gitlab-org--gitlab-foss/app/policies
Timothy Andrew 6fdb17cbbe
Don't allow deleting a ghost user.
- Add a `destroy_user` ability. This didn't exist before, and was implicit in
  other abilities (only admins could access the admin area, so only they could
  destroy all users; a user can only access their own account page, and so can
  destroy only themselves).

- Grant this ability to admins, and when the current user is trying to destroy
  themselves. Disallow destroying ghost users in all cases.

- Modify the `Users::DestroyService` to check this ability. Also check it in
  views to decide whether or not to show the "Delete User" button.

- Add a short summary of the Ghost User to the bio.
2017-02-24 16:50:20 +05:30
..
ci Fix build access policies when pipelines are public 2017-01-23 14:49:13 +01:00
base_policy.rb Enable Rails/Delegate 2017-02-23 09:32:42 -06:00
commit_status_policy.rb
deployment_policy.rb
environment_policy.rb
external_issue_policy.rb
global_policy.rb
group_label_policy.rb
group_member_policy.rb Backport hooks on group policies for the EE-specific implementation 2016-12-13 11:51:09 -02:00
group_policy.rb Include group parents into read access for project and group 2016-12-26 10:57:11 +02:00
issuable_policy.rb
issue_policy.rb
merge_request_policy.rb
namespace_policy.rb
note_policy.rb Enable Style/MultilineOperationIndentation in Rubocop, fixes #25741 2016-12-16 21:37:22 +03:00
personal_snippet_policy.rb API: Endpoint to expose personal snippets as /snippets 2016-12-01 19:07:49 +01:00
project_label_policy.rb
project_member_policy.rb
project_policy.rb Merge branch 'ee-1439-read-only-user' into 'master' 2017-02-07 04:10:13 +00:00
project_snippet_policy.rb Backport changes from gitlab-org/gitlab-ee!998 2017-02-06 01:17:33 +05:30
user_policy.rb Don't allow deleting a ghost user. 2017-02-24 16:50:20 +05:30