BigW Consortium Gitlab

issuable_policy.rb 1.26 KB
Newer Older
1
class IssuablePolicy < BasePolicy
2
  delegate { @subject.project }
3

4 5
  condition(:locked, scope: :subject, score: 0) { @subject.discussion_locked? }

6 7 8 9 10 11 12 13 14 15 16 17 18
  # We aren't checking `:read_issue` or `:read_merge_request` in this case
  # because it could be possible for a user to see an issuable-iid
  # (`:read_issue_iid` or `:read_merge_request_iid`) but then wouldn't be allowed
  # to read the actual issue after a more expensive `:read_issue` check.
  #
  # `:read_issue` & `:read_issue_iid` could diverge in gitlab-ee.
  condition(:visible_to_user, score: 4) do
    Project.where(id: @subject.project)
      .public_or_visible_to_user(@user)
      .with_feature_available_for_user(@subject, @user)
      .any?
  end

19 20
  condition(:is_project_member) { @user && @subject.project && @subject.project.team.member?(@user) }

21 22 23 24
  desc "User is the assignee or author"
  condition(:assignee_or_author) do
    @user && @subject.assignee_or_author?(@user)
  end
25

26 27 28 29 30
  rule { assignee_or_author }.policy do
    enable :read_issue
    enable :update_issue
    enable :read_merge_request
    enable :update_merge_request
31
  end
32

33 34 35 36 37 38 39
  rule { locked & ~is_project_member }.policy do
    prevent :create_note
    prevent :update_note
    prevent :admin_note
    prevent :resolve_note
    prevent :edit_note
  end
40
end