BigW Consortium Gitlab

Commit 5f7be11a by Kamil Trzcinski

Simplify abilities

parent c3d897a9
...@@ -5,10 +5,9 @@ class Ability ...@@ -5,10 +5,9 @@ class Ability
return [] unless user.is_a?(User) return [] unless user.is_a?(User)
return [] if user.blocked? return [] if user.blocked?
# We check with `is_a?`, because CommitStatus uses inheritance
if subject.is_a?(CommitStatus) if subject.is_a?(CommitStatus)
rules = project_abilities(user, subject) return commit_status_abilities(user, subject)
rules = filter_build_abilities(rules) if subject.is_a?(Ci::Build)
return rules
end end
case subject.class.name case subject.class.name
...@@ -32,9 +31,7 @@ class Ability ...@@ -32,9 +31,7 @@ class Ability
when subject.is_a?(PersonalSnippet) when subject.is_a?(PersonalSnippet)
anonymous_personal_snippet_abilities(subject) anonymous_personal_snippet_abilities(subject)
when subject.is_a?(CommitStatus) when subject.is_a?(CommitStatus)
rules = anonymous_project_abilities(subject) anonymous_commit_status_abilities(subject)
rules = filter_build_abilities(rules) if subject.is_a?(Ci::Build)
rules
when subject.is_a?(Project) || subject.respond_to?(:project) when subject.is_a?(Project) || subject.respond_to?(:project)
anonymous_project_abilities(subject) anonymous_project_abilities(subject)
when subject.is_a?(Group) || subject.respond_to?(:group) when subject.is_a?(Group) || subject.respond_to?(:group)
...@@ -66,9 +63,8 @@ class Ability ...@@ -66,9 +63,8 @@ class Ability
:download_code :download_code
] ]
if project.allow_guest_to_access_builds? # Allow to read builds by anonymous user if guests are allowed
rules << :read_build rules << :read_build if project.allow_guest_to_access_builds?
end
rules - project_disabled_features_rules(project) rules - project_disabled_features_rules(project)
else else
...@@ -76,6 +72,13 @@ class Ability ...@@ -76,6 +72,13 @@ class Ability
end end
end end
def anonymous_commit_status_abilities(subject)
rules = anonymous_project_abilities(subject.project)
# If subject is Ci::Build which inherits from CommitStatus filter the abilities
rules = filter_build_abilities(rules) if subject.is_a?(Ci::Build)
rules
end
def anonymous_group_abilities(subject) def anonymous_group_abilities(subject)
group = if subject.is_a?(Group) group = if subject.is_a?(Group)
subject subject
...@@ -123,18 +126,15 @@ class Ability ...@@ -123,18 +126,15 @@ class Ability
elsif team.guest?(user) elsif team.guest?(user)
rules.push(*project_guest_rules) rules.push(*project_guest_rules)
if project.allow_guest_to_access_builds?
rules << :read_build
end
end end
if project.public? || project.internal? if project.public? || project.internal?
rules.push(*public_project_rules) rules.push(*public_project_rules)
end
if project.allow_guest_to_access_builds? # Allow to read builds if guests are allowed
rules << :read_build if team.guest?(user) || project.public? || project.internal?
end rules << :read_build if project.allow_guest_to_access_builds?
end end
if project.owner == user || user.admin? if project.owner == user || user.admin?
...@@ -406,6 +406,13 @@ class Ability ...@@ -406,6 +406,13 @@ class Ability
rules rules
end end
def commit_status_abilities(user, subject)
rules = project_abilities(user, subject.project)
# If subject is Ci::Build which inherits from CommitStatus filter the abilities
rules = filter_build_abilities(rules) if subject.is_a?(Ci::Build)
rules
end
def filter_build_abilities(rules) def filter_build_abilities(rules)
# If we can't read build we should also not have that # If we can't read build we should also not have that
# ability when looking at this in context of commit_status # ability when looking at this in context of commit_status
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment