gitlab-org--gitlab-foss/app/models/project_feature.rb

# frozen_string_literal: true

class ProjectFeature < ApplicationRecord
  include Featurable

  FEATURES = %i(issues forking merge_requests wiki snippets builds repository pages metrics_dashboard).freeze

  set_available_features(FEATURES)

  PRIVATE_FEATURES_MIN_ACCESS_LEVEL = { merge_requests: Gitlab::Access::REPORTER, metrics_dashboard: Gitlab::Access::REPORTER }.freeze
  PRIVATE_FEATURES_MIN_ACCESS_LEVEL_FOR_PRIVATE_PROJECT = { repository: Gitlab::Access::REPORTER }.freeze

  class << self
    def required_minimum_access_level(feature)
      feature = ensure_feature!(feature)

      PRIVATE_FEATURES_MIN_ACCESS_LEVEL.fetch(feature, Gitlab::Access::GUEST)
    end

    # Guest users can perform certain features on public and internal projects, but not private projects.
    def required_minimum_access_level_for_private_project(feature)
      feature = ensure_feature!(feature)

      PRIVATE_FEATURES_MIN_ACCESS_LEVEL_FOR_PRIVATE_PROJECT.fetch(feature) do
        required_minimum_access_level(feature)
      end
    end
  end

  # Default scopes force us to unscope here since a service may need to check
  # permissions for a project in pending_delete
  # http://stackoverflow.com/questions/1540645/how-to-disable-default-scope-for-a-belongs-to
  belongs_to :project, -> { unscope(where: :pending_delete) }

  validates :project, presence: true

  validate :repository_children_level
  validate :allowed_access_levels

  default_value_for :builds_access_level,            value: ENABLED, allows_nil: false
  default_value_for :issues_access_level,            value: ENABLED, allows_nil: false
  default_value_for :forking_access_level,           value: ENABLED, allows_nil: false
  default_value_for :merge_requests_access_level,    value: ENABLED, allows_nil: false
  default_value_for :snippets_access_level,          value: ENABLED, allows_nil: false
  default_value_for :wiki_access_level,              value: ENABLED, allows_nil: false
  default_value_for :repository_access_level,        value: ENABLED, allows_nil: false
  default_value_for :metrics_dashboard_access_level, value: PRIVATE, allows_nil: false

  default_value_for(:pages_access_level, allows_nil: false) do |feature|
    if ::Gitlab::Pages.access_control_is_forced?
      PRIVATE
    else
      feature.project&.public? ? ENABLED : PRIVATE
    end
  end

  def public_pages?
    return true unless Gitlab.config.pages.access_control

    return false if ::Gitlab::Pages.access_control_is_forced?

    pages_access_level == PUBLIC || pages_access_level == ENABLED && project.public?
  end

  def private_pages?
    !public_pages?
  end

  private

  # Validates builds and merge requests access level
  # which cannot be higher than repository access level
  def repository_children_level
    validator = lambda do |field|
      level = public_send(field) || ENABLED # rubocop:disable GitlabSecurity/PublicSend
      not_allowed = level > repository_access_level
      self.errors.add(field, "cannot have higher visibility level than repository access level") if not_allowed
    end

    %i(merge_requests_access_level builds_access_level).each(&validator)
  end

  # Validates access level for other than pages cannot be PUBLIC
  def allowed_access_levels
    validator = lambda do |field|
      level = public_send(field) || ENABLED # rubocop:disable GitlabSecurity/PublicSend
      not_allowed = level > ENABLED
      self.errors.add(field, "cannot have public visibility level") if not_allowed
    end

    (FEATURES - %i(pages)).each {|f| validator.call("#{f}_access_level")}
  end

  def get_permission(user, feature)
    case access_level(feature)
    when DISABLED
      false
    when PRIVATE
      team_access?(user, feature)
    when ENABLED
      true
    when PUBLIC
      true
    else
      true
    end
  end

  def team_access?(user, feature)
    return unless user
    return true if user.can_read_all_resources?

