22 lines
578 B
Ruby
22 lines
578 B
Ruby
# frozen_string_literal: true
|
|
|
|
module Ci
|
|
class JobArtifactPolicy < BasePolicy
|
|
delegate { @subject.job.project }
|
|
|
|
condition(:public_access, scope: :subject) do
|
|
@subject.public_access?
|
|
end
|
|
|
|
condition(:can_read_project_build, scope: :subject) do
|
|
can?(:read_build, @subject.job.project)
|
|
end
|
|
|
|
condition(:has_access_to_project) do
|
|
can?(:developer_access, @subject.job.project)
|
|
end
|
|
|
|
rule { can_read_project_build }.enable :read_job_artifacts
|
|
rule { ~public_access & ~has_access_to_project }.prevent :read_job_artifacts
|
|
end
|
|
end
|