diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index ebc2a4651ba5959b3d351b1f06d63316cc2bd643..bd4ba384b2937dffdf70c4fe6972024712328bb9 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -24,7 +24,7 @@ class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
- helper_method :abilities, :can?, :current_application_settings
+ helper_method :can?, :current_application_settings
helper_method :import_sources_enabled?, :github_import_enabled?, :github_import_configured?, :gitlab_import_enabled?, :gitlab_import_configured?, :bitbucket_import_enabled?, :bitbucket_import_configured?, :google_code_import_enabled?, :fogbugz_import_enabled?, :git_import_enabled?, :gitlab_project_import_enabled?
rescue_from Encoding::CompatibilityError do |exception|
@@ -97,12 +97,8 @@ class ApplicationController < ActionController::Base
current_application_settings.after_sign_out_path.presence || new_user_session_path
end
- def abilities
- Ability.abilities
- end
-
def can?(object, action, subject)
- abilities.allowed?(object, action, subject)
+ Ability.allowed?(object, action, subject)
end
def access_denied!
diff --git a/app/finders/issuable_finder.rb b/app/finders/issuable_finder.rb
index 33daac0399e29551b63af478c056d0a2e6d7d2b8..60996b181f22d005ae7215fe307639767aaf26b2 100644
--- a/app/finders/issuable_finder.rb
+++ b/app/finders/issuable_finder.rb
@@ -64,7 +64,7 @@ class IssuableFinder
if project?
@project = Project.find(params[:project_id])
- unless Ability.abilities.allowed?(current_user, :read_project, @project)
+ unless Ability.allowed?(current_user, :read_project, @project)
@project = nil
end
else
diff --git a/app/finders/todos_finder.rb b/app/finders/todos_finder.rb
index 06b3e8a9502372e44dfc1728c2b9c64cab65ed9e..a93a63bdb9b7892650063caf1763ae1360bfe817 100644
--- a/app/finders/todos_finder.rb
+++ b/app/finders/todos_finder.rb
@@ -83,7 +83,7 @@ class TodosFinder
if project?
@project = Project.find(params[:project_id])
- unless Ability.abilities.allowed?(current_user, :read_project, @project)
+ unless Ability.allowed?(current_user, :read_project, @project)
@project = nil
end
else
diff --git a/app/mailers/base_mailer.rb b/app/mailers/base_mailer.rb
index 8b83bbd93b74fc42d04bf4470f0d4d39586486e0..61a574d3dc0d1a9ec23360d3cefd03cde1bea350 100644
--- a/app/mailers/base_mailer.rb
+++ b/app/mailers/base_mailer.rb
@@ -9,7 +9,7 @@ class BaseMailer < ActionMailer::Base
default reply_to: Proc.new { default_reply_to_address.format }
def can?
- Ability.abilities.allowed?(current_user, action, subject)
+ Ability.allowed?(current_user, action, subject)
end
private
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 3eb8a5f6e03d03d0697f98ae86e23e1e6622a8b7..891c5ba9276751be721020b583d8739d202aed73 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -592,11 +592,6 @@ class Ability
[:read_user]
end
- def abilities
- warn 'Ability.abilities is deprecated, use Ability.allowed?(user, action, subject) instead'
- self
- end
-
def restricted_public_level?
current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC)
end
diff --git a/app/models/event.rb b/app/models/event.rb
index fd736d123593b66b386c552b006a8146f2756d9d..a0b7b0dc2b597016dfc0854abfc350ce20b7f634 100644
--- a/app/models/event.rb
+++ b/app/models/event.rb
@@ -65,7 +65,7 @@ class Event < ActiveRecord::Base
elsif created_project?
true
elsif issue? || issue_note?
- Ability.abilities.allowed?(user, :read_issue, note? ? note_target : target)
+ Ability.allowed?(user, :read_issue, note? ? note_target : target)
else
((merge_request? || note?) && target.present?) || milestone?
