debian-mirror-gitlab/app/policies/group_member_policy.rb

47 lines
1.2 KiB
Ruby
Raw Normal View History

2018-11-18 11:00:15 +05:30
# frozen_string_literal: true
2016-09-29 09:46:39 +05:30
class GroupMemberPolicy < BasePolicy
2023-01-13 00:05:48 +05:30
include MemberPolicyHelpers
2017-09-10 17:25:29 +05:30
delegate :group
2016-09-29 09:46:39 +05:30
2017-09-10 17:25:29 +05:30
with_scope :subject
2021-04-29 21:17:54 +05:30
condition(:last_owner) { @subject.group.member_last_owner?(@subject) || @subject.group.member_last_blocked_owner?(@subject) }
2022-03-02 08:16:31 +05:30
condition(:project_bot) { @subject.user&.project_bot? && @subject.group.member?(@subject.user) }
2016-09-29 09:46:39 +05:30
2017-09-10 17:25:29 +05:30
desc "Membership is users' own"
with_score 0
2023-01-13 00:05:48 +05:30
condition(:target_is_self) { record_belongs_to_self? }
desc "Membership is users' own access request"
with_score 0
condition(:access_request_of_self) { record_is_access_request_of_self? }
2016-09-29 09:46:39 +05:30
2021-03-08 18:12:59 +05:30
rule { anonymous }.policy do
prevent :update_group_member
prevent :destroy_group_member
end
2021-01-29 00:20:46 +05:30
rule { last_owner }.policy do
prevent :update_group_member
prevent :destroy_group_member
end
2016-09-29 09:46:39 +05:30
2022-03-02 08:16:31 +05:30
rule { ~project_bot & can?(:admin_group_member) }.policy do
2017-09-10 17:25:29 +05:30
enable :update_group_member
enable :destroy_group_member
2017-08-17 22:00:37 +05:30
end
2022-03-02 08:16:31 +05:30
rule { project_bot & can?(:admin_group_member) }.enable :destroy_project_bot_member
2023-01-13 00:05:48 +05:30
rule { target_is_self }.policy do
2017-09-10 17:25:29 +05:30
enable :destroy_group_member
2016-09-29 09:46:39 +05:30
end
2023-01-13 00:05:48 +05:30
rule { access_request_of_self }.policy do
enable :withdraw_member_access_request
end
2016-09-29 09:46:39 +05:30
end
2019-12-04 20:38:33 +05:30
2021-06-08 01:23:25 +05:30
GroupMemberPolicy.prepend_mod_with('GroupMemberPolicy')