Extract 'read_package' rule into separate policy
What does this MR do and why?
We are in the process of making package permissions configurable at the project level (see #329253 (closed)).
Currently, the package permissions are included in the project policy (and group policy) using the DeclarativePolicy framework. In #329253 (comment 985804977), @10io suggested to extract the package permissions into a separate policy, starting with :read_package
.
So this MR extract the :read_package
rule into separate policy, both for projects and for groups. That's the 5. step of the implementation plan. This is a refactoring and everything should still work the same as before. The new policy rules for the package permissions will then be implemented in a follow-up MR.
/cc @bufferoverflow
How to set up and validate locally
- Check
:read_package
permission for different subjects (project, group, package).
authorize_read_package!(<subject>)
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.