gitlab-org--gitlab-foss/app/policies/ci/pipeline_policy.rb

28 lines
722 B
Ruby
Raw Normal View History

module Ci
class PipelinePolicy < BasePolicy
2017-07-03 17:20:44 -04:00
delegate { @subject.project }
2017-12-08 02:49:55 -05:00
condition(:protected_ref) { ref_protected?(@user, @subject.project, @subject.tag?, @subject.ref) }
condition(:branch_allows_collaboration) do
@subject.project.branch_allows_collaboration?(@user, @subject.ref)
end
2017-12-08 02:49:55 -05:00
rule { protected_ref }.prevent :update_pipeline
rule { can?(:public_access) & branch_allows_collaboration }.policy do
enable :update_pipeline
end
2017-12-08 02:49:55 -05:00
def ref_protected?(user, project, tag, ref)
access = ::Gitlab::UserAccess.new(user, project: project)
if tag
!access.can_create_tag?(ref)
else
2017-12-08 02:49:55 -05:00
!access.can_update_branch?(ref)
end
end
end
end