gitlab-org--gitlab-foss/app/policies/ci/runner_policy.rb
2018-05-16 11:42:09 +02:00

19 lines
488 B
Ruby

module Ci
class RunnerPolicy < BasePolicy
with_options scope: :subject, score: 0
condition(:locked, scope: :subject) { @subject.locked? }
condition(:owned_runner) { @user.ci_owned_runners.exists?(@subject.id) }
rule { anonymous }.prevent_all
rule { admin | owned_runner }.policy do
enable :assign_runner
enable :read_runner
enable :update_runner
enable :delete_runner
end
rule { ~admin & locked }.prevent :assign_runner
end
end