debian-mirror-gitlab/app/models/ability.rb

58 lines
1.7 KiB
Ruby
Raw Normal View History

2017-09-10 17:25:29 +05:30
require_dependency 'declarative_policy'
2014-09-02 18:07:02 +05:30
class Ability
class << self
# Given a list of users and a project this method returns the users that can
# read the given project.
def users_that_can_read_project(users, project)
2017-09-10 17:25:29 +05:30
DeclarativePolicy.subject_scope do
users.select { |u| allowed?(u, :read_project, project) }
end
end
2017-08-17 22:00:37 +05:30
# Given a list of users and a snippet this method returns the users that can
# read the given snippet.
def users_that_can_read_personal_snippet(users, snippet)
2017-09-10 17:25:29 +05:30
DeclarativePolicy.subject_scope do
users.select { |u| allowed?(u, :read_personal_snippet, snippet) }
2017-08-17 22:00:37 +05:30
end
end
2016-09-13 17:45:13 +05:30
# Returns an Array of Issues that can be read by the given user.
#
# issues - The issues to reduce down to those readable by the user.
# user - The User for which to check the issues
def issues_readable_by_user(issues, user = nil)
2017-09-10 17:25:29 +05:30
DeclarativePolicy.user_scope do
issues.select { |issue| issue.visible_to_user?(user) }
end
2016-09-13 17:45:13 +05:30
end
def can_edit_note?(user, note)
2017-09-10 17:25:29 +05:30
allowed?(user, :edit_note, note)
2016-09-13 17:45:13 +05:30
end
2017-09-10 17:25:29 +05:30
def allowed?(user, action, subject = :global, opts = {})
if subject.is_a?(Hash)
opts, subject = subject, :global
end
2015-11-26 14:37:03 +05:30
2017-09-10 17:25:29 +05:30
policy = policy_for(user, subject)
2016-08-24 12:49:21 +05:30
2017-09-10 17:25:29 +05:30
case opts[:scope]
when :user
DeclarativePolicy.user_scope { policy.can?(action) }
when :subject
DeclarativePolicy.subject_scope { policy.can?(action) }
else
policy.can?(action)
end
2015-04-26 12:48:37 +05:30
end
2015-09-11 14:41:01 +05:30
2017-09-10 17:25:29 +05:30
def policy_for(user, subject = :global)
cache = RequestStore.active? ? RequestStore : {}
DeclarativePolicy.policy_for(user, subject, cache: cache)
2016-08-24 12:49:21 +05:30
end
2014-09-02 18:07:02 +05:30
end
end