    project.team.member?(user, ProjectFeature.required_minimum_access_level(feature))
  end
end

ProjectFeature.prepend_if_ee('EE::ProjectFeature')
Enable frozen string in app/models/*.rb Partially addresses #47424. 2018-07-25 05:30:33 -04:00			`# frozen_string_literal: true`

Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 09:17:42 -04:00			`class ProjectFeature < ApplicationRecord`
Add latest changes from gitlab-org/gitlab@master 2020-05-26 05:08:06 -04:00			`include Featurable`
Project tools visibility level 2016-08-01 18:31:21 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-04-21 11:21:10 -04:00			`FEATURES = %i(issues forking merge_requests wiki snippets builds repository pages metrics_dashboard).freeze`
Add latest changes from gitlab-org/gitlab@master 2020-05-26 05:08:06 -04:00
			`set_available_features(FEATURES)`

Add latest changes from gitlab-org/gitlab@master 2020-04-30 05:09:39 -04:00			`PRIVATE_FEATURES_MIN_ACCESS_LEVEL = { merge_requests: Gitlab::Access::REPORTER, metrics_dashboard: Gitlab::Access::REPORTER }.freeze`
Internalize private project minimum access level Some feature allows GUEST to access only if project is not private. This method returns access level when targeting private projects. 2019-11-13 21:50:19 -05:00			`PRIVATE_FEATURES_MIN_ACCESS_LEVEL_FOR_PRIVATE_PROJECT = { repository: Gitlab::Access::REPORTER }.freeze`
Project tools visibility level 2016-08-01 18:31:21 -04:00
Merge branch '22481-honour-issue-visibility-for-groups' into 'security' Honour issue and merge request visibility in their respective finders This MR fixes a security issue with the IssuesFinder and MergeRequestFinder where they would return items the user did not have permission to see. This was most visible on the issue and merge requests page for a group containing projects that had set their issues or merge requests to "private". Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22481 See merge request !2000 2016-10-26 13:34:06 -04:00			`class << self`
Internalize private project minimum access level Some feature allows GUEST to access only if project is not private. This method returns access level when targeting private projects. 2019-11-13 21:50:19 -05:00			`def required_minimum_access_level(feature)`
Fix scope to handle private guest permission Guest are blocked to certain feature when project is private, therefore the scope would filter additionally with REPORTER level. 2019-10-22 09:05:33 -04:00			`feature = ensure_feature!(feature)`

Internalize private project minimum access level Some feature allows GUEST to access only if project is not private. This method returns access level when targeting private projects. 2019-11-13 21:50:19 -05:00			`PRIVATE_FEATURES_MIN_ACCESS_LEVEL.fetch(feature, Gitlab::Access::GUEST)`
Fix scope to handle private guest permission Guest are blocked to certain feature when project is private, therefore the scope would filter additionally with REPORTER level. 2019-10-22 09:05:33 -04:00			`end`

Internalize private project minimum access level Some feature allows GUEST to access only if project is not private. This method returns access level when targeting private projects. 2019-11-13 21:50:19 -05:00			`# Guest users can perform certain features on public and internal projects, but not private projects.`
			`def required_minimum_access_level_for_private_project(feature)`
Group Guests are no longer able to see merge requests Group guests will only be displayed merge requests to projects they have a access level to, higher than Reporter. Visible projects will still display the merge requests to Guests 2018-12-11 09:52:22 -05:00			`feature = ensure_feature!(feature)`

