kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/app/policies/user_policy.rb
Timothy Andrew 5dedea358d Merge remote-tracking branch 'origin/master' into 34141-allow-unauthenticated-access-to-the-users-api 
- Modify policy code to work with the `DeclarativePolicy` refactor
  in 37c401433b.
2017-06-30 13:45:51 +00:00

13 lines
447 B
Ruby
Raw Blame History

class UserPolicy < BasePolicy
desc "The current user is the user in question"
condition(:user_is_self, score: 0) { @subject == @user }
desc "This is the ghost user"
condition(:subject_ghost, scope: :subject, score: 0) { @subject.ghost? }
rule { ~restricted_public_level }.enable :read_user
rule { ~anonymous }.enable :read_user
rule { user_is_self | admin }.enable :destroy_user
rule { subject_ghost }.prevent :destroy_user
end
View git blame Copy permalink