debian-mirror-gitlab/app/policies/note_policy.rb

112 lines
3 KiB
Ruby
Raw Normal View History

2018-11-18 11:00:15 +05:30
# frozen_string_literal: true
2016-09-29 09:46:39 +05:30
class NotePolicy < BasePolicy
2020-04-08 14:13:33 +05:30
include Gitlab::Utils::StrongMemoize
delegate { @subject.resource_parent }
2018-05-09 12:01:36 +05:30
delegate { @subject.noteable if DeclarativePolicy.has_policy?(@subject.noteable) }
2016-09-29 09:46:39 +05:30
2017-09-10 17:25:29 +05:30
condition(:is_author) { @user && @subject.author == @user }
2021-01-29 00:20:46 +05:30
condition(:is_noteable_author) { @user && @subject.noteable.try(:author_id) == @user.id }
2016-09-29 09:46:39 +05:30
2017-09-10 17:25:29 +05:30
condition(:editable, scope: :subject) { @subject.editable? }
2016-09-29 09:46:39 +05:30
2019-10-31 01:37:42 +05:30
condition(:can_read_noteable) { can?(:"read_#{@subject.noteable_ability_name}") }
2020-04-08 14:13:33 +05:30
condition(:commit_is_deleted) { @subject.for_commit? && @subject.noteable.blank? }
2021-01-29 00:20:46 +05:30
condition(:for_design) { @subject.for_design? }
2022-04-04 11:22:00 +05:30
condition(:is_visible) { @subject.system_note_visible_for?(@user) }
2020-04-08 14:13:33 +05:30
2023-03-17 16:20:25 +05:30
condition(:internal, scope: :subject) { @subject.confidential? }
2018-11-29 20:51:05 +05:30
2023-03-04 22:38:38 +05:30
# if noteable is a work item it needs to check the notes widget availability
condition(:notes_widget_enabled, scope: :subject) do
!@subject.noteable.respond_to?(:work_item_type) ||
@subject.noteable.work_item_type.widgets.include?(::WorkItems::Widgets::Notes)
end
2022-11-25 23:54:43 +05:30
# Should be matched with IssuablePolicy#read_internal_note
# and EpicPolicy#read_internal_note
2023-03-17 16:20:25 +05:30
condition(:can_read_internal_note) do
2023-01-13 00:05:48 +05:30
access_level >= Gitlab::Access::REPORTER || admin?
2020-04-08 14:13:33 +05:30
end
2019-09-30 23:59:55 +05:30
2023-03-04 22:38:38 +05:30
rule { ~notes_widget_enabled }.prevent_all
2018-05-09 12:01:36 +05:30
rule { ~editable }.prevent :admin_note
2017-09-10 17:25:29 +05:30
2018-11-29 20:51:05 +05:30
# If user can't read the issue/MR/etc then they should not be allowed to do anything to their own notes
rule { ~can_read_noteable }.policy do
prevent :admin_note
prevent :resolve_note
2021-01-29 00:20:46 +05:30
prevent :reposition_note
2019-02-02 18:00:53 +05:30
prevent :award_emoji
2018-11-29 20:51:05 +05:30
end
2020-04-08 14:13:33 +05:30
# Special rule for deleted commits
rule { ~(can_read_noteable | commit_is_deleted) }.policy do
prevent :read_note
end
2017-09-10 17:25:29 +05:30
rule { is_author }.policy do
enable :read_note
enable :admin_note
enable :resolve_note
end
2019-09-30 23:59:55 +05:30
rule { ~is_visible }.policy do
prevent :read_note
prevent :admin_note
prevent :resolve_note
2021-01-29 00:20:46 +05:30
prevent :reposition_note
2019-09-30 23:59:55 +05:30
prevent :award_emoji
end
2018-05-09 12:01:36 +05:30
rule { is_noteable_author }.policy do
2017-09-10 17:25:29 +05:30
enable :resolve_note
2016-09-29 09:46:39 +05:30
end
2020-04-08 14:13:33 +05:30
2023-03-17 16:20:25 +05:30
rule { can_read_internal_note }.policy do
enable :mark_note_as_internal
2021-04-17 20:07:23 +05:30
end
2023-03-17 16:20:25 +05:30
rule { internal & ~can_read_internal_note }.policy do
2020-04-08 14:13:33 +05:30
prevent :read_note
prevent :admin_note
prevent :resolve_note
2021-01-29 00:20:46 +05:30
prevent :reposition_note
2020-04-08 14:13:33 +05:30
prevent :award_emoji
end
2021-01-29 00:20:46 +05:30
rule { can?(:admin_note) | (for_design & can?(:create_note)) }.policy do
enable :reposition_note
end
2020-04-08 14:13:33 +05:30
def parent_namespace
strong_memoize(:parent_namespace) do
next if @subject.is_a?(PersonalSnippet)
2021-04-29 21:17:54 +05:30
next @subject.noteable.group if @subject.noteable.is_a?(Epic)
2020-04-08 14:13:33 +05:30
@subject.project
end
end
def access_level
return -1 if @user.nil?
return -1 unless parent_namespace
lookup_access_level!
end
def lookup_access_level!
return ::Gitlab::Access::REPORTER if alert_bot?
if parent_namespace.is_a?(Project)
parent_namespace.team.max_member_access(@user.id)
else
parent_namespace.max_member_access_for_user(@user)
end
end
2016-09-29 09:46:39 +05:30
end