Internalize private project minimum access level Some feature allows GUEST to access only if project is not private. This method returns access level when targeting private projects. 2019-11-13 21:50:19 -05:00			`PRIVATE_FEATURES_MIN_ACCESS_LEVEL_FOR_PRIVATE_PROJECT.fetch(feature) do`
			`required_minimum_access_level(feature)`
			`end`
Group Guests are no longer able to see merge requests Group guests will only be displayed merge requests to projects they have a access level to, higher than Reporter. Visible projects will still display the merge requests to Guests 2018-12-11 09:52:22 -05:00			`end`
Merge branch '22481-honour-issue-visibility-for-groups' into 'security' Honour issue and merge request visibility in their respective finders This MR fixes a security issue with the IssuesFinder and MergeRequestFinder where they would return items the user did not have permission to see. This was most visible on the issue and merge requests page for a group containing projects that had set their issues or merge requests to "private". Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22481 See merge request !2000 2016-10-26 13:34:06 -04:00			`end`

Fix project deletion when feature visibility is set to private Projects that are destroyed are put in the pending_delete state. The ProjectDestroyWorker checks whether the current user has access, but since the ProjectFeature class uses the default scope of the Project, it will not be able to find the right project. This was a regression in 8.12 that caused the following stack trace: ``` NoMethodError: undefined method `team' for nil:NilClass from app/models/project_feature.rb:62:in `get_permission' from app/models/project_feature.rb:34:in `feature_available?' from app/models/project.rb:21:in `feature_available?' from app/policies/project_policy.rb:170:in `disabled_features!' from app/policies/project_policy.rb:29:in `rules' from app/policies/base_policy.rb:82:in `block in abilities' from app/policies/base_policy.rb:113:in `collect_rules' from app/policies/base_policy.rb:82:in `abilities' from app/policies/base_policy.rb:50:in `abilities' from app/models/ability.rb:64:in `uncached_allowed' from app/models/ability.rb:58:in `allowed' from app/models/ability.rb:49:in `allowed?' from app/services/base_service.rb:11:in `can?' from lib/gitlab/metrics/instrumentation.rb:155:in `block in can?' from lib/gitlab/metrics/method_call.rb:23:in `measure' from lib/gitlab/metrics/instrumentation.rb:155:in `can?' from app/services/projects/destroy_service.rb:18:in `execute' ``` Closes #22948 2016-10-04 23:53:15 -04:00			`# Default scopes force us to unscope here since a service may need to check`
			`# permissions for a project in pending_delete`
			`# http://stackoverflow.com/questions/1540645/how-to-disable-default-scope-for-a-belongs-to`
			`belongs_to :project, -> { unscope(where: :pending_delete) }`
Project tools visibility level 2016-08-01 18:31:21 -04:00
Fix project feature being deleted when updating project with invalid visibility level 2017-09-12 17:07:11 -04:00			`validates :project, presence: true`

Add visibility level to project repository 2016-09-16 15:15:39 -04:00			`validate :repository_children_level`
Make GitLab pages support access control 2018-10-05 09:41:11 -04:00			`validate :allowed_access_levels`
Add visibility level to project repository 2016-09-16 15:15:39 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-04-21 11:21:10 -04:00			`default_value_for :builds_access_level, value: ENABLED, allows_nil: false`
			`default_value_for :issues_access_level, value: ENABLED, allows_nil: false`
			`default_value_for :forking_access_level, value: ENABLED, allows_nil: false`
			`default_value_for :merge_requests_access_level, value: ENABLED, allows_nil: false`
			`default_value_for :snippets_access_level, value: ENABLED, allows_nil: false`
			`default_value_for :wiki_access_level, value: ENABLED, allows_nil: false`
			`default_value_for :repository_access_level, value: ENABLED, allows_nil: false`
			`default_value_for :metrics_dashboard_access_level, value: PRIVATE, allows_nil: false`
Add default values for ProjectFeature Closes gitlab-org/gitlab-ce#22330 2016-09-21 06:10:27 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-01-14 13:08:31 -05:00			`default_value_for(:pages_access_level, allows_nil: false) do \|feature\|`
			`if ::Gitlab::Pages.access_control_is_forced?`
			`PRIVATE`
			`else`
			`feature.project&.public? ? ENABLED : PRIVATE`
			`end`
			`end`
Fix wrong pages access level default - Set access level in before_validation hook - Add post migration for updating existing project_features 2019-07-17 08:56:58 -04:00
Make GitLab pages support access control 2018-10-05 09:41:11 -04:00			`def public_pages?`
			`return true unless Gitlab.config.pages.access_control`