end
diff --git a/app/models/merge_request.rb b/app/models/merge_request.rb
index 62163e7400070f007f1690b9efedb49de3d3a8a1..57d673a5f258e91b66bb7a1609c7f09dedf5c873 100644
--- a/app/models/merge_request.rb
+++ b/app/models/merge_request.rb
@@ -411,7 +411,7 @@ class MergeRequest < ActiveRecord::Base
def can_remove_source_branch?(current_user)
!source_project.protected_branch?(source_branch) &&
!source_project.root_ref?(source_branch) &&
- Ability.abilities.allowed?(current_user, :push_code, source_project) &&
+ Ability.allowed?(current_user, :push_code, source_project) &&
diff_head_commit == source_branch_head
end
diff --git a/app/models/user.rb b/app/models/user.rb
index ad3cfbc03e4c6a5cfefc31194107164b4fb34b4e..8f5958333d788f5b356e39ad081d1cbec7e39e55 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -460,16 +460,12 @@ class User < ActiveRecord::Base
can?(:create_group, nil)
end
- def abilities
- Ability.abilities
- end
-
def can_select_namespace?
several_namespaces? || admin
end
def can?(action, subject)
- abilities.allowed?(self, action, subject)
+ Ability.allowed?(self, action, subject)
end
def first_name
diff --git a/app/services/base_service.rb b/app/services/base_service.rb
index 0d55ba5a9816a944123058c034de268b9bd88f7b..0c208150fb86f3932010e3ef21b26017e94b9236 100644
--- a/app/services/base_service.rb
+++ b/app/services/base_service.rb
@@ -7,12 +7,8 @@ class BaseService
@project, @current_user, @params = project, user, params.dup
end
- def abilities
- Ability.abilities
- end
-
def can?(object, action, subject)
- abilities.allowed?(object, action, subject)
+ Ability.allowed?(object, action, subject)
end
def notification_service
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 1afca5fe2e8f94abb754c73ed47a25c7ac0261ab..fdb70af694d9b1037c3bc862e7d0a063176df403 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -148,7 +148,7 @@ module API
end
def can?(object, action, subject)
- abilities.allowed?(object, action, subject)
+ Ability.allowed?(object, action, subject)
end
# Checks the occurrences of required attributes, each attribute must be present in the params hash
@@ -408,10 +408,6 @@ module API
links.join(', ')
end
- def abilities
- Ability
- end
-
def secret_token
File.read(Gitlab.config.gitlab_shell.secret_file).chomp
end
diff --git a/lib/banzai/reference_parser/base_parser.rb b/lib/banzai/reference_parser/base_parser.rb
index 6cf218aaa0d304022ba1ce91c9f9716bca50add1..e8e03e4a98fefa220090b0d9a4785d7f6181bc8e 100644
--- a/lib/banzai/reference_parser/base_parser.rb
+++ b/lib/banzai/reference_parser/base_parser.rb
@@ -211,7 +211,7 @@ module Banzai
end
def can?(user, permission, subject)
- Ability.abilities.allowed?(user, permission, subject)
+ Ability.allowed?(user, permission, subject)
end
def find_projects_for_hash_keys(hash)
diff --git a/spec/controllers/projects/boards/issues_controller_spec.rb b/spec/controllers/projects/boards/issues_controller_spec.rb
index d0ad5e26dbd077725cfc8bf28d546a9483191998..2896636db5a4b19bbd00258478188bbaa540795c 100644
--- a/spec/controllers/projects/boards/issues_controller_spec.rb
+++ b/spec/controllers/projects/boards/issues_controller_spec.rb
@@ -41,8 +41,8 @@ describe Projects::Boards::IssuesController do
context 'with unauthorized user' do
before do
- allow(Ability.abilities).to receive(:allowed?).with(user, :read_project, project).and_return(true)
- allow(Ability.abilities).to receive(:allowed?).with(user, :read_issue, project).and_return(false)
+ allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
+ allow(Ability).to receive(:allowed?).with(user, :read_issue, project).and_return(false)
end
it 'returns a successful 403 response' do
diff --git a/spec/controllers/projects/boards/lists_controller_spec.rb b/spec/controllers/projects/boards/lists_controller_spec.rb
index 9496636e3cc4c58d77d4b09aa4882c33bd1f5f71..af0491bf486031bf27d9a2166b7483b620806f7c 100644
--- a/spec/controllers/projects/boards/lists_controller_spec.rb
+++ b/spec/controllers/projects/boards/lists_controller_spec.rb
@@ -35,8 +35,8 @@ describe Projects::Boards::ListsController do
context 'with unauthorized user' do
before do
