gitlab-org--gitlab-foss/app/policies/group_member_policy.rb

# frozen_string_literal: true

class GroupMemberPolicy < BasePolicy
  delegate :group

  with_scope :subject
  condition(:last_owner) { @subject.group.member_last_owner?(@subject) || @subject.group.member_last_blocked_owner?(@subject) }
  condition(:project_bot) { @subject.user&.project_bot? && @subject.group.member?(@subject.user) }

  desc "Membership is users' own"
  with_score 0
  condition(:is_target_user) { @user && @subject.user_id == @user.id }

  rule { anonymous }.policy do
    prevent :update_group_member
    prevent :destroy_group_member
  end

  rule { last_owner }.policy do
    prevent :update_group_member
    prevent :destroy_group_member
  end

  rule { ~project_bot & can?(:admin_group_member) }.policy do
    enable :update_group_member
    enable :destroy_group_member
  end

  rule { project_bot & can?(:admin_group_member) }.enable :destroy_project_bot_member

  rule { is_target_user }.policy do
    enable :destroy_group_member
  end
end

GroupMemberPolicy.prepend_mod_with('GroupMemberPolicy')
Enable frozen string in presenters and policies Enable frozen string in: * app/presenters * app/policies Partially addresses #47424. 2018-07-24 06:00:56 -04:00			`# frozen_string_literal: true`

port runners, namespaces, group/project_members 2016-08-18 12:52:35 -04:00			`class GroupMemberPolicy < BasePolicy`
convert all the policies to DeclarativePolicy 2017-04-06 17:06:42 -04:00			`delegate :group`
port runners, namespaces, group/project_members 2016-08-18 12:52:35 -04:00
convert all the policies to DeclarativePolicy 2017-04-06 17:06:42 -04:00			`with_scope :subject`
Add latest changes from gitlab-org/gitlab@master 2021-04-15 05:09:03 -04:00			`condition(:last_owner) { @subject.group.member_last_owner?(@subject) \|\| @subject.group.member_last_blocked_owner?(@subject) }`
Add latest changes from gitlab-org/gitlab@master 2022-01-17 07:17:11 -05:00			`condition(:project_bot) { @subject.user&.project_bot? && @subject.group.member?(@subject.user) }`
port runners, namespaces, group/project_members 2016-08-18 12:52:35 -04:00
convert all the policies to DeclarativePolicy 2017-04-06 17:06:42 -04:00			`desc "Membership is users' own"`
			`with_score 0`
			`condition(:is_target_user) { @user && @subject.user_id == @user.id }`
port runners, namespaces, group/project_members 2016-08-18 12:52:35 -04:00
Add latest changes from gitlab-org/gitlab@master 2021-01-18 04:11:05 -05:00			`rule { anonymous }.policy do`
			`prevent :update_group_member`
			`prevent :destroy_group_member`
			`end`

Add latest changes from gitlab-org/gitlab@master 2020-11-12 13:09:26 -05:00			`rule { last_owner }.policy do`
			`prevent :update_group_member`
			`prevent :destroy_group_member`
			`end`
port runners, namespaces, group/project_members 2016-08-18 12:52:35 -04:00
Add latest changes from gitlab-org/gitlab@master 2022-01-17 07:17:11 -05:00			`rule { ~project_bot & can?(:admin_group_member) }.policy do`
convert all the policies to DeclarativePolicy 2017-04-06 17:06:42 -04:00			`enable :update_group_member`
			`enable :destroy_group_member`
Backport hooks on group policies for the EE-specific implementation 2016-12-13 08:51:09 -05:00			`end`

Add latest changes from gitlab-org/gitlab@master 2022-01-17 07:17:11 -05:00			`rule { project_bot & can?(:admin_group_member) }.enable :destroy_project_bot_member`

convert all the policies to DeclarativePolicy 2017-04-06 17:06:42 -04:00			`rule { is_target_user }.policy do`
			`enable :destroy_group_member`
port runners, namespaces, group/project_members 2016-08-18 12:52:35 -04:00			`end`
			`end`
Add latest changes from gitlab-org/gitlab@master 2019-09-13 09:26:31 -04:00
Add latest changes from gitlab-org/gitlab@master 2021-05-11 17:10:21 -04:00			`GroupMemberPolicy.prepend_mod_with('GroupMemberPolicy')`