Skip to content

G
gitlab-foss

李少辉-开发者 / gitlab-foss

通知 15
Star 0
Fork 0
G
gitlab-foss

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
ability.rb 3.1 KB
Newer Older
G
init commit  
gitlabhq 已提交
1 
class Ability
A
simple refactoring  
Andrey Kumanyaev 已提交
2 3 4 5 6 7 8 9 
  class << self
    def allowed(object, subject)
      case subject.class.name
      when "Project" then project_abilities(object, subject)
      when "Issue" then issue_abilities(object, subject)
      when "Note" then note_abilities(object, subject)
      when "Snippet" then snippet_abilities(object, subject)
      when "MergeRequest" then merge_request_abilities(object, subject)
G
Refactor project creation. Added logout link to profile page  
GitLab 已提交
10 
      when "Group", "Namespace" then group_abilities(object, subject)
A
simple refactoring  
Andrey Kumanyaev 已提交
11 12 
      else []
      end
G
init commit  
gitlabhq 已提交
13 14 
    end
A
simple refactoring  
Andrey Kumanyaev 已提交
15 16 
    def project_abilities(user, project)
      rules = []
G
init commit  
gitlabhq 已提交
17
D
REpostiry, Team models  
Dmitriy Zaporozhets 已提交
18 19 
      team = project.team
D
Refactor abilities. Added ProjectUpdate context. Fixed few bugs with namespaces  
Dmitriy Zaporozhets 已提交
20 
      # Rules based on role in project
D
REpostiry, Team models  
Dmitriy Zaporozhets 已提交
21 
      if team.masters.include?(user)
D
Only owner of current namespace can change project namespace  
Dmitriy Zaporozhets 已提交
22 
        rules << project_master_rules
D
Refactor abilities. Added ProjectUpdate context. Fixed few bugs with namespaces  
Dmitriy Zaporozhets 已提交
23
D
REpostiry, Team models  
Dmitriy Zaporozhets 已提交
24 
      elsif team.developers.include?(user)
D
Refactor abilities. Added ProjectUpdate context. Fixed few bugs with namespaces  
Dmitriy Zaporozhets 已提交
25 26 
        rules << project_dev_rules
D
REpostiry, Team models  
Dmitriy Zaporozhets 已提交
27 
      elsif team.reporters.include?(user)
D
Refactor abilities. Added ProjectUpdate context. Fixed few bugs with namespaces  
Dmitriy Zaporozhets 已提交
28 29 
        rules << project_report_rules
D
REpostiry, Team models  
Dmitriy Zaporozhets 已提交
30 
      elsif team.guests.include?(user)
D
Refactor abilities. Added ProjectUpdate context. Fixed few bugs with namespaces  
Dmitriy Zaporozhets 已提交
31 32 33 
        rules << project_guest_rules
      end
D
Fix few bugs and tests after refactoring ownership logic  
Dmitriy Zaporozhets 已提交
34 35 
      if project.owner == user
        rules << project_admin_rules
D
Refactor abilities. Added ProjectUpdate context. Fixed few bugs with namespaces  
Dmitriy Zaporozhets 已提交
36 37 38 39 40 41 42 
      end

