2017-04-03 21:59:37 -04:00
|
|
|
module ProtectedRefAccess
|
|
|
|
extend ActiveSupport::Concern
|
2017-03-15 18:29:07 -04:00
|
|
|
|
2017-11-24 07:41:36 -05:00
|
|
|
ALLOWED_ACCESS_LEVELS = [
|
|
|
|
Gitlab::Access::MASTER,
|
|
|
|
Gitlab::Access::DEVELOPER,
|
|
|
|
Gitlab::Access::NO_ACCESS
|
|
|
|
].freeze
|
|
|
|
|
2017-11-24 07:43:02 -05:00
|
|
|
HUMAN_ACCESS_LEVELS = {
|
|
|
|
Gitlab::Access::MASTER => "Masters".freeze,
|
|
|
|
Gitlab::Access::DEVELOPER => "Developers + Masters".freeze,
|
|
|
|
Gitlab::Access::NO_ACCESS => "No one".freeze
|
|
|
|
}.freeze
|
|
|
|
|
2017-04-03 21:59:37 -04:00
|
|
|
included do
|
|
|
|
scope :master, -> { where(access_level: Gitlab::Access::MASTER) }
|
|
|
|
scope :developer, -> { where(access_level: Gitlab::Access::DEVELOPER) }
|
2017-11-24 07:41:36 -05:00
|
|
|
|
|
|
|
validates :access_level, presence: true, if: :role?, inclusion: {
|
|
|
|
in: ALLOWED_ACCESS_LEVELS
|
|
|
|
}
|
2017-04-03 21:59:37 -04:00
|
|
|
end
|
2017-03-15 18:29:07 -04:00
|
|
|
|
2017-04-03 21:59:37 -04:00
|
|
|
def humanize
|
2017-11-24 07:43:02 -05:00
|
|
|
HUMAN_ACCESS_LEVELS[self.access_level]
|
2017-04-03 21:59:37 -04:00
|
|
|
end
|
2017-03-15 18:29:07 -04:00
|
|
|
|
2017-11-24 07:41:36 -05:00
|
|
|
# CE access levels are always role-based,
|
|
|
|
# where as EE allows groups and users too
|
|
|
|
def role?
|
|
|
|
true
|
|
|
|
end
|
|
|
|
|
2017-04-03 21:59:37 -04:00
|
|
|
def check_access(user)
|
2017-04-06 20:14:10 -04:00
|
|
|
return true if user.admin?
|
2017-03-15 18:29:07 -04:00
|
|
|
|
2017-04-03 21:59:37 -04:00
|
|
|
project.team.max_member_access(user.id) >= access_level
|
|
|
|
end
|
|
|
|
end
|