1# frozen_string_literal: true 2 3module Ci 4 class PipelineSchedulePolicy < PipelinePolicy 5 alias_method :pipeline_schedule, :subject 6 7 condition(:protected_ref) do 8 ref_protected?(@user, @subject.project, @subject.project.repository.tag_exists?(@subject.ref), @subject.ref) 9 end 10 11 condition(:owner_of_schedule) do 12 pipeline_schedule.owned_by?(@user) 13 end 14 15 rule { can?(:create_pipeline) }.enable :play_pipeline_schedule 16 17 rule { can?(:admin_pipeline) | (can?(:update_build) & owner_of_schedule) }.policy do 18 enable :update_pipeline_schedule 19 enable :admin_pipeline_schedule 20 enable :read_pipeline_schedule_variables 21 end 22 23 rule { can?(:admin_pipeline_schedule) & ~owner_of_schedule }.policy do 24 enable :take_ownership_pipeline_schedule 25 end 26 27 rule { protected_ref }.prevent :play_pipeline_schedule 28 end 29end 30