BigW Consortium Gitlab

build_policy.rb 678 Bytes
Newer Older
1 2
module Ci
  class BuildPolicy < CommitStatusPolicy
3 4
    alias_method :build, :subject

5 6 7 8 9
    def rules
      super

      # If we can't read build we should also not have that
      # ability when looking at this in context of commit_status
10
      %w[read create update admin].each do |rule|
11 12
        cannot! :"#{rule}_commit_status" unless can? :"#{rule}_build"
      end
13

14 15 16
      if can?(:update_build) && protected_action?
        cannot! :update_build
      end
17 18 19 20
    end

    private

21
    def protected_action?
22
      return false unless build.action?
23

24
      !::Gitlab::UserAccess
25
        .new(user, project: build.project)
26
        .can_merge_to_branch?(build.ref)
27 28 29
    end
  end
end