kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

convert the special-case Ability methods to use policies

This commit is contained in:
http://jneen.net/ 2017-04-06 14:07:27 -07:00
parent 37c401433b
commit e895b49fce
1 changed files with 10 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
app/models/ability.rb
View File

@ -1,35 +1,20 @@
require 'declarative_policy'
class Ability class Ability
class << self class << self
# Given a list of users and a project this method returns the users that can # Given a list of users and a project this method returns the users that can
# read the given project. # read the given project.
def users_that_can_read_project(users, project) def users_that_can_read_project(users, project)
if project.public? DeclarativePolicy.subject_scope do
users users.select { |u| allowed?(u, :read_project, project) }
else
users.select do |user|
if user.admin?
true
elsif project.internal? && !user.external?
true
elsif project.owner == user
true
elsif project.team.members.include?(user)
true
else
false
end
end
end end
end end
# Given a list of users and a snippet this method returns the users that can # Given a list of users and a snippet this method returns the users that can
# read the given snippet. # read the given snippet.
def users_that_can_read_personal_snippet(users, snippet) def users_that_can_read_personal_snippet(users, snippet)
case snippet.visibility_level DeclarativePolicy.subject_scope do
when Snippet::INTERNAL, Snippet::PUBLIC users.select { |u| allowed?(u, :read_personal_snippet, snippet) }
users
when Snippet::PRIVATE
users.include?(snippet.author) ? [snippet.author] : []
end end
end end
@ -38,22 +23,13 @@ class Ability
# issues - The issues to reduce down to those readable by the user. # issues - The issues to reduce down to those readable by the user.
# user - The User for which to check the issues # user - The User for which to check the issues
def issues_readable_by_user(issues, user = nil) def issues_readable_by_user(issues, user = nil)
return issues if user && user.admin? DeclarativePolicy.user_scope do
issues.select { |issue| issue.visible_to_user?(user) }
issues.select { |issue| issue.visible_to_user?(user) } end
end end
# TODO: make this private and use the actual abilities stuff for this
def can_edit_note?(user, note) def can_edit_note?(user, note)
return false if !note.editable? || !user.present? allowed?(user, :edit_note, note)
return true if note.author == user || user.admin?
if note.project
max_access_level = note.project.team.max_member_access(user.id)
max_access_level >= Gitlab::Access::MASTER
else
false
end
end end
def allowed?(user, action, subject = :global, opts = {}) def allowed?(user, action, subject = :global, opts = {})