- allow(Ability.abilities).to receive(:allowed?).with(user, :read_project, project).and_return(true)
- allow(Ability.abilities).to receive(:allowed?).with(user, :read_list, project).and_return(false)
+ allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
+ allow(Ability).to receive(:allowed?).with(user, :read_list, project).and_return(false)
end
it 'returns a successful 403 response' do
diff --git a/spec/controllers/projects/boards_controller_spec.rb b/spec/controllers/projects/boards_controller_spec.rb
index 75a6d39e82c1a84652e750d76dbdfe858e88d99b..6f6e608e1f3fa4bac30573ae419785bd6391205f 100644
--- a/spec/controllers/projects/boards_controller_spec.rb
+++ b/spec/controllers/projects/boards_controller_spec.rb
@@ -23,8 +23,8 @@ describe Projects::BoardsController do
context 'with unauthorized user' do
before do
- allow(Ability.abilities).to receive(:allowed?).with(user, :read_project, project).and_return(true)
- allow(Ability.abilities).to receive(:allowed?).with(user, :read_board, project).and_return(false)
+ allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
+ allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false)
end
it 'returns a successful 404 response' do
diff --git a/spec/lib/banzai/reference_parser/base_parser_spec.rb b/spec/lib/banzai/reference_parser/base_parser_spec.rb
index ac9c66e2663bb9f07d5de7d40af132850588848a..9095d2b1345b1a546cb81eb751336999caf8edb4 100644
--- a/spec/lib/banzai/reference_parser/base_parser_spec.rb
+++ b/spec/lib/banzai/reference_parser/base_parser_spec.rb
@@ -30,7 +30,7 @@ describe Banzai::ReferenceParser::BaseParser, lib: true do
it 'returns the nodes if the attribute value equals the current project ID' do
link['data-project'] = project.id.to_s
- expect(Ability.abilities).not_to receive(:allowed?)
+ expect(Ability).not_to receive(:allowed?)
expect(subject.nodes_visible_to_user(user, [link])).to eq([link])
end
@@ -39,7 +39,7 @@ describe Banzai::ReferenceParser::BaseParser, lib: true do
link['data-project'] = other_project.id.to_s
- expect(Ability.abilities).to receive(:allowed?).
+ expect(Ability).to receive(:allowed?).
with(user, :read_project, other_project).
and_return(true)
@@ -57,7 +57,7 @@ describe Banzai::ReferenceParser::BaseParser, lib: true do
link['data-project'] = other_project.id.to_s
- expect(Ability.abilities).to receive(:allowed?).
+ expect(Ability).to receive(:allowed?).
with(user, :read_project, other_project).
and_return(false)
@@ -221,7 +221,7 @@ describe Banzai::ReferenceParser::BaseParser, lib: true do
it 'delegates the permissions check to the Ability class' do
user = double(:user)
- expect(Ability.abilities).to receive(:allowed?).
+ expect(Ability).to receive(:allowed?).
with(user, :read_project, project)
subject.can?(user, :read_project, project)
diff --git a/spec/lib/banzai/reference_parser/user_parser_spec.rb b/spec/lib/banzai/reference_parser/user_parser_spec.rb
index 9a82891297d3f2e10b3e6fd8379ff5f1ede383f2..4e7f82a6e0933952e4c260dd266591f64ad8c046 100644
--- a/spec/lib/banzai/reference_parser/user_parser_spec.rb
+++ b/spec/lib/banzai/reference_parser/user_parser_spec.rb
@@ -82,7 +82,7 @@ describe Banzai::ReferenceParser::UserParser, lib: true do
end
it 'returns the nodes if the user can read the group' do
- expect(Ability.abilities).to receive(:allowed?).
+ expect(Ability).to receive(:allowed?).
with(user, :read_group, group).
and_return(true)
@@ -90,7 +90,7 @@ describe Banzai::ReferenceParser::UserParser, lib: true do
end
it 'returns an empty Array if the user can not read the group' do
- expect(Ability.abilities).to receive(:allowed?).
+ expect(Ability).to receive(:allowed?).
with(user, :read_group, group).
and_return(false)
@@ -103,7 +103,7 @@ describe Banzai::ReferenceParser::UserParser, lib: true do
it 'returns the nodes if the attribute value equals the current project ID' do
link['data-project'] = project.id.to_s
- expect(Ability.abilities).not_to receive(:allowed?)
+ expect(Ability).not_to receive(:allowed?)
expect(subject.nodes_visible_to_user(user, [link])).to eq([link])
end
@@ -113,7 +113,7 @@ describe Banzai::ReferenceParser::UserParser, lib: true do
link['data-project'] = other_project.id.to_s
- expect(Ability.abilities).to receive(:allowed?).
