debian-mirror-gitlab/app/policies/namespace_policy.rb
2018-03-17 18:26:18 +05:30

15 lines
493 B
Ruby

class NamespacePolicy < BasePolicy
rule { anonymous }.prevent_all
condition(:personal_project, scope: :subject) { @subject.kind == 'user' }
condition(:can_create_personal_project, scope: :user) { @user.can_create_project? }
condition(:owner) { @subject.owner == @user }
rule { owner | admin }.policy do
enable :create_projects
enable :admin_namespace
enable :read_namespace
end
rule { personal_project & ~can_create_personal_project }.prevent :create_projects
end