Class: Ability

Inherits:
Object
  • Object
show all
Defined in:
app/models/ability.rb

Class Method Summary collapse

Class Method Details

.allowed?(user, action, subject = :global, opts = {}) ⇒ Boolean

Returns:

  • (Boolean)

59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# File 'app/models/ability.rb', line 59

def allowed?(user, action, subject = :global, opts = {})
  if subject.is_a?(Hash)
    opts, subject = subject, :global
  end

  policy = policy_for(user, subject)

  case opts[:scope]
  when :user
    DeclarativePolicy.user_scope { policy.can?(action) }
  when :subject
    DeclarativePolicy.subject_scope { policy.can?(action) }
  else
    policy.can?(action)
  end
end

.issues_readable_by_user(issues, user = nil, filters: {}) ⇒ Object

Returns an Array of Issues that can be read by the given user.

issues - The issues to reduce down to those readable by the user. user - The User for which to check the issues filters - A hash of abilities and filters to apply if the user lacks this

ability

37
38
39
40
41
42
43
# File 'app/models/ability.rb', line 37

def issues_readable_by_user(issues, user = nil, filters: {})
  issues = apply_filters_if_needed(issues, user, filters)

  DeclarativePolicy.user_scope do
    issues.select { |issue| issue.visible_to_user?(user) }
  end
end

.merge_requests_readable_by_user(merge_requests, user = nil, filters: {}) ⇒ Object

Returns an Array of MergeRequests that can be read by the given user.

merge_requests - MRs out of which to collect MRs readable by the user. user - The User for which to check the merge_requests filters - A hash of abilities and filters to apply if the user lacks this

ability

51
52
53
54
55
56
57
# File 'app/models/ability.rb', line 51

def merge_requests_readable_by_user(merge_requests, user = nil, filters: {})
  merge_requests = apply_filters_if_needed(merge_requests, user, filters)

  DeclarativePolicy.user_scope do
    merge_requests.select { |mr| allowed?(user, :read_merge_request, mr) }
  end
end

.policy_for(user, subject = :global) ⇒ Object


76
77
78
79
# File 'app/models/ability.rb', line 76

def policy_for(user, subject = :global)
  cache = Gitlab::SafeRequestStore.active? ? Gitlab::SafeRequestStore : {}
  DeclarativePolicy.policy_for(user, subject, cache: cache)
end

.users_that_can_read_group(users, group) ⇒ Object

Given a list of users and a group this method returns the users that can read the given group.


17
18
19
20
21
# File 'app/models/ability.rb', line 17

def users_that_can_read_group(users, group)
  DeclarativePolicy.subject_scope do
    users.select { |u| allowed?(u, :read_group, group) }
  end
end

.users_that_can_read_personal_snippet(users, snippet) ⇒ Object

Given a list of users and a snippet this method returns the users that can read the given snippet.


25
26
27
28
29
# File 'app/models/ability.rb', line 25

def users_that_can_read_personal_snippet(users, snippet)
  DeclarativePolicy.subject_scope do
    users.select { |u| allowed?(u, :read_snippet, snippet) }
  end
end

.users_that_can_read_project(users, project) ⇒ Object

Given a list of users and a project this method returns the users that can read the given project.


9
10
11
12
13
# File 'app/models/ability.rb', line 9

def users_that_can_read_project(users, project)
  DeclarativePolicy.subject_scope do
    users.select { |u| allowed?(u, :read_project, project) }
  end
end