BigW Consortium Gitlab

group_policy.rb 1.38 KB
Newer Older
http://jneen.net/ committed
1 2 3 4 5 6
class GroupPolicy < BasePolicy
  def rules
    can! :read_group if @subject.public?
    return unless @user

    globally_viewable = @subject.public? || (@subject.internal? && !@user.external?)
7
    member = @subject.users_with_parents.include?(@user)
http://jneen.net/ committed
8 9 10 11 12 13 14
    owner = @user.admin? || @subject.has_owner?(@user)
    master = owner || @subject.has_master?(@user)

    can_read = false
    can_read ||= globally_viewable
    can_read ||= member
    can_read ||= @user.admin?
15
    can_read ||= GroupProjectsFinder.new(group: @subject, current_user: @user).execute.any?
http://jneen.net/ committed
16 17 18 19 20 21
    can! :read_group if can_read

    # Only group masters and group owners can create new projects
    if master
      can! :create_projects
      can! :admin_milestones
22
      can! :admin_label
http://jneen.net/ committed
23 24 25 26 27 28 29 30
    end

    # Only group owner and administrators can admin group
    if owner
      can! :admin_group
      can! :admin_namespace
      can! :admin_group_member
      can! :change_visibility_level
31
      can! :create_subgroup if @user.can_create_group
http://jneen.net/ committed
32 33 34 35 36 37 38 39 40 41 42 43 44
    end

    if globally_viewable && @subject.request_access_enabled && !member
      can! :request_access
    end
  end

  def can_read_group?
    return true if @subject.public?
    return true if @user.admin?
    return true if @subject.internal? && !@user.external?
    return true if @subject.users.include?(@user)

45
    GroupProjectsFinder.new(group: @subject, current_user: @user).execute.any?
http://jneen.net/ committed
46 47
  end
end