debian-mirror-gitlab/app/models/ability.rb

# frozen_string_literal: true

require_dependency 'declarative_policy'

class Ability
  class << self
    # Given a list of users and a project this method returns the users that can
    # read the given project.
    def users_that_can_read_project(users, project)
      DeclarativePolicy.subject_scope do
        users.select { |u| allowed?(u, :read_project, project) }
      end
    end

    # Given a list of users and a group this method returns the users that can
    # read the given group.
    def users_that_can_read_group(users, group)
      DeclarativePolicy.subject_scope do
        users.select { |u| allowed?(u, :read_group, group) }
      end
    end

    # Given a list of users and a snippet this method returns the users that can
    # read the given snippet.
    def users_that_can_read_personal_snippet(users, snippet)
      DeclarativePolicy.subject_scope do
        users.select { |u| allowed?(u, :read_personal_snippet, snippet) }
      end
    end

    # Returns an Array of Issues that can be read by the given user.
    #
    # issues - The issues to reduce down to those readable by the user.
    # user - The User for which to check the issues
    # filters - A hash of abilities and filters to apply if the user lacks this
    #           ability
    def issues_readable_by_user(issues, user = nil, filters: {})
      issues = apply_filters_if_needed(issues, user, filters)

      DeclarativePolicy.user_scope do
        issues.select { |issue| issue.visible_to_user?(user) }
      end
    end

    # Returns an Array of MergeRequests that can be read by the given user.
    #
    # merge_requests - MRs out of which to collect mr's readable by the user.
    # user - The User for which to check the merge_requests
    # filters - A hash of abilities and filters to apply if the user lacks this
    #           ability
    def merge_requests_readable_by_user(merge_requests, user = nil, filters: {})
      merge_requests = apply_filters_if_needed(merge_requests, user, filters)

      DeclarativePolicy.user_scope do
        merge_requests.select { |mr| allowed?(user, :read_merge_request, mr) }
      end
    end

    def allowed?(user, action, subject = :global, opts = {})
      if subject.is_a?(Hash)
        opts, subject = subject, :global
      end

      policy = policy_for(user, subject)

      case opts[:scope]
      when :user
        DeclarativePolicy.user_scope { policy.can?(action) }
      when :subject
        DeclarativePolicy.subject_scope { policy.can?(action) }
      else
        policy.can?(action)
      end
    end

    def policy_for(user, subject = :global)
      cache = RequestStore.active? ? RequestStore : {}
      DeclarativePolicy.policy_for(user, subject, cache: cache)
    end

    private

    def apply_filters_if_needed(elements, user, filters)
      filters.each do |ability, filter|
        elements = filter.call(elements) unless allowed?(user, ability)
      end

      elements
    end
  end
end
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`# frozen_string_literal: true`

New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`require_dependency 'declarative_policy'`

Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30			`class Ability`
			`class << self`
Imported Upstream version 8.9.0+debian~rc4 2016-06-16 23:09:34 +05:30			`# Given a list of users and a project this method returns the users that can`
			`# read the given project.`
			`def users_that_can_read_project(users, project)`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`DeclarativePolicy.subject_scope do`
			`users.select { \|u\| allowed?(u, :read_project, project) }`
Imported Upstream version 8.9.0+debian~rc4 2016-06-16 23:09:34 +05:30			`end`
			`end`

New upstream version 10.8.7+dfsg 2018-10-15 14:42:47 +05:30			`# Given a list of users and a group this method returns the users that can`
			`# read the given group.`
			`def users_that_can_read_group(users, group)`
			`DeclarativePolicy.subject_scope do`
			`users.select { \|u\| allowed?(u, :read_group, group) }`
			`end`
			`end`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`# Given a list of users and a snippet this method returns the users that can`
			`# read the given snippet.`
			`def users_that_can_read_personal_snippet(users, snippet)`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`DeclarativePolicy.subject_scope do`
			`users.select { \|u\| allowed?(u, :read_personal_snippet, snippet) }`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`
			`end`

New upstream version 8.11.3+dfsg 2016-09-13 17:45:13 +05:30			`# Returns an Array of Issues that can be read by the given user.`
			`#`
			`# issues - The issues to reduce down to those readable by the user.`
			`# user - The User for which to check the issues`
New upstream version 10.6.0+dfsg 2018-03-27 19:54:05 +05:30			`# filters - A hash of abilities and filters to apply if the user lacks this`
			`# ability`
			`def issues_readable_by_user(issues, user = nil, filters: {})`
			`issues = apply_filters_if_needed(issues, user, filters)`

New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`DeclarativePolicy.user_scope do`
			`issues.select { \|issue\| issue.visible_to_user?(user) }`
			`end`
New upstream version 8.11.3+dfsg 2016-09-13 17:45:13 +05:30			`end`

New upstream version 10.6.0+dfsg 2018-03-27 19:54:05 +05:30			`# Returns an Array of MergeRequests that can be read by the given user.`
			`#`
			`# merge_requests - MRs out of which to collect mr's readable by the user.`
			`# user - The User for which to check the merge_requests`
			`# filters - A hash of abilities and filters to apply if the user lacks this`
			`# ability`
			`def merge_requests_readable_by_user(merge_requests, user = nil, filters: {})`
			`merge_requests = apply_filters_if_needed(merge_requests, user, filters)`

			`DeclarativePolicy.user_scope do`
			`merge_requests.select { \|mr\| allowed?(user, :read_merge_request, mr) }`
			`end`
			`end`

New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`def allowed?(user, action, subject = :global, opts = {})`
			`if subject.is_a?(Hash)`
			`opts, subject = subject, :global`
			`end`
Imported Upstream version 8.2.1 2015-11-26 14:37:03 +05:30
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`policy = policy_for(user, subject)`
Imported Upstream version 8.10.5+dfsg 2016-08-24 12:49:21 +05:30
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`case opts[:scope]`
			`when :user`
			`DeclarativePolicy.user_scope { policy.can?(action) }`
			`when :subject`
			`DeclarativePolicy.subject_scope { policy.can?(action) }`
			`else`
			`policy.can?(action)`
			`end`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`end`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`def policy_for(user, subject = :global)`
			`cache = RequestStore.active? ? RequestStore : {}`
			`DeclarativePolicy.policy_for(user, subject, cache: cache)`
Imported Upstream version 8.10.5+dfsg 2016-08-24 12:49:21 +05:30			`end`
New upstream version 10.6.0+dfsg 2018-03-27 19:54:05 +05:30
			`private`

			`def apply_filters_if_needed(elements, user, filters)`
			`filters.each do \|ability, filter\|`
			`elements = filter.call(elements) unless allowed?(user, ability)`
			`end`

			`elements`
			`end`
Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30			`end`
			`end`