debian-mirror-gitlab/app/policies/user_policy.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

42 lines
1.4 KiB
Ruby
Raw Normal View History

2018-11-18 11:00:15 +05:30
# frozen_string_literal: true
2016-09-29 09:46:39 +05:30
class UserPolicy < BasePolicy
2017-09-10 17:25:29 +05:30
desc "The current user is the user in question"
condition(:user_is_self, score: 0) { @subject == @user }
2016-09-29 09:46:39 +05:30
2017-09-10 17:25:29 +05:30
desc "This is the ghost user"
condition(:subject_ghost, scope: :subject, score: 0) { @subject.ghost? }
2017-08-17 22:00:37 +05:30
2018-11-18 11:00:15 +05:30
desc "The profile is private"
condition(:private_profile, scope: :subject, score: 0) { @subject.private_profile? }
2020-01-01 13:55:28 +05:30
desc "The user is blocked"
condition(:blocked_user, scope: :subject, score: 0) { @subject.blocked? }
2021-02-22 17:27:13 +05:30
desc "The user is unconfirmed"
condition(:unconfirmed_user, scope: :subject, score: 0) { !@subject.confirmed? }
2017-09-10 17:25:29 +05:30
rule { ~restricted_public_level }.enable :read_user
rule { ~anonymous }.enable :read_user
2017-08-17 22:00:37 +05:30
2018-10-15 14:42:47 +05:30
rule { ~subject_ghost & (user_is_self | admin) }.policy do
enable :destroy_user
enable :update_user
2018-11-18 11:00:15 +05:30
enable :update_user_status
2022-05-07 20:08:51 +05:30
enable :create_saved_replies
enable :update_saved_replies
2022-06-21 17:19:12 +05:30
enable :destroy_saved_replies
2020-10-24 23:57:45 +05:30
enable :read_user_personal_access_tokens
2021-01-29 00:20:46 +05:30
enable :read_group_count
2021-11-11 11:23:49 +05:30
enable :read_user_groups
2022-05-07 20:08:51 +05:30
enable :read_saved_replies
2018-10-15 14:42:47 +05:30
end
2018-11-18 11:00:15 +05:30
rule { default }.enable :read_user_profile
2021-02-22 17:27:13 +05:30
rule { (private_profile | blocked_user | unconfirmed_user) & ~(user_is_self | admin) }.prevent :read_user_profile
2020-11-24 15:15:51 +05:30
rule { user_is_self | admin }.enable :disable_two_factor
2021-01-29 00:20:46 +05:30
rule { (user_is_self | admin) & ~blocked }.enable :create_user_personal_access_token
2016-09-29 09:46:39 +05:30
end
2020-03-13 15:44:24 +05:30
2021-06-08 01:23:25 +05:30
UserPolicy.prepend_mod_with('UserPolicy')