#465: Added XxxPolicy classes for all models.

This commit is contained in:
Vokhmin Alexey V 2015-03-19 01:02:38 +03:00
parent de442480da
commit e829d35a89
20 changed files with 336 additions and 32 deletions

View File

@ -175,7 +175,7 @@ class Projects::ProjectsController < Projects::BaseController
end end
def preview def preview
authorize @project, :show? authorize @project
respond_to do |format| respond_to do |format|
format.json {} format.json {}
format.html {render inline: view_context.markdown(params[:text]), layout: false} format.html {render inline: view_context.markdown(params[:text]), layout: false}

View File

@ -118,33 +118,33 @@ class ApplicationPolicy
# #
# Returns true if he is, false otherwise. # Returns true if he is, false otherwise.
def local_admin?(r = record) def local_admin?(r = record)
best_role(r) == 'admin' owner?(r) || best_role(r) == 'admin'
end end
# Private: Check if provided user is at least record reader. # Private: Check if provided user is at least record reader.
# #
# Returns true if he is, false otherwise. # Returns true if he is, false otherwise.
def local_reader?(r = record) def local_reader?(r = record)
%w(reader writer admin).include? best_role(r) owner?(r) || %w(reader writer admin).include? best_role(r)
end end
# Private: Check if provided user is at least record writer. # Private: Check if provided user is at least record writer.
# #
# Returns true if he is, false otherwise. # Returns true if he is, false otherwise.
def local_writer?(r = record) def local_writer?(r = record)
%w(writer admin).include? best_role(r) owner?(r) || %w(writer admin).include? best_role(r)
end end
# Private: Check if provided user is record owner. # Private: Check if provided user is record owner.
# #
# Returns true if he is, false otherwise. # Returns true if he is, false otherwise.
def owner? def owner?(r = record)
( (
!record.try(:owner_type) && record.owner_id == user.id !r.try(:owner_type) && r.owner_id == user.id
) || ( ) || (
record.try(:owner_type) == 'User' && record.owner_id == user.id r.try(:owner_type) == 'User' && r.owner_id == user.id
) || ( ) || (
record.try(:owner_type) == 'Group' && user_own_group_ids.include?(record.owner_id) r.try(:owner_type) == 'Group' && user_own_group_ids.include?(r.owner_id)
) )
end end
@ -166,4 +166,13 @@ class ApplicationPolicy
end end
end end
# Public: Get user's platform ids.
#
# Returns the Array of platform ids.
def user_platform_ids
Rails.cache.fetch(['ApplicationPolicy#user_platform_ids', user]) do
user.repositories.pluck(:platform_id)
end
end
end end

View File

@ -1,3 +1,52 @@
class BuildListPolicy < ApplicationPolicy class BuildListPolicy < ApplicationPolicy
def show?
record.user_id == user.id || policy(record.project).show?
end
alias_method :read?, :show?
alias_method :log?, :show?
alias_method :everything?, :show?
alias_method :owned?, :show?
alias_method :everything?, :show?
alias_method :list?, :show?
def create?
return false unless record.project.is_package
return false unless policy(record.project).write?
record.build_for_platform.blank? || policy(record.build_for_platform).show?
end
alias_method :rerun_tests?, :create?
def publish_into_testing?
return false unless record.new_core?
return false unless record.can_publish_into_testing?
create? || ( record.save_to_platform.main? && publish? )
end
def publish?
return false unless record.new_core?
return false unless record.can_publish?
if record.build_published?
local_admin?(record.save_to_platform) || record.save_to_repository.members.exists?(id: user.id)
else
record.save_to_repository.publish_without_qa ?
policy(record.project).write? : local_admin?(record.save_to_platform)
end
end
def create_container?
return false unless record.new_core?
policy(record.project).write? || local_admin?(record.save_to_platform)
end
def reject_publish?
record.save_to_repository.publish_without_qa ?
policy(record.project).write? : local_admin?(record.save_to_platform)
end
def cancel?
policy(record.project).write?
end
end end

View File

@ -0,0 +1,12 @@
class CommentPolicy < ApplicationPolicy
def create?
policy(record.project).show?
end
alias_method :new_line?, :create?
def update?
record.user_id == user.id || local_admin?(record.project)
end
end

View File

@ -24,7 +24,18 @@ class GroupPolicy < ApplicationPolicy
owner? || local_admin? owner? || local_admin?
end end
alias_method :manage_members?, :update? alias_method :manage_members?, :update?
alias_method :remove_members?, :update? alias_method :members?, :update?
alias_method :add_member?, :update? alias_method :add_member?, :update?
alias_method :remove_member?, :update?
alias_method :remove_members?, :update?
alias_method :update_member?, :update?
def destroy?
owner?
end
def remove_user?
!user.guest?
end
end end

