gitlabhq/app/models/ability.rb

131 lines
3 KiB
Ruby
Raw Normal View History

2011-10-08 23:36:38 +02:00
class Ability
2012-10-09 02:10:04 +02:00
class << self
def allowed(object, subject)
case subject.class.name
when "Project" then project_abilities(object, subject)
when "Issue" then issue_abilities(object, subject)
when "Note" then note_abilities(object, subject)
when "Snippet" then snippet_abilities(object, subject)
when "MergeRequest" then merge_request_abilities(object, subject)
when "Group" then group_abilities(object, subject)
2012-10-09 02:10:04 +02:00
else []
end
2011-10-08 23:36:38 +02:00
end
2012-10-09 02:10:04 +02:00
def project_abilities(user, project)
rules = []
2011-10-08 23:36:38 +02:00
# Rules based on role in project
if project.master_access_for?(user)
rules << project_master_rules
elsif project.dev_access_for?(user)
rules << project_dev_rules
elsif project.report_access_for?(user)
rules << project_report_rules
elsif project.guest_access_for?(user)
rules << project_guest_rules
end
if project.owner == user
rules << project_admin_rules
end
rules.flatten
end
def project_guest_rules
[
2012-10-09 02:10:04 +02:00
:read_project,
:read_wiki,
:read_issue,
:read_milestone,
:read_snippet,
:read_team_member,
:read_merge_request,
:read_note,
:write_project,
:write_issue,
:write_note
]
end
2012-02-20 19:16:55 +01:00
def project_report_rules
project_guest_rules + [
2012-10-09 02:10:04 +02:00
:download_code,
:write_merge_request,
:write_snippet
]
end
2012-02-20 19:16:55 +01:00
def project_dev_rules
project_report_rules + [
:write_wiki,
:push_code
]
end
def project_master_rules
project_dev_rules + [
:push_code_to_protected_branches,
2012-10-09 02:10:04 +02:00
:modify_issue,
:modify_snippet,
:modify_merge_request,
:admin_issue,
:admin_milestone,
:admin_snippet,
:admin_team_member,
:admin_merge_request,
:admin_note,
:accept_mr,
:admin_wiki,
:admin_project
]
end
2011-10-08 23:36:38 +02:00
def project_admin_rules
project_master_rules + [
:change_namespace,
:rename_project,
:remove_project
]
2012-10-09 02:10:04 +02:00
end
2011-10-17 12:39:03 +02:00
def group_abilities user, group
rules = []
# Only group owner and administrators can manage group
if group.owner == user || user.admin?
rules << [
:manage_group
]
end
rules.flatten
end
2012-02-20 19:16:55 +01:00
[:issue, :note, :snippet, :merge_request].each do |name|
2011-10-17 12:39:03 +02:00
define_method "#{name}_abilities" do |user, subject|
if subject.author == user
[
:"read_#{name}",
:"write_#{name}",
2011-12-15 22:57:46 +01:00
:"modify_#{name}",
2011-10-17 12:39:03 +02:00
:"admin_#{name}"
]
elsif subject.respond_to?(:assignee) && subject.assignee == user
[
:"read_#{name}",
:"write_#{name}",
:"modify_#{name}",
]
2011-10-17 12:39:03 +02:00
else
2012-10-09 02:10:04 +02:00
subject.respond_to?(:project) ? project_abilities(user, subject.project) : []
2011-10-17 12:39:03 +02:00
end
end
end
end
2011-10-08 23:36:38 +02:00
end