gitlab-org--gitlab-foss/app/policies/identity_provider_policy.rb
Pavel Shutsin 8ee1927db9 Move out link\unlink ability checks to a policy
We can extend the policy in EE for additional behavior
2019-03-19 15:38:16 +03:00

15 lines
367 B
Ruby

# frozen_string_literal: true
class IdentityProviderPolicy < BasePolicy
desc "Provider is SAML or CAS3"
condition(:protected_provider, scope: :subject, score: 0) { %w(saml cas3).include?(@subject.to_s) }
rule { anonymous }.prevent_all
rule { default }.policy do
enable :unlink
enable :link
end
rule { protected_provider }.prevent(:unlink)
end