realaravinth/debian-mirror-gitlab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
debian-mirror-gitlab/app/policies/todo_policy.rb

30 lines
840 B
Ruby
Raw Normal View History

New upstream version 12.4.6
2019-12-21 20:55:43 +05:30
# frozen_string_literal: true
class TodoPolicy < BasePolicy
desc 'User can only read own todos'
condition(:own_todo) do
@user && @subject.user_id == @user.id
end
New upstream version 15.3.4+ds1
2022-10-02 17:18:49 +05:30
desc "User can read the todo's target"
New upstream version 13.12.9+ds1
2021-08-04 16:29:09 +05:30
condition(:can_read_target) do
@user && @subject.target&.readable_by?(@user)
end
New upstream version 12.4.6
2019-12-21 20:55:43 +05:30
New upstream version 15.3.4+ds1
2022-10-02 17:18:49 +05:30
desc "Todo has confidential note"
condition(:has_confidential_note, scope: :subject) { @subject&.note&.confidential? }
desc "User can read the todo's confidential note"
condition(:can_read_todo_confidential_note) do
New upstream version 15.5.4+ds1
2022-11-25 23:54:43 +05:30
@user && @user.can?(:read_internal_note, @subject.target)
New upstream version 15.3.4+ds1
2022-10-02 17:18:49 +05:30
end
New upstream version 13.12.9+ds1
2021-08-04 16:29:09 +05:30
rule { own_todo & can_read_target }.enable :read_todo
New upstream version 15.3.4+ds1
2022-10-02 17:18:49 +05:30
rule { can?(:read_todo) }.enable :update_todo
rule { has_confidential_note & ~can_read_todo_confidential_note }.policy do
prevent :read_todo
prevent :update_todo
end
New upstream version 12.4.6
2019-12-21 20:55:43 +05:30
end
Reference in a new issue Copy permalink