kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/app/policies/project_snippet_policy.rb

26 lines
826 B
Ruby
Raw Normal View History

port notes and project snippets
2016-08-16 16:08:14 -04:00
class ProjectSnippetPolicy < BasePolicy
def rules
Merge branch '25934-project-snippet-vis' into 'security-9-2' Fix visibility when referencing snippets See merge request !2101
2017-06-08 12:56:39 -04:00
# We have to check both project feature visibility and a snippet visibility and take the stricter one
# This will be simplified - check https://gitlab.com/gitlab-org/gitlab-ce/issues/27573
return unless @subject.project.feature_available?(:snippets, @user)
return unless Ability.allowed?(@user, :read_project, @subject.project)
port notes and project snippets
2016-08-16 16:08:14 -04:00
can! :read_project_snippet if @subject.public?
return unless @user
Backport changes from gitlab-org/gitlab-ee!998 Some changes in EE for the auditor user feature need to be backported to CE to avoid merge conflicts. This commit encapsulates all these backports.
2017-02-05 13:54:19 -05:00
if @user && (@subject.author == @user || @user.admin?)
port notes and project snippets
2016-08-16 16:08:14 -04:00
can! :read_project_snippet
can! :update_project_snippet
can! :admin_project_snippet
end
if @subject.internal? && !@user.external?
can! :read_project_snippet
end
Merge branch 'snippets-finder-visibility' into 'security' Refactor snippets finder & dont return internal snippets for external users See merge request !2094
2017-04-28 18:06:27 -04:00
if @subject.project.team.member?(@user)
port notes and project snippets
2016-08-16 16:08:14 -04:00
can! :read_project_snippet
end
end
end
Copy permalink