BigW Consortium Gitlab

ability.rb 2.68 KB
Newer Older
1
require_dependency 'declarative_policy'
2

gitlabhq committed
3
class Ability
Andrey Kumanyaev committed
4
  class << self
5 6 7
    # Given a list of users and a project this method returns the users that can
    # read the given project.
    def users_that_can_read_project(users, project)
8 9
      DeclarativePolicy.subject_scope do
        users.select { |u| allowed?(u, :read_project, project) }
10 11
      end
    end
12

13 14 15
    # Given a list of users and a snippet this method returns the users that can
    # read the given snippet.
    def users_that_can_read_personal_snippet(users, snippet)
16 17
      DeclarativePolicy.subject_scope do
        users.select { |u| allowed?(u, :read_personal_snippet, snippet) }
18 19 20
      end
    end

21 22 23 24
    # Returns an Array of Issues that can be read by the given user.
    #
    # issues - The issues to reduce down to those readable by the user.
    # user - The User for which to check the issues
25 26 27 28 29
    # filters - A hash of abilities and filters to apply if the user lacks this
    #           ability
    def issues_readable_by_user(issues, user = nil, filters: {})
      issues = apply_filters_if_needed(issues, user, filters)

30 31 32
      DeclarativePolicy.user_scope do
        issues.select { |issue| issue.visible_to_user?(user) }
      end
33 34
    end

35 36 37 38 39 40 41 42 43 44 45 46 47 48
    # Returns an Array of MergeRequests that can be read by the given user.
    #
    # merge_requests - MRs out of which to collect mr's readable by the user.
    # user - The User for which to check the merge_requests
    # filters - A hash of abilities and filters to apply if the user lacks this
    #           ability
    def merge_requests_readable_by_user(merge_requests, user = nil, filters: {})
      merge_requests = apply_filters_if_needed(merge_requests, user, filters)

      DeclarativePolicy.user_scope do
        merge_requests.select { |mr| allowed?(user, :read_merge_request, mr) }
      end
    end

49
    def can_edit_note?(user, note)
50
      allowed?(user, :edit_note, note)
51 52
    end

53 54 55 56
    def allowed?(user, action, subject = :global, opts = {})
      if subject.is_a?(Hash)
        opts, subject = subject, :global
      end
57

58
      policy = policy_for(user, subject)
59

60 61 62 63 64 65 66 67
      case opts[:scope]
      when :user
        DeclarativePolicy.user_scope { policy.can?(action) }
      when :subject
        DeclarativePolicy.subject_scope { policy.can?(action) }
      else
        policy.can?(action)
      end
68 69
    end

70 71 72
    def policy_for(user, subject = :global)
      cache = RequestStore.active? ? RequestStore : {}
      DeclarativePolicy.policy_for(user, subject, cache: cache)
73
    end
74 75 76 77 78 79 80 81 82 83

    private

    def apply_filters_if_needed(elements, user, filters)
      filters.each do |ability, filter|
        elements = filter.call(elements) unless allowed?(user, ability)
      end

      elements
    end
gitlabhq committed
84
  end
gitlabhq committed
85
end