:56 +00:00			`rules`
			`end`

Properly handle commit status permissions (for a build) 2016-02-03 12:33:47 +00:00			`def filter_build_abilities(rules)`
			`# If we can't read build we should also not have that`
			`# ability when looking at this in context of commit_status`
Update ability model after comments 2016-02-04 13:43:52 +00:00			`%w(read create update admin).each do \|rule\|`
Use `delete` instead of assignment operator when filtering build abilities 2016-02-04 15:32:41 +00:00			`rules.delete(:"#{rule}_commit_status") unless rules.include?(:"#{rule}_build")`
Properly handle commit status permissions (for a build) 2016-02-03 12:33:47 +00:00			`end`
			`rules`
			`end`

Add specs and fix code 2016-03-30 20:14:21 +00:00			`def restricted_public_level?`
Insert users check into api 2016-04-06 21:09:24 +00:00			`current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC)`
Add specs and fix code 2016-03-30 20:14:21 +00:00			`end`

Restrict access to confidential issues 2016-03-17 19:38:51 +00:00			`def filter_confidential_issues_abilities(user, issue, rules)`
			`return rules if user.admin? \|\| !issue.confidential?`

Project members with guest role can't access confidential issues 2016-06-06 19:13:31 +00:00			`unless issue.author == user \|\| issue.assignee == user \|\| issue.project.team.member?(user, Gitlab::Access::REPORTER)`
Restrict access to confidential issues 2016-03-17 19:38:51 +00:00			`rules.delete(:admin_issue)`
			`rules.delete(:read_issue)`
			`rules.delete(:update_issue)`
			`end`

			`rules`
			`end`
security improved 2011-10-17 10:39:03 +00:00			`end`
init commit 2011-10-08 21:36:38 +00:00			`end`