From 16fe6dc7b159a0e6b68a586065de1f95d6acecfa Mon Sep 17 00:00:00 2001 From: "http://jneen.net/" Date: Tue, 16 Aug 2016 12:05:44 -0700 Subject: [PATCH] port CommitStatus/Build --- app/models/ability.rb | 3 ++- app/policies/base_policy.rb | 4 ++++ app/policies/ci/build_policy.rb | 13 +++++++++++++ app/policies/commit_status_policy.rb | 5 +++++ 4 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 app/policies/ci/build_policy.rb create mode 100644 app/policies/commit_status_policy.rb diff --git a/app/models/ability.rb b/app/models/ability.rb index b8e3e97b351..c89cc9b2e17 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -74,7 +74,8 @@ class Ability when Issue then IssuePolicy.abilities(user, subject) when MergeRequest then MergeRequestPolicy.abilities(user, subject) - when CommitStatus then commit_status_abilities(user, subject) + when Ci::Build then Ci::BuildPolicy.abilities(user, subject) + when CommitStatus then CommitStatus.abilities(user, subject) when Note then note_abilities(user, subject) when ProjectSnippet then project_snippet_abilities(user, subject) when PersonalSnippet then personal_snippet_abilities(user, subject) diff --git a/app/policies/base_policy.rb b/app/policies/base_policy.rb index fd5d05a1bd1..e1757d97e89 100644 --- a/app/policies/base_policy.rb +++ b/app/policies/base_policy.rb @@ -30,6 +30,10 @@ class BasePolicy @can.merge(BasePolicy.class_for(new_subject).abilities(@user, new_subject)) end + def can?(rule) + @can.include?(rule) && !@cannot.include?(rule) + end + def can!(*rules) @can.merge(rules) end diff --git a/app/policies/ci/build_policy.rb b/app/policies/ci/build_policy.rb new file mode 100644 index 00000000000..2232e231cf8 --- /dev/null +++ b/app/policies/ci/build_policy.rb @@ -0,0 +1,13 @@ +module Ci + class BuildPolicy < CommitStatusPolicy + def rules + super + + # If we can't read build we should also not have that + # ability when looking at this in context of commit_status + %w(read create update admin).each do |rule| + cannot! :"#{rule}_commit_status" unless can? :"#{rule}_build" + end + end + end +end diff --git a/app/policies/commit_status_policy.rb b/app/policies/commit_status_policy.rb new file mode 100644 index 00000000000..593df738328 --- /dev/null +++ b/app/policies/commit_status_policy.rb @@ -0,0 +1,5 @@ +class CommitStatusPolicy < BasePolicy + def rules + delegate! @subject.project + end +end