From c96b503bfa05e9f1db727d5f03b0bc562bc69c11 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 15:53:46 -0700 Subject: [PATCH] Add policy to allow maintainers to create subgroups when enabled --- app/policies/group_policy.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index 9219283992f..0add8bfad31 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -38,6 +38,10 @@ class GroupPolicy < BasePolicy @subject.project_creation_level == ::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS end + condition(:maintainer_can_create_group) do + @subject.subgroup_creation_level == ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end + rule { public_group }.policy do enable :read_group enable :read_list @@ -105,6 +109,7 @@ class GroupPolicy < BasePolicy end rule { owner & nested_groups_supported }.enable :create_subgroup + rule { maintainer & maintainer_can_create_group & nested_groups_supported }.enable :create_subgroup rule { public_group | logged_in_viewable }.enable :view_globally