debian-mirror-gitlab/app/policies/note_policy.rb

34 lines
947 B
Ruby
Raw Normal View History

2018-11-18 11:00:15 +05:30
# frozen_string_literal: true
2016-09-29 09:46:39 +05:30
class NotePolicy < BasePolicy
2017-09-10 17:25:29 +05:30
delegate { @subject.project }
2018-05-09 12:01:36 +05:30
delegate { @subject.noteable if DeclarativePolicy.has_policy?(@subject.noteable) }
2016-09-29 09:46:39 +05:30
2017-09-10 17:25:29 +05:30
condition(:is_author) { @user && @subject.author == @user }
condition(:is_noteable_author) { @user && @subject.noteable.author_id == @user.id }
2016-09-29 09:46:39 +05:30
2017-09-10 17:25:29 +05:30
condition(:editable, scope: :subject) { @subject.editable? }
2016-09-29 09:46:39 +05:30
2018-11-29 20:51:05 +05:30
condition(:can_read_noteable) { can?(:"read_#{@subject.to_ability_name}") }
2018-05-09 12:01:36 +05:30
rule { ~editable }.prevent :admin_note
2017-09-10 17:25:29 +05:30
2018-11-29 20:51:05 +05:30
# If user can't read the issue/MR/etc then they should not be allowed to do anything to their own notes
rule { ~can_read_noteable }.policy do
prevent :read_note
prevent :admin_note
prevent :resolve_note
2019-02-02 18:00:53 +05:30
prevent :award_emoji
2018-11-29 20:51:05 +05:30
end
2017-09-10 17:25:29 +05:30
rule { is_author }.policy do
enable :read_note
enable :admin_note
enable :resolve_note
end
2018-05-09 12:01:36 +05:30
rule { is_noteable_author }.policy do
2017-09-10 17:25:29 +05:30
enable :resolve_note
2016-09-29 09:46:39 +05:30
end
end