gitlab-org--gitlab-foss/lib/gitlab/access.rb

# Gitlab::Access module
#
# Define allowed roles that can be used
# in GitLab code to determine authorization level
#
module Gitlab
  module Access
    class AccessDeniedError < StandardError; end

    NO_ACCESS = 0
    GUEST     = 10
    REPORTER  = 20
    DEVELOPER = 30
    MASTER    = 40
    OWNER     = 50

    # Branch protection settings
    PROTECTION_NONE          = 0
    PROTECTION_DEV_CAN_PUSH  = 1
    PROTECTION_FULL          = 2
    PROTECTION_DEV_CAN_MERGE = 3

    class << self
      def values
        options.values
      end

      def all_values
        options_with_owner.values
      end

      def options
        {
          "Guest"     => GUEST,
          "Reporter"  => REPORTER,
          "Developer" => DEVELOPER,
          "Master"    => MASTER,
        }
      end

      def options_with_owner
        options.merge(
          "Owner" => OWNER
        )
      end

      def sym_options
        {
          guest:     GUEST,
          reporter:  REPORTER,
          developer: DEVELOPER,
          master:    MASTER,
        }
      end

      def sym_options_with_owner
        sym_options.merge(owner: OWNER)
      end

      def protection_options
        {
          "Not protected: Both developers and masters can push new commits, force push, or delete the branch." => PROTECTION_NONE,
          "Protected against pushes: Developers cannot push new commits, but are allowed to accept merge requests to the branch." => PROTECTION_DEV_CAN_MERGE,
          "Partially protected: Developers can push new commits, but cannot force push or delete the branch. Masters can do all of those." => PROTECTION_DEV_CAN_PUSH,
          "Fully protected: Developers cannot push new commits, force push, or delete the branch. Only masters can do any of those." => PROTECTION_FULL,
        }
      end

      def protection_values
        protection_options.values
      end
    end

    def human_access
      Gitlab::Access.options_with_owner.key(access_field)
    end

    def owner?
      access_field == OWNER
    end
  end
end
Added Gitlab::Access module 2013-08-20 08:59:26 -04:00			`# Gitlab::Access module`
			`#`
			`# Define allowed roles that can be used`
			`# in GitLab code to determine authorization level`
			`#`
			`module Gitlab`
			`module Access`
Raise a new Gitlab::Access::AccessDeniedError when permission is not enough to destroy a member This is a try for a new approach to put the access checks at the service level. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 12:59:33 -04:00			`class AccessDeniedError < StandardError; end`

Optimize maximum user access level lookup in loading of notes NotesHelper#note_editable? and ProjectTeam#human_max_access currently take about 16% of the load time of an issue page. This MR preloads the maximum access level of users for all notes in issues and merge requests with several queries instead of one per user and caches the result in RequestStore. 2016-07-20 00:52:31 -04:00			`NO_ACCESS = 0`
Added Gitlab::Access module 2013-08-20 08:59:26 -04:00			`GUEST = 10`
			`REPORTER = 20`
			`DEVELOPER = 30`
			`MASTER = 40`
			`OWNER = 50`

Allow configuring protection of the default branch upon first push 2015-01-25 10:33:54 -05:00			`# Branch protection settings`
Revert "Revert "Merge branch '18193-developers-can-merge' into 'master' "" This reverts commit 530f5158e297f3cde27f3566cfe13bad74ba3b50. See !4892. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-18 04:16:56 -04:00			`PROTECTION_NONE = 0`
			`PROTECTION_DEV_CAN_PUSH = 1`
			`PROTECTION_FULL = 2`
			`PROTECTION_DEV_CAN_MERGE = 3`
Allow configuring protection of the default branch upon first push 2015-01-25 10:33:54 -05:00
Added Gitlab::Access module 2013-08-20 08:59:26 -04:00			`class << self`
			`def values`
			`options.values`
			`end`

Huge replace of old users_project and users_group references Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-09-14 12:32:51 -04:00			`def all_values`
			`options_with_owner.values`
			`end`

Added Gitlab::Access module 2013-08-20 08:59:26 -04:00			`def options`
			`{`
			`"Guest" => GUEST,`
			`"Reporter" => REPORTER,`
			`"Developer" => DEVELOPER,`
			`"Master" => MASTER,`
			`}`
			`end`

			`def options_with_owner`
			`options.merge(`
			`"Owner" => OWNER`
			`)`
			`end`

			`def sym_options`
			`{`
			`guest: GUEST,`
			`reporter: REPORTER,`
			`developer: DEVELOPER,`
			`master: MASTER,`
			`}`
			`end`
Allow configuring protection of the default branch upon first push 2015-01-25 10:33:54 -05:00
Allow Member.add_user to handle access requesters Changes include: - Ensure Member.add_user is not called directly when not necessary - New GroupMember.add_users_to_group to have the same abstraction level as for Project - Refactor Member.add_user to take a source instead of an array of members - Fix Rubocop offenses - Always use Project#add_user instead of project.team.add_user - Factorize users addition as members in Member.add_users_to_source - Make access_level a keyword argument in GroupMember.add_users_to_group and ProjectMember.add_users_to_projects - Destroy any requester before adding them as a member - Improve the way we handle access requesters in Member.add_user Instead of removing the requester and creating a new member, we now simply accepts their access request. This way, they will receive a "access request granted" email. - Fix error that was previously silently ignored - Stop raising when access level is invalid in Member, let Rails validation do their work Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-09-16 11:54:21 -04:00			`def sym_options_with_owner`
			`sym_options.merge(owner: OWNER)`
			`end`

Allow configuring protection of the default branch upon first push 2015-01-25 10:33:54 -05:00			`def protection_options`
Improve protected branches selectbox options 2015-02-03 21:12:20 -05:00			`{`
Improve description of branch protection levels. 2015-05-12 06:38:42 -04:00			`"Not protected: Both developers and masters can push new commits, force push, or delete the branch." => PROTECTION_NONE,`
Revert "Revert "Merge branch '18193-developers-can-merge' into 'master' "" This reverts commit 530f5158e297f3cde27f3566cfe13bad74ba3b50. See !4892. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-18 04:16:56 -04:00			`"Protected against pushes: Developers cannot push new commits, but are allowed to accept merge requests to the branch." => PROTECTION_DEV_CAN_MERGE,`
Improve description of branch protection levels. 2015-05-12 06:38:42 -04:00			`"Partially protected: Developers can push new commits, but cannot force push or delete the branch. Masters can do all of those." => PROTECTION_DEV_CAN_PUSH,`
			`"Fully protected: Developers cannot push new commits, force push, or delete the branch. Only masters can do any of those." => PROTECTION_FULL,`
Improve protected branches selectbox options 2015-02-03 21:12:20 -05:00			`}`
Allow configuring protection of the default branch upon first push 2015-01-25 10:33:54 -05:00			`end`
Improve protected branches selectbox options 2015-02-03 21:12:20 -05:00
Allow configuring protection of the default branch upon first push 2015-01-25 10:33:54 -05:00			`def protection_values`
			`protection_options.values`
			`end`
Added Gitlab::Access module 2013-08-20 08:59:26 -04:00			`end`

			`def human_access`
			`Gitlab::Access.options_with_owner.key(access_field)`
			`end`
Improve admin user show page Show permissions for all project. Add ability to remove user from group if not an owner Remove unnecessary admin controller 2013-08-27 14:35:41 -04:00
			`def owner?`
			`access_field == OWNER`
			`end`
Added Gitlab::Access module 2013-08-20 08:59:26 -04:00			`end`
			`end`