      rules.flatten
    end

    def project_guest_rules
      [
A
simple refactoring  
Andrey Kumanyaev 已提交
43 44 45 46 47 48 49 50 51 52 53 
        :read_project,
        :read_wiki,
        :read_issue,
        :read_milestone,
        :read_snippet,
        :read_team_member,
        :read_merge_request,
        :read_note,
        :write_project,
        :write_issue,
        :write_note
D
Refactor abilities. Added ProjectUpdate context. Fixed few bugs with namespaces  
Dmitriy Zaporozhets 已提交
54 55 
      ]
    end
D
Wiki abilities  
Dmitriy Zaporozhets 已提交
56
D
Refactor abilities. Added ProjectUpdate context. Fixed few bugs with namespaces  
Dmitriy Zaporozhets 已提交
57 58 
    def project_report_rules
      project_guest_rules + [
A
simple refactoring  
Andrey Kumanyaev 已提交
59 60 
        :download_code,
        :write_snippet
D
Refactor abilities. Added ProjectUpdate context. Fixed few bugs with namespaces  
Dmitriy Zaporozhets 已提交
61 62 
      ]
    end
D
Wiki abilities  
Dmitriy Zaporozhets 已提交
63
D
Refactor abilities. Added ProjectUpdate context. Fixed few bugs with namespaces  
Dmitriy Zaporozhets 已提交
64 65 
    def project_dev_rules
      project_report_rules + [
D
Reporter cant create MR. Show user authorized projects in Admin area  
Dmitriy Zaporozhets 已提交
66 
        :write_merge_request,
R
Security for online editor. Replace dev_access?, master_access? with can? method usage  
randx 已提交
67 68 
        :write_wiki,
        :push_code
D
Refactor abilities. Added ProjectUpdate context. Fixed few bugs with namespaces  
Dmitriy Zaporozhets 已提交
69 70 
      ]
    end
R
Security for online editor. Replace dev_access?, master_access? with can? method usage  
randx 已提交
71
D
Refactor abilities. Added ProjectUpdate context. Fixed few bugs with namespaces  
Dmitriy Zaporozhets 已提交
72 73 74 
    def project_master_rules
      project_dev_rules + [
        :push_code_to_protected_branches,
A
simple refactoring  
Andrey Kumanyaev 已提交
75 76 77 78 79 80 81 82 83 84 
        :modify_issue,
        :modify_snippet,
        :modify_merge_request,
        :admin_issue,
        :admin_milestone,
        :admin_snippet,
        :admin_team_member,
        :admin_merge_request,
        :admin_note,
        :accept_mr,
D
Only owner of current namespace can change project namespace  
Dmitriy Zaporozhets 已提交
85 86 
        :admin_wiki,
        :admin_project
D
Refactor abilities. Added ProjectUpdate context. Fixed few bugs with namespaces  
Dmitriy Zaporozhets 已提交
87 88 
      ]
    end
G
init commit  
gitlabhq 已提交
89
D
Refactor abilities. Added ProjectUpdate context. Fixed few bugs with namespaces  
Dmitriy Zaporozhets 已提交
90 91 
    def project_admin_rules
      project_master_rules + [
D
Only owner of current namespace can change project namespace  
Dmitriy Zaporozhets 已提交
92 
        :change_namespace,
D
Owner can enable public mode for project  
Dmitriy Zaporozhets 已提交
93 
        :change_public_mode,
D
Admin can move project to ANY namespace. Updated permissions page  
Dmitriy Zaporozhets 已提交
94 95 
        :rename_project,
        :remove_project
D
Refactor abilities. Added ProjectUpdate context. Fixed few bugs with namespaces  
Dmitriy Zaporozhets 已提交
96 
      ]
A
simple refactoring  
Andrey Kumanyaev 已提交
97 
    end
G
security improved  
gitlabhq 已提交
98
D
add ability to change namespace from project edit page  
Dmitriy Zaporozhets 已提交
99 100 101 
    def group_abilities user, group
      rules = []
D
Fix #2375. Admin and owner can manage groups  
Dmitriy Zaporozhets 已提交
102 103 104 
      # Only group owner and administrators can manage group
      if group.owner == user || user.admin?
        rules << [
G
Refactor project creation. Added logout link to profile page  
GitLab 已提交
105 106 
          :manage_group,
          :manage_namespace
D
Fix #2375. Admin and owner can manage groups  
Dmitriy Zaporozhets 已提交
107 108 
        ]
      end
D
add ability to change namespace from project edit page  
Dmitriy Zaporozhets 已提交
109 110 111 112 

      rules.flatten
    end
D
Wiki abilities  
Dmitriy Zaporozhets 已提交
113 
    [:issue, :note, :snippet, :merge_request].each do |name|
G
security improved  
gitlabhq 已提交
114 115 116 117 118 
      define_method "#{name}_abilities" do |user, subject|
        if subject.author == user
          [
            :"read_#{name}",
            :"write_#{name}",
D
Abilities refactoring  
Dmitriy Zaporozhets 已提交
119 
            :"modify_#{name}",
G
security improved  
gitlabhq 已提交
120 121 
            :"admin_#{name}"
          ]
D
Abilities extended. Resources security improved  
Dmitriy Zaporozhets 已提交
122 123 124 125 126 127 
        elsif subject.respond_to?(:assignee) && subject.assignee == user
          [
            :"read_#{name}",
            :"write_#{name}",
            :"modify_#{name}",
          ]
G
security improved  
gitlabhq 已提交
128 
        else
A
simple refactoring  
Andrey Kumanyaev 已提交
129 
          subject.respond_to?(:project) ? project_abilities(user, subject.project) : []
G
security improved  
gitlabhq 已提交
130 131 132 133 
        end
      end
    end
  end
G
init commit  
gitlabhq 已提交
134 
end