Add latest changes from gitlab-org/gitlab@master 2020-01-14 13:08:31 -05:00			`return false if ::Gitlab::Pages.access_control_is_forced?`

Make GitLab pages support access control 2018-10-05 09:41:11 -04:00			`pages_access_level == PUBLIC \|\| pages_access_level == ENABLED && project.public?`
			`end`

Add support for custom domains to the internal Pages API Update the `/internal/pages` endpoint to return virtual domain configuration for custom domains. 2019-09-06 01:20:05 -04:00			`def private_pages?`
			`!public_pages?`
			`end`

Project tools visibility level 2016-08-01 18:31:21 -04:00			`private`

Add visibility level to project repository 2016-09-16 15:15:39 -04:00			`# Validates builds and merge requests access level`
			`# which cannot be higher than repository access level`
			`def repository_children_level`
			`validator = lambda do \|field\|`
Add latest changes from gitlab-org/gitlab@master 2020-05-26 05:08:06 -04:00			`level = public_send(field) \|\| ENABLED # rubocop:disable GitlabSecurity/PublicSend`
Add visibility level to project repository 2016-09-16 15:15:39 -04:00			`not_allowed = level > repository_access_level`
			`self.errors.add(field, "cannot have higher visibility level than repository access level") if not_allowed`
			`end`

			`%i(merge_requests_access_level builds_access_level).each(&validator)`
			`end`

Make GitLab pages support access control 2018-10-05 09:41:11 -04:00			`# Validates access level for other than pages cannot be PUBLIC`
			`def allowed_access_levels`
			`validator = lambda do \|field\|`
Add latest changes from gitlab-org/gitlab@master 2020-05-26 05:08:06 -04:00			`level = public_send(field) \|\| ENABLED # rubocop:disable GitlabSecurity/PublicSend`
			`not_allowed = level > ENABLED`
Make GitLab pages support access control 2018-10-05 09:41:11 -04:00			`self.errors.add(field, "cannot have public visibility level") if not_allowed`
			`end`

			`(FEATURES - %i(pages)).each {\|f\| validator.call("#{f}_access_level")}`
			`end`

Display the correct number of MRs a user has access to 2019-03-05 10:15:22 -05:00			`def get_permission(user, feature)`
			`case access_level(feature)`
Project tools visibility level 2016-08-01 18:31:21 -04:00			`when DISABLED`
			`false`
			`when PRIVATE`
Display the correct number of MRs a user has access to 2019-03-05 10:15:22 -05:00			`team_access?(user, feature)`
Project tools visibility level 2016-08-01 18:31:21 -04:00			`when ENABLED`
			`true`
Make GitLab pages support access control 2018-10-05 09:41:11 -04:00			`when PUBLIC`
			`true`
Project tools visibility level 2016-08-01 18:31:21 -04:00			`else`
			`true`
			`end`
			`end`
Display the correct number of MRs a user has access to 2019-03-05 10:15:22 -05:00
			`def team_access?(user, feature)`
			`return unless user`
Add latest changes from gitlab-org/gitlab@master 2019-12-17 04:07:48 -05:00			`return true if user.can_read_all_resources?`
Display the correct number of MRs a user has access to 2019-03-05 10:15:22 -05:00
			`project.team.member?(user, ProjectFeature.required_minimum_access_level(feature))`
			`end`
Project tools visibility level 2016-08-01 18:31:21 -04:00			`end`
Add latest changes from gitlab-org/gitlab@master 2019-09-13 09:26:31 -04:00
			`ProjectFeature.prepend_if_ee('EE::ProjectFeature')`