Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
5019185e
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
5019185e
编写于
8月 18, 2016
作者:
H
http://jneen.net/
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
port runners, namespaces, group/project_members
上级
29059c2e
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
42 addition
and
58 deletion
+42
-58
app/models/ability.rb
app/models/ability.rb
+0
-58
app/policies/ci/runner_policy.rb
app/policies/ci/runner_policy.rb
+13
-0
app/policies/group_member_policy.rb
app/policies/group_member_policy.rb
+19
-0
app/policies/namespace_policy.rb
app/policies/namespace_policy.rb
+10
-0
未找到文件。
app/models/ability.rb
浏览文件 @
5019185e
...
...
@@ -73,12 +73,8 @@ class Ability
def
abilities_by_subject_class
(
user
:,
subject
:)
case
subject
when
Namespace
then
namespace_abilities
(
user
,
subject
)
when
GroupMember
then
group_member_abilities
(
user
,
subject
)
when
ProjectMember
then
project_member_abilities
(
user
,
subject
)
when
User
then
user_abilities
when
ExternalIssue
,
Deployment
,
Environment
then
project_abilities
(
user
,
subject
.
project
)
when
Ci
::
Runner
then
runner_abilities
(
user
,
subject
)
else
[]
end
+
global_abilities
(
user
)
end
...
...
@@ -112,48 +108,6 @@ class Ability
ProjectPolicy
.
abilities
(
user
,
project
).
to_a
end
def
can_read_group?
(
user
,
group
)
return
true
if
user
.
admin?
return
true
if
group
.
public?
return
true
if
group
.
internal?
&&
!
user
.
external?
return
true
if
group
.
users
.
include?
(
user
)
GroupProjectsFinder
.
new
(
group
).
execute
(
user
).
any?
end
def
namespace_abilities
(
user
,
namespace
)
rules
=
[]
# Only namespace owner and administrators can admin it
if
namespace
.
owner
==
user
||
user
.
admin?
rules
+=
[
:create_projects
,
:admin_namespace
]
end
rules
.
flatten
end
def
group_member_abilities
(
user
,
subject
)
rules
=
[]
target_user
=
subject
.
user
group
=
subject
.
group
unless
group
.
last_owner?
(
target_user
)
can_manage
=
allowed?
(
user
,
:admin_group_member
,
group
)
if
can_manage
rules
<<
:update_group_member
rules
<<
:destroy_group_member
elsif
user
==
target_user
rules
<<
:destroy_group_member
end
end
rules
end
def
project_member_abilities
(
user
,
subject
)
rules
=
[]
target_user
=
subject
.
user
...
...
@@ -182,18 +136,6 @@ class Ability
rules
end
def
runner_abilities
(
user
,
runner
)
if
user
.
is_admin?
[
:assign_runner
]
elsif
runner
.
is_shared?
||
runner
.
locked?
[]
elsif
user
.
ci_authorized_runners
.
include?
(
runner
)
[
:assign_runner
]
else
[]
end
end
def
user_abilities
[
:read_user
]
end
...
...
app/policies/ci/runner_policy.rb
0 → 100644
浏览文件 @
5019185e
module
Ci
class
RunnerPolicy
<
BasePolicy
def
rules
return
unless
@user
can!
:assign_runner
if
@user
.
is_admin?
return
if
@subject
.
is_shared?
||
@subject
.
locked?
can!
:assign_runner
if
@user
.
ci_authorized_runners
.
include?
(
@subject
)
end
end
end
app/policies/group_member_policy.rb
0 → 100644
浏览文件 @
5019185e
class
GroupMemberPolicy
<
BasePolicy
def
rules
return
unless
@user
target_user
=
@subject
.
user
group
=
@subject
.
group
return
if
group
.
last_owner?
(
target_user
)
can_manage
=
Ability
.
allowed?
(
@user
,
:admin_group_member
,
group
)
if
can_manage
can!
:update_group_member
can!
:destroy_group_member
elsif
@user
==
target_user
can!
:destroy_group_member
end
end
end
app/policies/namespace_policy.rb
0 → 100644
浏览文件 @
5019185e
class
NamespacePolicy
<
BasePolicy
def
rules
return
unless
@user
if
@subject
.
owner
==
@user
||
@user
.
admin?
can!
:create_projects
can!
:admin_namespace
end
end
end
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录