Merge branch 'ce-7000-introduce-PolicyCheckable' into 'master'

CE: Add PolicyCheckable concern for things passing to policy check

See merge request gitlab-org/gitlab-ce!20839
This commit is contained in:
Grzegorz Bizon 2018-07-27 11:07:39 +00:00
commit 31044d41a6
4 changed files with 51 additions and 4 deletions

View file

@ -1,6 +1,7 @@
class DeployToken < ActiveRecord::Base class DeployToken < ActiveRecord::Base
include Expirable include Expirable
include TokenAuthenticatable include TokenAuthenticatable
include PolicyActor
add_authentication_token_field :token add_authentication_token_field :token
AVAILABLE_SCOPES = %i(read_repository read_registry).freeze AVAILABLE_SCOPES = %i(read_repository read_registry).freeze
@ -58,10 +59,6 @@ class DeployToken < ActiveRecord::Base
write_attribute(:expires_at, value.presence || Forever.date) write_attribute(:expires_at, value.presence || Forever.date)
end end
def admin?
false
end
private private
def ensure_at_least_one_scope def ensure_at_least_one_scope

View file

@ -0,0 +1,36 @@
# frozen_string_literal: true
# Include this module if we want to pass something else than the user to
# check policies. This defines several methods which the policy checker
# would call and check.
module PolicyActor
extend ActiveSupport::Concern
def blocked?
false
end
def admin?
false
end
def external?
false
end
def internal?
false
end
def access_locked?
false
end
def required_terms_not_accepted?
false
end
def can_create_group
false
end
end

View file

@ -43,6 +43,7 @@ module Gitlab
#{config.root}/app/models/members #{config.root}/app/models/members
#{config.root}/app/models/project_services #{config.root}/app/models/project_services
#{config.root}/app/workers/concerns #{config.root}/app/workers/concerns
#{config.root}/app/policies/concerns
#{config.root}/app/services/concerns #{config.root}/app/services/concerns
#{config.root}/app/serializers/concerns #{config.root}/app/serializers/concerns
#{config.root}/app/finders/concerns #{config.root}/app/finders/concerns

View file

@ -0,0 +1,13 @@
# frozen_string_literal: true
require 'spec_helper'
describe PolicyActor do
it 'implements all the methods from user' do
methods = subject.instance_methods
# User.instance_methods do not return all methods until an instance is
# initialized. So here we just use an instance
expect(build(:user).methods).to include(*methods)
end
end