debian-mirror-gitlab/app/policies/ci/build_policy.rb

30 lines
678 B
Ruby
Raw Normal View History

2016-09-29 09:46:39 +05:30
module Ci
class BuildPolicy < CommitStatusPolicy
2017-08-17 22:00:37 +05:30
alias_method :build, :subject
2016-09-29 09:46:39 +05:30
def rules
super
# If we can't read build we should also not have that
# ability when looking at this in context of commit_status
2017-08-17 22:00:37 +05:30
%w[read create update admin].each do |rule|
2016-09-29 09:46:39 +05:30
cannot! :"#{rule}_commit_status" unless can? :"#{rule}_build"
end
2017-08-17 22:00:37 +05:30
if can?(:update_build) && protected_action?
cannot! :update_build
end
end
private
def protected_action?
return false unless build.action?
!::Gitlab::UserAccess
.new(user, project: build.project)
.can_merge_to_branch?(build.ref)
2016-09-29 09:46:39 +05:30
end
end
end