Properly handle commit status permissions (for a build)
This commit is contained in:
parent
e80c79e3ad
commit
c3d897a9a3
|
@ -5,6 +5,12 @@ class Ability
|
|||
return [] unless user.is_a?(User)
|
||||
return [] if user.blocked?
|
||||
|
||||
if subject.is_a?(CommitStatus)
|
||||
rules = project_abilities(user, subject)
|
||||
rules = filter_build_abilities(rules) if subject.is_a?(Ci::Build)
|
||||
return rules
|
||||
end
|
||||
|
||||
case subject.class.name
|
||||
when "Project" then project_abilities(user, subject)
|
||||
when "Issue" then issue_abilities(user, subject)
|
||||
|
@ -25,6 +31,10 @@ class Ability
|
|||
case true
|
||||
when subject.is_a?(PersonalSnippet)
|
||||
anonymous_personal_snippet_abilities(subject)
|
||||
when subject.is_a?(CommitStatus)
|
||||
rules = anonymous_project_abilities(subject)
|
||||
rules = filter_build_abilities(rules) if subject.is_a?(Ci::Build)
|
||||
rules
|
||||
when subject.is_a?(Project) || subject.respond_to?(:project)
|
||||
anonymous_project_abilities(subject)
|
||||
when subject.is_a?(Group) || subject.respond_to?(:group)
|
||||
|
@ -396,6 +406,18 @@ class Ability
|
|||
rules
|
||||
end
|
||||
|
||||
def filter_build_abilities(rules)
|
||||
# If we can't read build we should also not have that
|
||||
# ability when looking at this in context of commit_status
|
||||
unless rules.include?(:read_build)
|
||||
rules -= [:read_commit_status]
|
||||
end
|
||||
unless rules.include?(:update_build)
|
||||
rules -= [:update_commit_status]
|
||||
end
|
||||
rules
|
||||
end
|
||||
|
||||
def abilities
|
||||
@abilities ||= begin
|
||||
abilities = Six.new
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
%tr.commit_status
|
||||
%td.status
|
||||
- if commit_status.target_url
|
||||
- if can?(current_user, :read_commit_status, commit_status) && commit_status.target_url
|
||||
= link_to commit_status.target_url, class: "ci-status ci-#{commit_status.status}" do
|
||||
= ci_icon_for_status(commit_status.status)
|
||||
= commit_status.status
|
||||
|
@ -8,7 +8,7 @@
|
|||
= ci_status_with_icon(commit_status.status)
|
||||
|
||||
%td.commit_status-link
|
||||
- if can?(current_user, :read_build, commit_status.project) && commit_status.target_url
|
||||
- if can?(current_user, :read_commit_status, commit_status) && commit_status.target_url
|
||||
= link_to commit_status.target_url do
|
||||
%strong ##{commit_status.id}
|
||||
- else
|
||||
|
@ -66,10 +66,10 @@
|
|||
|
||||
%td
|
||||
.pull-right
|
||||
- if can?(current_user, :read_build, commit_status.project) && commit_status.artifacts_download_url
|
||||
- if can?(current_user, :read_commit_status, commit_status) && commit_status.artifacts_download_url
|
||||
= link_to commit_status.artifacts_download_url, title: 'Download artifacts' do
|
||||
%i.fa.fa-download
|
||||
- if can?(current_user, :update_build, commit_status.project)
|
||||
- if can?(current_user, :update_commit_status, commit_status)
|
||||
- if commit_status.active?
|
||||
- if commit_status.cancel_url
|
||||
= link_to commit_status.cancel_url, method: :post, title: 'Cancel' do
|
||||
|
|
Loading…
Reference in New Issue