Class: Ability
- Inherits:
-
Object
- Object
- Ability
- Defined in:
- app/models/ability.rb
Class Method Summary collapse
- .allowed?(user, action, subject = :global, opts = {}) ⇒ Boolean
-
.issues_readable_by_user(issues, user = nil, filters: {}) ⇒ Object
Returns an Array of Issues that can be read by the given user.
-
.merge_requests_readable_by_user(merge_requests, user = nil, filters: {}) ⇒ Object
Returns an Array of MergeRequests that can be read by the given user.
- .policy_for(user, subject = :global) ⇒ Object
-
.users_that_can_read_group(users, group) ⇒ Object
Given a list of users and a group this method returns the users that can read the given group.
-
.users_that_can_read_personal_snippet(users, snippet) ⇒ Object
Given a list of users and a snippet this method returns the users that can read the given snippet.
-
.users_that_can_read_project(users, project) ⇒ Object
Given a list of users and a project this method returns the users that can read the given project.
Class Method Details
.allowed?(user, action, subject = :global, opts = {}) ⇒ Boolean
59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
# File 'app/models/ability.rb', line 59 def allowed?(user, action, subject = :global, opts = {}) if subject.is_a?(Hash) opts, subject = subject, :global end policy = policy_for(user, subject) case opts[:scope] when :user DeclarativePolicy.user_scope { policy.can?(action) } when :subject DeclarativePolicy.subject_scope { policy.can?(action) } else policy.can?(action) end end |
.issues_readable_by_user(issues, user = nil, filters: {}) ⇒ Object
Returns an Array of Issues that can be read by the given user.
issues - The issues to reduce down to those readable by the user. user - The User for which to check the issues filters - A hash of abilities and filters to apply if the user lacks this
ability
37 38 39 40 41 42 43 |
# File 'app/models/ability.rb', line 37 def issues_readable_by_user(issues, user = nil, filters: {}) issues = apply_filters_if_needed(issues, user, filters) DeclarativePolicy.user_scope do issues.select { |issue| issue.visible_to_user?(user) } end end |
.merge_requests_readable_by_user(merge_requests, user = nil, filters: {}) ⇒ Object
Returns an Array of MergeRequests that can be read by the given user.
merge_requests - MRs out of which to collect MRs readable by the user. user - The User for which to check the merge_requests filters - A hash of abilities and filters to apply if the user lacks this
ability
51 52 53 54 55 56 57 |
# File 'app/models/ability.rb', line 51 def merge_requests_readable_by_user(merge_requests, user = nil, filters: {}) merge_requests = apply_filters_if_needed(merge_requests, user, filters) DeclarativePolicy.user_scope do merge_requests.select { |mr| allowed?(user, :read_merge_request, mr) } end end |
.policy_for(user, subject = :global) ⇒ Object
76 77 78 79 |
# File 'app/models/ability.rb', line 76 def policy_for(user, subject = :global) cache = Gitlab::SafeRequestStore.active? ? Gitlab::SafeRequestStore : {} DeclarativePolicy.policy_for(user, subject, cache: cache) end |
.users_that_can_read_group(users, group) ⇒ Object
Given a list of users and a group this method returns the users that can read the given group.
17 18 19 20 21 |
# File 'app/models/ability.rb', line 17 def users_that_can_read_group(users, group) DeclarativePolicy.subject_scope do users.select { |u| allowed?(u, :read_group, group) } end end |
.users_that_can_read_personal_snippet(users, snippet) ⇒ Object
Given a list of users and a snippet this method returns the users that can read the given snippet.
25 26 27 28 29 |
# File 'app/models/ability.rb', line 25 def users_that_can_read_personal_snippet(users, snippet) DeclarativePolicy.subject_scope do users.select { |u| allowed?(u, :read_snippet, snippet) } end end |
.users_that_can_read_project(users, project) ⇒ Object
Given a list of users and a project this method returns the users that can read the given project.
9 10 11 12 13 |
# File 'app/models/ability.rb', line 9 def users_that_can_read_project(users, project) DeclarativePolicy.subject_scope do users.select { |u| allowed?(u, :read_project, project) } end end |