View File

@ -0,0 +1,11 @@
class HookPolicy < ApplicationPolicy
def show?
policy(record.project).update?
end
alias_method :read?, :show?
alias_method :create?, :show?
alias_method :destroy?, :show?
alias_method :update?, :show?
end

View File

@ -0,0 +1,17 @@
class IssuePolicy < ApplicationPolicy
def index?
record.project.has_issues?
end
def show?
policy(record.project).show?
end
alias_method :create?, :show?
alias_method :read?, :show?
def update?
record.user_id == user.id || local_admin?(record.project)
end
end

View File

@ -0,0 +1,8 @@
class KeyPairPolicy < ApplicationPolicy
def create?
key_pair.repository.blank? || local_admin?(record.repository.platform)
end
alias_method :destroy?, :create?
end

View File

@ -0,0 +1,18 @@
class MassBuildPolicy < ApplicationPolicy
def show?
policy(record.save_to_platform).show?
end
alias_method :read?, :show?
alias_method :get_list?, :show?
def create?
owner?(record.save_to_platform) || local_admin?(record.save_to_platform)
end
alias_method :publish?, :create?
def cancel?
!record.stop_build && create?
end
end

View File

@ -7,7 +7,16 @@ class PlatformPolicy < ApplicationPolicy
def show? def show?
return true unless record.hidden? return true unless record.hidden?
return true if record.owner == user return true if record.owner == user
return true if owner? owner? || local_reader? || user_platform_ids.include?(record.id)
end
alias_method :advisories?, :show?
alias_method :members?, :show?
alias_method :owned?, :show?
alias_method :read?, :show?
alias_method :related?, :show?
def platforms_for_build?
true
end end
def create? def create?
@ -17,15 +26,29 @@ class PlatformPolicy < ApplicationPolicy
def update? def update?
owner? owner?
end end
alias_method :change_visibility?, :update?
def destroy?
record.main? && owner?
end
def local_admin_manage? def local_admin_manage?
owner? || local_admin? owner? || local_admin?
end end
alias_method :add_project?, :local_admin_manage? alias_method :add_project?, :local_admin_manage?
alias_method :remove_file?, :local_admin_manage?
def clone? def clone?
return false if record.personal? record.main? && ( owner? || local_admin? )
owner? || local_admin? end
alias_method :add_member?, :clone?
alias_method :members?, :clone?
alias_method :regenerate_metadata?, :clone?
alias_method :remove_member?, :clone?
alias_method :remove_members?, :clone?
def clear?
record.personal? && owner?
end end
class Scope < Scope class Scope < Scope

View File

@ -0,0 +1,22 @@
class ProductBuildListPolicy < ApplicationPolicy
def show?
policy(record.platform).show?
end
alias_method :log?, :show?
alias_method :read?, :show?
def create?
policy(record.project).write? || policy(record.product).update?
end
alias_method :cancel?, :create?
def update?
policy(record.product).update?
end
def destroy?
policy(record.product).destroy?
end
end

View File

@ -1,3 +1,19 @@
class ProductPolicy < ApplicationPolicy class ProductPolicy < ApplicationPolicy
def index?
record.platform.main?
end
def show?
policy(record.platform).show?
end
alias_method :read?, :show?
def create?
record.platform.main? && local_admin?(record.platform)
end
alias_method :clone?, :create?
alias_method :destroy?, :create?
alias_method :update?, :create?
end end

View File

@ -3,21 +3,38 @@ class ProjectPolicy < ApplicationPolicy
def index? def index?
!user.guest? !user.guest?
end end
alias_method :remove_user?, :index?
alias_method :preview?, :index?
def show? def show?
record.public? || local_reader? return true if record.public?
return true if record.owner == user
return true if record.owner.is_a?(Group) && user_group_ids.inclide?(record.owner_id)
local_reader?
end end
alias_method :read?, :show? alias_method :read?, :show?
alias_method :fork?, :show? alias_method :fork?, :show?
alias_method :archive?, :show?
alias_method :get_id?, :show?
alias_method :refs_list?, :show?
def create? def create?
!user.guest? && (!record.try(:owner) || policy(record.owner).write?) !user.guest? && (!record.try(:owner) || policy(record.owner).write?)
end end
def update? def update?
local_admin? owner? || local_admin?
end end
alias_method :alias?, :update? alias_method :alias?, :update?
alias_method :sections?, :update?
alias_method :manage_collaborators?, :update?
alias_method :autocomplete_maintainers?, :update?
alias_method :add_member?, :update?
alias_method :remove_member?, :update?
alias_method :remove_members?, :update?
alias_method :update_member?, :update?
alias_method :members?, :update?
alias_method :schedule?, :update?
def destroy? def destroy?
owner? || record.owner.is_a?(Group) && record.owner.actors.exists?(actor_type: 'User', actor_id: user.id, role: 'admin') owner? || record.owner.is_a?(Group) && record.owner.actors.exists?(actor_type: 'User', actor_id: user.id, role: 'admin')
@ -35,7 +52,7 @@ class ProjectPolicy < ApplicationPolicy
# for grack # for grack
def write? def write?
local_writer? owner? || local_writer?
end end
def possible_forks def possible_forks