+ expect(Ability).to receive(:allowed?).
with(user, :read_project, other_project).
and_return(true)
@@ -125,7 +125,7 @@ describe Banzai::ReferenceParser::UserParser, lib: true do
link['data-project'] = other_project.id.to_s
- expect(Ability.abilities).to receive(:allowed?).
+ expect(Ability).to receive(:allowed?).
with(user, :read_project, other_project).
and_return(false)
diff --git a/spec/models/members/project_member_spec.rb b/spec/models/members/project_member_spec.rb
index c2bf48da44e34607b7b2daf23a50aace68661f92..be57957b569dcb456d8eed65feb5e73c20d2308c 100644
--- a/spec/models/members/project_member_spec.rb
+++ b/spec/models/members/project_member_spec.rb
@@ -71,8 +71,6 @@ describe ProjectMember, models: true do
describe :import_team do
before do
- @abilities = Ability
-
@project_1 = create :project
@project_2 = create :project
@@ -91,8 +89,8 @@ describe ProjectMember, models: true do
it { expect(@project_2.users).to include(@user_1) }
it { expect(@project_2.users).to include(@user_2) }
- it { expect(@abilities.allowed?(@user_1, :create_project, @project_2)).to be_truthy }
- it { expect(@abilities.allowed?(@user_2, :read_project, @project_2)).to be_truthy }
+ it { expect(Ability.allowed?(@user_1, :create_project, @project_2)).to be_truthy }
+ it { expect(Ability.allowed?(@user_2, :read_project, @project_2)).to be_truthy }
end
describe 'project 1 should not be changed' do
diff --git a/spec/models/note_spec.rb b/spec/models/note_spec.rb
index f4b9fa270e4f06ae77cf9975d4f52e7e639302af..e6b6e7c06344d7c1de2dcf9f2b60d9aafff1bb5d 100644
--- a/spec/models/note_spec.rb
+++ b/spec/models/note_spec.rb
@@ -85,7 +85,6 @@ describe Note, models: true do
@u1 = create(:user)
@u2 = create(:user)
@u3 = create(:user)
- @abilities = Ability
end
describe 'read' do
@@ -94,9 +93,9 @@ describe Note, models: true do
@p2.project_members.create(user: @u3, access_level: ProjectMember::GUEST)
end
- it { expect(@abilities.allowed?(@u1, :read_note, @p1)).to be_falsey }
- it { expect(@abilities.allowed?(@u2, :read_note, @p1)).to be_truthy }
- it { expect(@abilities.allowed?(@u3, :read_note, @p1)).to be_falsey }
+ it { expect(Ability.allowed?(@u1, :read_note, @p1)).to be_falsey }
+ it { expect(Ability.allowed?(@u2, :read_note, @p1)).to be_truthy }
+ it { expect(Ability.allowed?(@u3, :read_note, @p1)).to be_falsey }
end
describe 'write' do
@@ -105,9 +104,9 @@ describe Note, models: true do
@p2.project_members.create(user: @u3, access_level: ProjectMember::DEVELOPER)
end
- it { expect(@abilities.allowed?(@u1, :create_note, @p1)).to be_falsey }
- it { expect(@abilities.allowed?(@u2, :create_note, @p1)).to be_truthy }
- it { expect(@abilities.allowed?(@u3, :create_note, @p1)).to be_falsey }
+ it { expect(Ability.allowed?(@u1, :create_note, @p1)).to be_falsey }
+ it { expect(Ability.allowed?(@u2, :create_note, @p1)).to be_truthy }
+ it { expect(Ability.allowed?(@u3, :create_note, @p1)).to be_falsey }
end
describe 'admin' do
@@ -117,9 +116,9 @@ describe Note, models: true do
@p2.project_members.create(user: @u3, access_level: ProjectMember::MASTER)
end
- it { expect(@abilities.allowed?(@u1, :admin_note, @p1)).to be_falsey }
- it { expect(@abilities.allowed?(@u2, :admin_note, @p1)).to be_truthy }
- it { expect(@abilities.allowed?(@u3, :admin_note, @p1)).to be_falsey }
+ it { expect(Ability.allowed?(@u1, :admin_note, @p1)).to be_falsey }
+ it { expect(Ability.allowed?(@u2, :admin_note, @p1)).to be_truthy }
+ it { expect(Ability.allowed?(@u3, :admin_note, @p1)).to be_falsey }
end
end