debian-mirror-gitlab/app/models/ability.rb

80 lines
2.4 KiB
Ruby
Raw Normal View History

2014-09-02 18:07:02 +05:30
class Ability
class << self
# Given a list of users and a project this method returns the users that can
# read the given project.
def users_that_can_read_project(users, project)
if project.public?
users
else
users.select do |user|
if user.admin?
true
elsif project.internal? && !user.external?
true
elsif project.owner == user
true
elsif project.team.members.include?(user)
true
else
false
end
end
end
end
2017-08-17 22:00:37 +05:30
# Given a list of users and a snippet this method returns the users that can
# read the given snippet.
def users_that_can_read_personal_snippet(users, snippet)
case snippet.visibility_level
when Snippet::INTERNAL, Snippet::PUBLIC
users
when Snippet::PRIVATE
users.include?(snippet.author) ? [snippet.author] : []
end
end
2016-09-13 17:45:13 +05:30
# Returns an Array of Issues that can be read by the given user.
#
# issues - The issues to reduce down to those readable by the user.
# user - The User for which to check the issues
def issues_readable_by_user(issues, user = nil)
return issues if user && user.admin?
issues.select { |issue| issue.visible_to_user?(user) }
end
2016-09-29 09:46:39 +05:30
# TODO: make this private and use the actual abilities stuff for this
2016-09-13 17:45:13 +05:30
def can_edit_note?(user, note)
return false if !note.editable? || !user.present?
return true if note.author == user || user.admin?
if note.project
max_access_level = note.project.team.max_member_access(user.id)
max_access_level >= Gitlab::Access::MASTER
else
false
end
end
2017-08-17 22:00:37 +05:30
def allowed?(user, action, subject = :global)
2016-09-29 09:46:39 +05:30
allowed(user, subject).include?(action)
2015-11-26 14:37:03 +05:30
end
2017-08-17 22:00:37 +05:30
def allowed(user, subject = :global)
return BasePolicy::RuleSet.none if subject.nil?
2016-09-29 09:46:39 +05:30
return uncached_allowed(user, subject) unless RequestStore.active?
2016-08-24 12:49:21 +05:30
2016-09-29 09:46:39 +05:30
user_key = user ? user.id : 'anonymous'
2017-08-17 22:00:37 +05:30
subject_key = subject == :global ? 'global' : "#{subject.class.name}/#{subject.id}"
2016-09-29 09:46:39 +05:30
key = "/ability/#{user_key}/#{subject_key}"
RequestStore[key] ||= uncached_allowed(user, subject).freeze
2015-04-26 12:48:37 +05:30
end
2015-09-11 14:41:01 +05:30
private
2016-09-29 09:46:39 +05:30
def uncached_allowed(user, subject)
BasePolicy.class_for(subject).abilities(user, subject)
2016-08-24 12:49:21 +05:30
end
2014-09-02 18:07:02 +05:30
end
end