BigW Consortium Gitlab

ability.rb 2.35 KB
Newer Older
gitlabhq committed
1
class Ability
Andrey Kumanyaev committed
2
  class << self
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
    # Given a list of users and a project this method returns the users that can
    # read the given project.
    def users_that_can_read_project(users, project)
      if project.public?
        users
      else
        users.select do |user|
          if user.admin?
            true
          elsif project.internal? && !user.external?
            true
          elsif project.owner == user
            true
          elsif project.team.members.include?(user)
            true
          else
            false
          end
        end
      end
    end
24

25 26 27 28 29 30 31
    # Given a list of users and a snippet this method returns the users that can
    # read the given snippet.
    def users_that_can_read_personal_snippet(users, snippet)
      case snippet.visibility_level
      when Snippet::INTERNAL, Snippet::PUBLIC
        users
      when Snippet::PRIVATE
Jarka Kadlecova committed
32
        users.include?(snippet.author) ? [snippet.author] : []
33 34 35
      end
    end

36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
    # Returns an Array of Issues that can be read by the given user.
    #
    # issues - The issues to reduce down to those readable by the user.
    # user - The User for which to check the issues
    def issues_readable_by_user(issues, user = nil)
      return issues if user && user.admin?

      issues.select { |issue| issue.visible_to_user?(user) }
    end

    # TODO: make this private and use the actual abilities stuff for this
    def can_edit_note?(user, note)
      return false if !note.editable? || !user.present?
      return true if note.author == user || user.admin?

      if note.project
        max_access_level = note.project.team.max_member_access(user.id)
        max_access_level >= Gitlab::Access::MASTER
      else
        false
      end
57 58
    end

59
    def allowed?(user, action, subject = :global)
60 61 62
      allowed(user, subject).include?(action)
    end

63 64
    def allowed(user, subject = :global)
      return BasePolicy::RuleSet.none if subject.nil?
65 66 67
      return uncached_allowed(user, subject) unless RequestStore.active?

      user_key = user ? user.id : 'anonymous'
68
      subject_key = subject == :global ? 'global' : "#{subject.class.name}/#{subject.id}"
69
      key = "/ability/#{user_key}/#{subject_key}"
70
      RequestStore[key] ||= uncached_allowed(user, subject).freeze
71 72
    end

73 74
    private

75
    def uncached_allowed(user, subject)
76
      BasePolicy.class_for(subject).abilities(user, subject)
77
    end
gitlabhq committed
78
  end
gitlabhq committed
79
end