gitlab-org--gitlab-foss/app/policies/personal_snippet_policy.rb

# frozen_string_literal: true

class PersonalSnippetPolicy < BasePolicy
  condition(:public_snippet, scope: :subject) { @subject.public? }
  condition(:is_author) { @user && @subject.author == @user }
  condition(:internal_snippet, scope: :subject) { @subject.internal? }

  rule { public_snippet }.policy do
    enable :read_personal_snippet
    enable :comment_personal_snippet
  end

  rule { is_author }.policy do
    enable :read_personal_snippet
    enable :update_personal_snippet
    enable :destroy_personal_snippet
    enable :admin_personal_snippet
    enable :comment_personal_snippet
  end

  rule { ~anonymous }.enable :create_personal_snippet
  rule { external_user }.prevent :create_personal_snippet

  rule { internal_snippet & ~external_user }.policy do
    enable :read_personal_snippet
    enable :comment_personal_snippet
  end

  rule { anonymous }.prevent :comment_personal_snippet

  rule { can?(:comment_personal_snippet) }.policy do
    enable :create_note
    enable :award_emoji
  end

  rule { full_private_access }.enable :read_personal_snippet
end
Enable frozen string in presenters and policies Enable frozen string in: * app/presenters * app/policies Partially addresses #47424. 2018-07-24 06:00:56 -04:00			`# frozen_string_literal: true`

add personal snippets and project members 2016-08-16 19:46:35 -04:00			`class PersonalSnippetPolicy < BasePolicy`
convert all the policies to DeclarativePolicy 2017-04-06 17:06:42 -04:00			`condition(:public_snippet, scope: :subject) { @subject.public? }`
			`condition(:is_author) { @user && @subject.author == @user }`
			`condition(:internal_snippet, scope: :subject) { @subject.internal? }`
add personal snippets and project members 2016-08-16 19:46:35 -04:00
convert all the policies to DeclarativePolicy 2017-04-06 17:06:42 -04:00			`rule { public_snippet }.policy do`
			`enable :read_personal_snippet`
			`enable :comment_personal_snippet`
			`end`
Support uploaders for personal snippets comments 2017-05-01 09:14:35 -04:00
convert all the policies to DeclarativePolicy 2017-04-06 17:06:42 -04:00			`rule { is_author }.policy do`
			`enable :read_personal_snippet`
			`enable :update_personal_snippet`
			`enable :destroy_personal_snippet`
			`enable :admin_personal_snippet`
			`enable :comment_personal_snippet`
			`end`
add personal snippets and project members 2016-08-16 19:46:35 -04:00
convert all the policies to DeclarativePolicy 2017-04-06 17:06:42 -04:00			`rule { ~anonymous }.enable :create_personal_snippet`
			`rule { external_user }.prevent :create_personal_snippet`
API: Endpoint to expose personal snippets as /snippets Adding the necessary API for the new /snippets Restful resource added with this commit. Added a new Grape class `Snippets`, as well as a `PersonalSnippet` entity. Issue: #20042 Merge-Request: !6373 Signed-off-by: Guyzmo <guyzmo+gitlab+pub@m0g.net> 2016-11-26 10:37:26 -05:00
convert all the policies to DeclarativePolicy 2017-04-06 17:06:42 -04:00			`rule { internal_snippet & ~external_user }.policy do`
			`enable :read_personal_snippet`
			`enable :comment_personal_snippet`
add personal snippets and project members 2016-08-16 19:46:35 -04:00			`end`
convert all the policies to DeclarativePolicy 2017-04-06 17:06:42 -04:00
			`rule { anonymous }.prevent :comment_personal_snippet`
Prevent awarding emoji when a project is archived This prevents performing the requests, and disables all emoji reaction buttons 2018-04-06 14:19:37 -04:00
Prevent comments by email when issue is locked This changes the permission check so it uses the policy on Noteable instead of Project. This prevents bypassing of rules defined in Noteable for locked discussions and confidential issues. Also rechecks permissions when reply_to_discussion_id is provided since the discussion_id may be from a different noteable. 2019-01-15 13:53:24 -05:00			`rule { can?(:comment_personal_snippet) }.policy do`
			`enable :create_note`
			`enable :award_emoji`
			`end`
Allow admins/auditors to read private personal snippets 2019-01-24 07:44:46 -05:00
			`rule { full_private_access }.enable :read_personal_snippet`
add personal snippets and project members 2016-08-16 19:46:35 -04:00			`end`