gitlab-org--gitlab-foss/app/models/protected_branch.rb

# frozen_string_literal: true

class ProtectedBranch < ApplicationRecord
  include ProtectedRef
  include Gitlab::SQL::Pattern

  scope :requiring_code_owner_approval,
        -> { where(code_owner_approval_required: true) }

  protected_ref_access_levels :merge, :push

  def self.protected_ref_accessible_to?(ref, user, project:, action:, protected_refs: nil)
    # Maintainers, owners and admins are allowed to create the default branch

    if project.empty_repo? && project.default_branch_protected?
      return true if user.admin? || project.team.max_member_access(user.id) > Gitlab::Access::DEVELOPER
    end

    super
  end

  # Check if branch name is marked as protected in the system
  def self.protected?(project, ref_name)
    return true if project.empty_repo? && project.default_branch_protected?

    self.matching(ref_name, protected_refs: protected_refs(project)).present?
  end

  def self.any_protected?(project, ref_names)
    protected_refs(project).any? do |protected_ref|
      ref_names.any? do |ref_name|
        protected_ref.matches?(ref_name)
      end
    end
  end

  def self.protected_refs(project)
    project.protected_branches
  end

  # overridden in EE
  def self.branch_requires_code_owner_approval?(project, branch_name)
    false
  end

  def self.by_name(query)
    return none if query.blank?

    where(fuzzy_arel_match(:name, query.downcase))
  end

  def allow_multiple?(type)
    type == :push
  end
end

ProtectedBranch.prepend_if_ee('EE::ProtectedBranch')
Enable frozen string in app/models/*.rb Partially addresses #47424. 2018-07-25 05:30:33 -04:00			`# frozen_string_literal: true`

Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 09:17:42 -04:00			`class ProtectedBranch < ApplicationRecord`
Extract ProtectedRef Concern 2017-04-03 10:17:24 -04:00			`include ProtectedRef`
Add latest changes from gitlab-org/gitlab@master 2020-02-06 16:08:48 -05:00			`include Gitlab::SQL::Pattern`
ProtectedBranches model, Master permission for repo\n Allow push to protected branch for masters only 2012-02-15 15:02:33 -05:00
Add structure to support EE feature of COAR These are the structural changes for supporting the EE feature of moving "code_owner_approval_required" state from existing on a project to being on the protected branches individually, allowing for CODEOWNER validation on push events. 2019-09-05 09:01:36 -04:00			`scope :requiring_code_owner_approval,`
			`-> { where(code_owner_approval_required: true) }`

Backport EE refactorings for Protected Tag EE-only functionality Improvements and refactorings were made while adding role based permissions for protected tags to EE. This doesn’t backport the feature, but should improve code quality and minimize divergence. 2017-05-05 11:59:31 -04:00			`protected_ref_access_levels :merge, :push`
Moved Project#protected_branch? to ProtectedBranch, similar for tags 2017-04-03 13:59:58 -04:00
Allow admins to push to empty repos 2018-04-18 09:52:55 -04:00			`def self.protected_ref_accessible_to?(ref, user, project:, action:, protected_refs: nil)`
Rename master to maintainer 2018-05-22 04:51:45 -04:00			`# Maintainers, owners and admins are allowed to create the default branch`
Add latest changes from gitlab-org/gitlab@master 2020-03-02 07:07:57 -05:00
			`if project.empty_repo? && project.default_branch_protected?`
Allow admins to push to empty repos 2018-04-18 09:52:55 -04:00			`return true if user.admin? \|\| project.team.max_member_access(user.id) > Gitlab::Access::DEVELOPER`
			`end`

