e71cd7a300
Refactor ability.rb into Policies
## What does this MR do?
Factors out `ability.rb` into a new abstraction - the "policy" (stored in `app/policies`). A policy is a class named `#{class_name}Policy` (looked up automatically as needed) that implements `rules` as follows:
``` ruby
class ThingPolicy < BasePolicy
def rules
@user # this is a user to determine abilities for, optionally nil in the anonymous case
@subject # this is the subject of the ability, guaranteed to be an instance of `Thing`
can! :some_ability # grant the :some_ability permission
cannot! :some_ability # ensure that :some_ability is not allowed. this overrides any `can!` that is called before or after
delegate! @subject.other_thing # merge the abilities (can!) and prohibitions (cannot!) from `@subject.other_thing`
can? :some_ability # test whether, so far, :some_ability is allowed
end
def anonymous_rules
# optional. if not implemented `rules` is called where `@user` is nil. otherwise this method is called when `@user` is nil.
end
end
```
See merge request !5796
|
||
|---|---|---|
| .. | ||
| admin | ||
| ci | ||
| groups | ||
| import | ||
| oauth | ||
| profiles | ||
| projects | ||
| abuse_reports_controller_spec.rb | ||
| application_controller_spec.rb | ||
| autocomplete_controller_spec.rb | ||
| blob_controller_spec.rb | ||
| groups_controller_spec.rb | ||
| health_check_controller_spec.rb | ||
| help_controller_spec.rb | ||
| invites_controller_spec.rb | ||
| namespaces_controller_spec.rb | ||
| notification_settings_controller_spec.rb | ||
| projects_controller_spec.rb | ||
| registrations_controller_spec.rb | ||
| root_controller_spec.rb | ||
| sent_notifications_controller_spec.rb | ||
| sessions_controller_spec.rb | ||
| snippets_controller_spec.rb | ||
| uploads_controller_spec.rb | ||
| users_controller_spec.rb | ||