Merge branch 'ce-7000-introduce-PolicyCheckable' into 'master'
CE: Add PolicyCheckable concern for things passing to policy check See merge request gitlab-org/gitlab-ce!20839
This commit is contained in:
commit
31044d41a6
4 changed files with 51 additions and 4 deletions
|
@ -1,6 +1,7 @@
|
||||||
class DeployToken < ActiveRecord::Base
|
class DeployToken < ActiveRecord::Base
|
||||||
include Expirable
|
include Expirable
|
||||||
include TokenAuthenticatable
|
include TokenAuthenticatable
|
||||||
|
include PolicyActor
|
||||||
add_authentication_token_field :token
|
add_authentication_token_field :token
|
||||||
|
|
||||||
AVAILABLE_SCOPES = %i(read_repository read_registry).freeze
|
AVAILABLE_SCOPES = %i(read_repository read_registry).freeze
|
||||||
|
@ -58,10 +59,6 @@ class DeployToken < ActiveRecord::Base
|
||||||
write_attribute(:expires_at, value.presence || Forever.date)
|
write_attribute(:expires_at, value.presence || Forever.date)
|
||||||
end
|
end
|
||||||
|
|
||||||
def admin?
|
|
||||||
false
|
|
||||||
end
|
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def ensure_at_least_one_scope
|
def ensure_at_least_one_scope
|
||||||
|
|
36
app/policies/concerns/policy_actor.rb
Normal file
36
app/policies/concerns/policy_actor.rb
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
# Include this module if we want to pass something else than the user to
|
||||||
|
# check policies. This defines several methods which the policy checker
|
||||||
|
# would call and check.
|
||||||
|
module PolicyActor
|
||||||
|
extend ActiveSupport::Concern
|
||||||
|
|
||||||
|
def blocked?
|
||||||
|
false
|
||||||
|
end
|
||||||
|
|
||||||
|
def admin?
|
||||||
|
false
|
||||||
|
end
|
||||||
|
|
||||||
|
def external?
|
||||||
|
false
|
||||||
|
end
|
||||||
|
|
||||||
|
def internal?
|
||||||
|
false
|
||||||
|
end
|
||||||
|
|
||||||
|
def access_locked?
|
||||||
|
false
|
||||||
|
end
|
||||||
|
|
||||||
|
def required_terms_not_accepted?
|
||||||
|
false
|
||||||
|
end
|
||||||
|
|
||||||
|
def can_create_group
|
||||||
|
false
|
||||||
|
end
|
||||||
|
end
|
|
@ -43,6 +43,7 @@ module Gitlab
|
||||||
#{config.root}/app/models/members
|
#{config.root}/app/models/members
|
||||||
#{config.root}/app/models/project_services
|
#{config.root}/app/models/project_services
|
||||||
#{config.root}/app/workers/concerns
|
#{config.root}/app/workers/concerns
|
||||||
|
#{config.root}/app/policies/concerns
|
||||||
#{config.root}/app/services/concerns
|
#{config.root}/app/services/concerns
|
||||||
#{config.root}/app/serializers/concerns
|
#{config.root}/app/serializers/concerns
|
||||||
#{config.root}/app/finders/concerns
|
#{config.root}/app/finders/concerns
|
||||||
|
|
13
spec/policies/concerns/policy_actor_spec.rb
Normal file
13
spec/policies/concerns/policy_actor_spec.rb
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
require 'spec_helper'
|
||||||
|
|
||||||
|
describe PolicyActor do
|
||||||
|
it 'implements all the methods from user' do
|
||||||
|
methods = subject.instance_methods
|
||||||
|
|
||||||
|
# User.instance_methods do not return all methods until an instance is
|
||||||
|
# initialized. So here we just use an instance
|
||||||
|
expect(build(:user).methods).to include(*methods)
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in a new issue