gitlab-org--gitlab-foss/spec/policies
Timothy Andrew 6fdb17cbbe
Don't allow deleting a ghost user.
- Add a `destroy_user` ability. This didn't exist before, and was implicit in
  other abilities (only admins could access the admin area, so only they could
  destroy all users; a user can only access their own account page, and so can
  destroy only themselves).

- Grant this ability to admins, and when the current user is trying to destroy
  themselves. Disallow destroying ghost users in all cases.

- Modify the `Users::DestroyService` to check this ability. Also check it in
  views to decide whether or not to show the "Delete User" button.

- Add a short summary of the Ghost User to the bio.
2017-02-24 16:50:20 +05:30
..
ci Fix build access policies when pipelines are public 2017-01-23 14:49:13 +01:00
base_policy_spec.rb More improvements to presenters 2017-01-18 16:38:35 +01:00
group_policy_spec.rb Include group parents into read access for project and group 2016-12-26 10:57:11 +02:00
issue_policy_spec.rb
issues_policy_spec.rb
project_policy_spec.rb More backport 2017-02-06 17:19:37 -06:00
project_snippet_policy_spec.rb More backport 2017-02-06 17:19:37 -06:00
user_policy_spec.rb Don't allow deleting a ghost user. 2017-02-24 16:50:20 +05:30