View File

@ -0,0 +1,22 @@
class PullRequestPolicy < ApplicationPolicy
def show?
policy(record.to_project).show?
end
alias_method :read?, :show?
alias_method :commits?, :show?
alias_method :files?, :show?
def create?
true
end
def update?
record.user_id == record.id || local_writer?(record.to_project)
end
def merge?
local_writer?(record.to_project)
end
end

View File

@ -1,8 +1,11 @@
class RepositoryPolicy < ApplicationPolicy class RepositoryPolicy < ApplicationPolicy
def update? def show?
local_admin?(record.platform) policy(record.platform).show?
end end
alias_method :projects?, :show?
alias_method :projects_list?, :show?
alias_method :read?, :show?
def reader? def reader?
local_reader?(record.platform) local_reader?(record.platform)
@ -16,19 +19,50 @@ class RepositoryPolicy < ApplicationPolicy
local_admin?(record.platform) local_admin?(record.platform)
end end
alias_method :manage_members?, :update? alias_method :manage_members?, :update?
alias_method :remove_members?, :update? alias_method :regenerate_metadata?, :update?
alias_method :add_member?, :update? alias_method :signatures?, :update?
def create?
return false if record.platform.personal? && name == 'main'
local_admin?(record.platform)
end
alias_method :destroy?, :create?
def packages?
record.platform.main? && local_admin?(record.platform)
end
alias_method :remove_member?, :packages?
alias_method :remove_members?, :packages?
alias_method :add_member?, :packages?
alias_method :sync_lock_file?, :packages?
def add_project? def add_project?
local_admin?(record.platform) || is_member_of_repository? local_admin?(record.platform) || repository_user_ids.include?(user.id)
end end
alias_method :remove_project?, :add_project? alias_method :remove_project?, :add_project?
def destroy?
owner?(record.platform)
end
alias_method :settings?, :destroy?
def key_pair?
user.system?
end
def add_repo_lock_file?
user.system? || ( record.platform.main? && local_admin?(record.platform) )
end
alias_method :remove_repo_lock_file?, :add_repo_lock_file?
private private
def is_member_of_repository? # Public: Get user ids of repository.
Rails.cache.fetch(['RepositoryPolicy#is_member_of_repository?', record, user]) do #
record.members.exists?(id: user.id) # Returns the Set of user ids.
def repository_user_ids
Rails.cache.fetch(['RepositoryPolicy#repository_user_ids', record]) do
Set.new record.member_ids
end end
end end

View File

@ -1,3 +1,7 @@
class StatisticPolicy < ApplicationPolicy class StatisticPolicy < ApplicationPolicy
def index?
true
end
end end

View File

@ -0,0 +1,12 @@
class SubscribePolicy < ApplicationPolicy
def create?
!user.guest? && record.subscribeable.subscribes.exists?(user_id: user.id)
end
def destroy?
!user.guest? &&
user.id == record.user_id &&
record.subscribeable.subscribes.exists?(user_id: user.id)
end
end

View File

@ -0,0 +1,10 @@
class TokenPolicy < ApplicationPolicy
def show?
local_admin?(record.subject)
end
alias_method :create?, :show?
alias_method :read?, :show?
alias_method :withdraw?, :show?
end

View File

@ -1,5 +1,13 @@
class UserPolicy < ApplicationPolicy class UserPolicy < ApplicationPolicy
def show?
true
end
def update?
record == user
end
def write? def write?
record == user record == user
end end

View File

@ -25,10 +25,11 @@
.row .row
hr hr
h3= t("layout.projects.list_header") h3= t("layout.projects.list_header")
- if policy(@repository).update? - if policy(@repository).add_project?
a.btn.btn-primary href=add_project_platform_repository_path(@platform, @repository) a.btn.btn-primary href=add_project_platform_repository_path(@platform, @repository)
= t('layout.projects.add') = t('layout.projects.add')
| &nbsp; | &nbsp;
- if policy(@repository).remove_project?
a.btn.btn-primary href=remove_project_platform_repository_path(@platform, @repository) a.btn.btn-primary href=remove_project_platform_repository_path(@platform, @repository)
= t('layout.repositories.mass_delete') = t('layout.repositories.mass_delete')
.row .row