			`super`
			`end`

Moved Project#protected_branch? to ProtectedBranch, similar for tags 2017-04-03 13:59:58 -04:00			`# Check if branch name is marked as protected in the system`
			`def self.protected?(project, ref_name)`
Add latest changes from gitlab-org/gitlab@master 2020-03-02 07:07:57 -05:00			`return true if project.empty_repo? && project.default_branch_protected?`
Moved Project#protected_branch? to ProtectedBranch, similar for tags 2017-04-03 13:59:58 -04:00
Allow protected branch creation via web and API This commit includes changes to add `UserAccess#can_create_branch?` which will check whether the user is allowed to create a branch even if it matches a protected branch. This is used in `Gitlab::Checks::BranchCheck` when the branch name matches a protected branch. A `push_to_create_protected_branch` ability in `ProjectPolicy` has been added to allow Developers and above to create protected branches. 2019-03-06 07:20:27 -05:00			`self.matching(ref_name, protected_refs: protected_refs(project)).present?`
			`end`
Only load branch names for protected branch checks When checking if a branch is protected we don't need all columns of every protected branch row, instead we only care about the names. By using "select" here we reduce the amount of data we need to send over the wire and load into memory. 2017-11-28 10:50:44 -05:00
Allow protected branch creation via web and API This commit includes changes to add `UserAccess#can_create_branch?` which will check whether the user is allowed to create a branch even if it matches a protected branch. This is used in `Gitlab::Checks::BranchCheck` when the branch name matches a protected branch. A `push_to_create_protected_branch` ability in `ProjectPolicy` has been added to allow Developers and above to create protected branches. 2019-03-06 07:20:27 -05:00			`def self.any_protected?(project, ref_names)`
			`protected_refs(project).any? do \|protected_ref\|`
			`ref_names.any? do \|ref_name\|`
			`protected_ref.matches?(ref_name)`
			`end`
			`end`
Moved Project#protected_branch? to ProtectedBranch, similar for tags 2017-04-03 13:59:58 -04:00			`end`
Moved default_branch_protected? out of Project 2017-04-03 14:28:54 -04:00
Allow protected branch creation via web and API This commit includes changes to add `UserAccess#can_create_branch?` which will check whether the user is allowed to create a branch even if it matches a protected branch. This is used in `Gitlab::Checks::BranchCheck` when the branch name matches a protected branch. A `push_to_create_protected_branch` ability in `ProjectPolicy` has been added to allow Developers and above to create protected branches. 2019-03-06 07:20:27 -05:00			`def self.protected_refs(project)`
Add latest changes from gitlab-org/gitlab@master 2019-11-12 04:06:14 -05:00			`project.protected_branches`
Allow protected branch creation via web and API This commit includes changes to add `UserAccess#can_create_branch?` which will check whether the user is allowed to create a branch even if it matches a protected branch. This is used in `Gitlab::Checks::BranchCheck` when the branch name matches a protected branch. A `push_to_create_protected_branch` ability in `ProjectPolicy` has been added to allow Developers and above to create protected branches. 2019-03-06 07:20:27 -05:00			`end`
Add latest changes from gitlab-org/gitlab@master 2019-10-08 20:06:06 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-09-17 05:09:32 -04:00			`# overridden in EE`
Add latest changes from gitlab-org/gitlab@master 2019-10-08 20:06:06 -04:00			`def self.branch_requires_code_owner_approval?(project, branch_name)`
Add latest changes from gitlab-org/gitlab@master 2020-09-17 05:09:32 -04:00			`false`
Add latest changes from gitlab-org/gitlab@master 2019-10-08 20:06:06 -04:00			`end`
Add latest changes from gitlab-org/gitlab@master 2020-02-06 16:08:48 -05:00
			`def self.by_name(query)`
			`return none if query.blank?`

			`where(fuzzy_arel_match(:name, query.downcase))`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-12-07 13:10:36 -05:00
			`def allow_multiple?(type)`
			`type == :push`
			`end`
ProtectedBranches model, Master permission for repo\n Allow push to protected branch for masters only 2012-02-15 15:02:33 -05:00			`end`
Add latest changes from gitlab-org/gitlab@master 2019-09-13 09:26:31 -04:00
			`ProtectedBranch.prepend_if_ee('EE::ProtectedBranch')`