gitlab-org--gitlab-foss/app/policies/global_policy.rb

90 lines
2.2 KiB
Ruby
Raw Normal View History

# frozen_string_literal: true
2016-08-16 19:29:19 -04:00
class GlobalPolicy < BasePolicy
desc "User is an internal user"
with_options scope: :user, score: 0
condition(:internal) { @user&.internal? }
2016-08-30 14:14:07 -04:00
desc "User's access has been locked"
with_options scope: :user, score: 0
condition(:access_locked) { @user&.access_locked? }
condition(:can_create_fork, scope: :user) { @user && @user.manageable_namespaces.any? { |namespace| @user.can?(:create_projects, namespace) } }
2017-09-29 07:14:39 -04:00
condition(:required_terms_not_accepted, scope: :user, score: 0) do
@user&.required_terms_not_accepted?
end
condition(:private_instance_statistics, score: 0) { Gitlab::CurrentSettings.instance_statistics_visibility_private? }
2018-07-25 11:36:08 -04:00
rule { admin | (~private_instance_statistics & ~anonymous) }
.enable :read_instance_statistics
rule { anonymous }.policy do
prevent :log_in
prevent :receive_notifications
prevent :use_quick_actions
prevent :create_group
end
rule { default }.policy do
enable :log_in
enable :access_api
enable :access_git
enable :receive_notifications
enable :use_quick_actions
enable :use_slash_commands
end
rule { blocked | internal }.policy do
prevent :log_in
prevent :access_api
prevent :access_git
prevent :receive_notifications
prevent :use_slash_commands
end
rule { deactivated }.policy do
prevent :access_git
prevent :access_api
prevent :receive_notifications
prevent :use_slash_commands
end
rule { required_terms_not_accepted }.policy do
prevent :access_api
prevent :access_git
end
rule { can_create_group }.policy do
enable :create_group
end
2017-09-29 07:14:39 -04:00
rule { can_create_fork }.policy do
enable :create_fork
end
rule { access_locked }.policy do
prevent :log_in
prevent :use_slash_commands
2016-08-16 19:29:19 -04:00
end
rule { ~(anonymous & restricted_public_level) }.policy do
enable :read_users_list
2016-08-16 19:29:19 -04:00
end
2017-09-28 12:49:42 -04:00
rule { ~anonymous }.policy do
enable :read_instance_metadata
enable :create_personal_snippet
end
2017-09-28 12:49:42 -04:00
rule { admin }.policy do
enable :read_custom_attribute
enable :update_custom_attribute
end
rule { external_user }.prevent :create_personal_snippet
2016-08-16 19:29:19 -04:00
end
GlobalPolicy.prepend_if_ee('EE::GlobalPolicy')