gitlab-org--gitlab-foss/app/policies/ci/pipeline_policy.rb
2017-07-18 22:13:57 +08:00

17 lines
399 B
Ruby

module Ci
class PipelinePolicy < BasePolicy
delegate { @subject.project }
condition(:protected_ref) do
access = ::Gitlab::UserAccess.new(@user, project: @subject.project)
if @subject.tag?
!access.can_create_tag?(@subject.ref)
else
!access.can_update_branch?(@subject.ref)
end
end
rule { protected_ref }.prevent :update_pipeline
end
end