Move all EE policy differences to EE specific modules
EE specific code that resides in app/policies
should be moved to the
corresponding EE specific modules that reside in ee/app/policies
, leaving
behind only the necessary prepend
and include
calls, which should be placed
at the end of the file).
Differences
app/policies/project_snippet_policy.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/policies/project_snippet_policy.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/policies/project_snippet_policy.rb
index 288bf070cfc..154853e3757 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/policies/project_snippet_policy.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/policies/project_snippet_policy.rb
@@ -29,6 +29,7 @@ class ProjectSnippetPolicy < BasePolicy
all?(private_snippet | (internal & external_user),
~project.guest,
~admin,
+ ~auditor,
~is_author)
end.prevent :read_project_snippet
@@ -44,4 +45,8 @@ class ProjectSnippetPolicy < BasePolicy
enable :update_project_snippet
enable :admin_project_snippet
end
+
+ # EE Extensions
+
+ rule { auditor }.enable :read_project_snippet
end
app/policies/group_policy.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/policies/group_policy.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/policies/group_policy.rb
index 6b4e56ef5e4..29f4f049bdc 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/policies/group_policy.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/policies/group_policy.rb
@@ -40,6 +40,7 @@ class GroupPolicy < BasePolicy
rule { guest }.policy do
enable :read_group
+ enable :read_list
enable :upload_file
enable :read_label
end
@@ -111,3 +112,5 @@ class GroupPolicy < BasePolicy
@access_level ||= @subject.max_member_access_for_user(@user)
end
end
+
+GroupPolicy.prepend(EE::GroupPolicy)
app/policies/group_member_policy.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/policies/group_member_policy.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/policies/group_member_policy.rb
index 6f1afb87c85..43a80ff8a4e 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/app/policies/group_member_policy.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/app/policies/group_member_policy.rb
@@ -21,4 +21,12 @@ class GroupMemberPolicy < BasePolicy
rule { is_target_user }.policy do
enable :destroy_group_member
end
+
+ ## EE extensions
+
+ condition(:ldap, score: 0) { @subject.ldap? }
+ condition(:override, score: 0) { @subject.override? }
+
+ rule { ~ldap }.prevent :override_group_member
+ rule { ldap & ~override }.prevent :update_group_member
end