gitlab-org--gitlab-foss

Commit Graph

Author	SHA1	Message	Date
http://jneen.net/	37c401433b	convert all the policies to DeclarativePolicy	2017-06-27 12:44:37 -07:00
Timothy Andrew	6fdb17cbbe	Don't allow deleting a ghost user. - Add a `destroy_user` ability. This didn't exist before, and was implicit in other abilities (only admins could access the admin area, so only they could destroy all users; a user can only access their own account page, and so can destroy only themselves). - Grant this ability to admins, and when the current user is trying to destroy themselves. Disallow destroying ghost users in all cases. - Modify the `Users::DestroyService` to check this ability. Also check it in views to decide whether or not to show the "Delete User" button. - Add a short summary of the Ghost User to the bio.	2017-02-24 16:50:20 +05:30
http://jneen.net/	a340829c42	port UserPolicy	2016-08-30 11:39:22 -07:00

Author

SHA1

Message

Date

http://jneen.net/

37c401433b

convert all the policies to DeclarativePolicy

2017-06-27 12:44:37 -07:00

Timothy Andrew

6fdb17cbbe

Don't allow deleting a ghost user.

- Add a `destroy_user` ability. This didn't exist before, and was implicit in
  other abilities (only admins could access the admin area, so only they could
  destroy all users; a user can only access their own account page, and so can
  destroy only themselves).

- Grant this ability to admins, and when the current user is trying to destroy
  themselves. Disallow destroying ghost users in all cases.

- Modify the `Users::DestroyService` to check this ability. Also check it in
  views to decide whether or not to show the "Delete User" button.

- Add a short summary of the Ghost User to the bio.

2017-02-24 16:50:20 +05:30

http://jneen.net/

a340829c42

port UserPolicy

2016-08-30 11:39:22 -07:00

3 Commits