25 lines
826 B
Ruby
25 lines
826 B
Ruby
class ProjectSnippetPolicy < BasePolicy
|
|
def rules
|
|
# We have to check both project feature visibility and a snippet visibility and take the stricter one
|
|
# This will be simplified - check https://gitlab.com/gitlab-org/gitlab-ce/issues/27573
|
|
return unless @subject.project.feature_available?(:snippets, @user)
|
|
return unless Ability.allowed?(@user, :read_project, @subject.project)
|
|
|
|
can! :read_project_snippet if @subject.public?
|
|
return unless @user
|
|
|
|
if @user && (@subject.author == @user || @user.admin?)
|
|
can! :read_project_snippet
|
|
can! :update_project_snippet
|
|
can! :admin_project_snippet
|
|
end
|
|
|
|
if @subject.internal? && !@user.external?
|
|
can! :read_project_snippet
|
|
end
|
|
|
|
if @subject.project.team.member?(@user)
|
|
can! :read_project_snippet
|
|
end
|
|
end
|
|
end
|