gitlab-org--gitlab-foss/app/models/project_feature.rb

# frozen_string_literal: true

class ProjectFeature < ApplicationRecord
  # == Project features permissions
  #
  # Grants access level to project tools
  #
  # Tools can be enabled only for users, everyone or disabled
  # Access control is made only for non private projects
  #
  # levels:
  #
  # Disabled: not enabled for anyone
  # Private:  enabled only for team members
  # Enabled:  enabled for everyone able to access the project
  # Public:   enabled for everyone (only allowed for pages)
  #

  # Permission levels
  DISABLED = 0
  PRIVATE  = 10
  ENABLED  = 20
  PUBLIC   = 30

  FEATURES = %i(issues merge_requests wiki snippets builds repository pages).freeze
  PRIVATE_FEATURES_MIN_ACCESS_LEVEL = { merge_requests: Gitlab::Access::REPORTER }.freeze
  STRING_OPTIONS = HashWithIndifferentAccess.new({
    'disabled' => DISABLED,
    'private'  => PRIVATE,
    'enabled'  => ENABLED,
    'public'   => PUBLIC
  }).freeze

  class << self
    def access_level_attribute(feature)
      feature = ensure_feature!(feature)

      "#{feature}_access_level".to_sym
    end

    def quoted_access_level_column(feature)
      attribute = connection.quote_column_name(access_level_attribute(feature))
      table = connection.quote_table_name(table_name)

      "#{table}.#{attribute}"
    end

    def required_minimum_access_level(feature)
      feature = ensure_feature!(feature)

      PRIVATE_FEATURES_MIN_ACCESS_LEVEL.fetch(feature, Gitlab::Access::GUEST)
    end

    def access_level_from_str(level)
      STRING_OPTIONS.fetch(level)
    end

    def str_from_access_level(level)
      STRING_OPTIONS.key(level)
    end

    private

    def ensure_feature!(feature)
      feature = feature.model_name.plural.to_sym if feature.respond_to?(:model_name)
      raise ArgumentError, "invalid project feature: #{feature}" unless FEATURES.include?(feature)

      feature
    end
  end

  # Default scopes force us to unscope here since a service may need to check
  # permissions for a project in pending_delete
  # http://stackoverflow.com/questions/1540645/how-to-disable-default-scope-for-a-belongs-to
  belongs_to :project, -> { unscope(where: :pending_delete) }

  validates :project, presence: true

  validate :repository_children_level
  validate :allowed_access_levels

  default_value_for :builds_access_level,         value: ENABLED, allows_nil: false
  default_value_for :issues_access_level,         value: ENABLED, allows_nil: false
  default_value_for :merge_requests_access_level, value: ENABLED, allows_nil: false
  default_value_for :snippets_access_level,       value: ENABLED, allows_nil: false
  default_value_for :wiki_access_level,           value: ENABLED, allows_nil: false
  default_value_for :repository_access_level,     value: ENABLED, allows_nil: false

  default_value_for(:pages_access_level, allows_nil: false) { |feature| feature.project&.public? ? ENABLED : PRIVATE }

  def feature_available?(feature, user)
    # This feature might not be behind a feature flag at all, so default to true
    return false unless ::Feature.enabled?(feature, user, default_enabled: true)

    get_permission(user, feature)
  end

  def access_level(feature)
    public_send(ProjectFeature.access_level_attribute(feature)) # rubocop:disable GitlabSecurity/PublicSend
  end

  def string_access_level(feature)
    ProjectFeature.str_from_access_level(access_level(feature))
  end

  def builds_enabled?
    builds_access_level > DISABLED
  end

  def wiki_enabled?
    wiki_access_level > DISABLED
  end

  def merge_requests_enabled?
    merge_requests_access_level > DISABLED
  end

  def issues_enabled?
    issues_access_level > DISABLED
  end

  def pages_enabled?
    pages_access_level > DISABLED
  end

  def public_pages?
    return true unless Gitlab.config.pages.access_control

    pages_access_level == PUBLIC || pages_access_level == ENABLED && project.public?
  end

  private

  # Validates builds and merge requests access level
  # which cannot be higher than repository access level
  def repository_children_level
    validator = lambda do |field|
      level = public_send(field) || ProjectFeature::ENABLED # rubocop:disable GitlabSecurity/PublicSend
      not_allowed = level > repository_access_level
      self.errors.add(field, "cannot have higher visibility level than repository access level") if not_allowed
    end

    %i(merge_requests_access_level builds_access_level).each(&validator)
  end

  # Validates access level for other than pages cannot be PUBLIC
  def allowed_access_levels
    validator = lambda do |field|
      level = public_send(field) || ProjectFeature::ENABLED # rubocop:disable GitlabSecurity/PublicSend
      not_allowed = level > ProjectFeature::ENABLED
      self.errors.add(field, "cannot have public visibility level") if not_allowed
    end

    (FEATURES - %i(pages)).each {|f| validator.call("#{f}_access_level")}
  end

  def get_permission(user, feature)
    case access_level(feature)
    when DISABLED
      false
    when PRIVATE
      team_access?(user, feature)
    when ENABLED
      true
    when PUBLIC
      true
    else
      true
    end
  end

  def team_access?(user, feature)
    return unless user
    return true if user.full_private_access?

    project.team.member?(user, ProjectFeature.required_minimum_access_level(feature))
  end
end
Enable frozen string in app/models/*.rb Partially addresses #47424. 2018-07-25 05:30:33 -04:00			`# frozen_string_literal: true`

Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 09:17:42 -04:00			`class ProjectFeature < ApplicationRecord`
Project tools visibility level 2016-08-01 18:31:21 -04:00			`# == Project features permissions`
			`#`
			`# Grants access level to project tools`
			`#`
			`# Tools can be enabled only for users, everyone or disabled`
			`# Access control is made only for non private projects`
			`#`
			`# levels:`
			`#`
			`# Disabled: not enabled for anyone`
			`# Private: enabled only for team members`
			`# Enabled: enabled for everyone able to access the project`
Make GitLab pages support access control 2018-10-05 09:41:11 -04:00			`# Public: enabled for everyone (only allowed for pages)`
Project tools visibility level 2016-08-01 18:31:21 -04:00			`#`

Add visibility level to project repository 2016-09-16 15:15:39 -04:00			`# Permission levels`
Project tools visibility level 2016-08-01 18:31:21 -04:00			`DISABLED = 0`
			`PRIVATE = 10`
			`ENABLED = 20`
Make GitLab pages support access control 2018-10-05 09:41:11 -04:00			`PUBLIC = 30`
Project tools visibility level 2016-08-01 18:31:21 -04:00
Make GitLab pages support access control 2018-10-05 09:41:11 -04:00			`FEATURES = %i(issues merge_requests wiki snippets builds repository pages).freeze`
Group Guests are no longer able to see merge requests Group guests will only be displayed merge requests to projects they have a access level to, higher than Reporter. Visible projects will still display the merge requests to Guests 2018-12-11 09:52:22 -05:00			`PRIVATE_FEATURES_MIN_ACCESS_LEVEL = { merge_requests: Gitlab::Access::REPORTER }.freeze`
Add *_access_level to project API - issues_access_level - repository_access_level - merge_requests_access_level - builds_access_level - wiki_access_level - snippets_access_level 2019-05-15 07:19:16 -04:00			`STRING_OPTIONS = HashWithIndifferentAccess.new({`
			`'disabled' => DISABLED,`
			`'private' => PRIVATE,`
			`'enabled' => ENABLED,`
			`'public' => PUBLIC`
			`}).freeze`
Project tools visibility level 2016-08-01 18:31:21 -04:00
Merge branch '22481-honour-issue-visibility-for-groups' into 'security' Honour issue and merge request visibility in their respective finders This MR fixes a security issue with the IssuesFinder and MergeRequestFinder where they would return items the user did not have permission to see. This was most visible on the issue and merge requests page for a group containing projects that had set their issues or merge requests to "private". Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22481 See merge request !2000 2016-10-26 13:34:06 -04:00			`class << self`
			`def access_level_attribute(feature)`
Group Guests are no longer able to see merge requests Group guests will only be displayed merge requests to projects they have a access level to, higher than Reporter. Visible projects will still display the merge requests to Guests 2018-12-11 09:52:22 -05:00			`feature = ensure_feature!(feature)`
Merge branch '22481-honour-issue-visibility-for-groups' into 'security' Honour issue and merge request visibility in their respective finders This MR fixes a security issue with the IssuesFinder and MergeRequestFinder where they would return items the user did not have permission to see. This was most visible on the issue and merge requests page for a group containing projects that had set their issues or merge requests to "private". Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22481 See merge request !2000 2016-10-26 13:34:06 -04:00
			`"#{feature}_access_level".to_sym`
			`end`
Refactor Project.with_feature_available_for_user This method used to use a UNION, which would lead to it performing the same query twice; producing less than ideal performance. Further, in certain cases ActiveRecord could get confused and mess up the variable bindings, though it's not clear how/why exactly this happens. Fortunately we can work around all of this by building some of the WHERE conditions manually, allowing us to use a simple OR statement to get all the data we want without any of the above problems. 2017-06-14 08:31:20 -04:00
			`def quoted_access_level_column(feature)`
			`attribute = connection.quote_column_name(access_level_attribute(feature))`
			`table = connection.quote_table_name(table_name)`

			`"#{table}.#{attribute}"`
			`end`
Group Guests are no longer able to see merge requests Group guests will only be displayed merge requests to projects they have a access level to, higher than Reporter. Visible projects will still display the merge requests to Guests 2018-12-11 09:52:22 -05:00
			`def required_minimum_access_level(feature)`
			`feature = ensure_feature!(feature)`

			`PRIVATE_FEATURES_MIN_ACCESS_LEVEL.fetch(feature, Gitlab::Access::GUEST)`
			`end`

Add *_access_level to project API - issues_access_level - repository_access_level - merge_requests_access_level - builds_access_level - wiki_access_level - snippets_access_level 2019-05-15 07:19:16 -04:00			`def access_level_from_str(level)`
			`STRING_OPTIONS.fetch(level)`
			`end`

			`def str_from_access_level(level)`
			`STRING_OPTIONS.key(level)`
			`end`

Group Guests are no longer able to see merge requests Group guests will only be displayed merge requests to projects they have a access level to, higher than Reporter. Visible projects will still display the merge requests to Guests 2018-12-11 09:52:22 -05:00			`private`

			`def ensure_feature!(feature)`
			`feature = feature.model_name.plural.to_sym if feature.respond_to?(:model_name)`
			`raise ArgumentError, "invalid project feature: #{feature}" unless FEATURES.include?(feature)`

			`feature`
			`end`
Merge branch '22481-honour-issue-visibility-for-groups' into 'security' Honour issue and merge request visibility in their respective finders This MR fixes a security issue with the IssuesFinder and MergeRequestFinder where they would return items the user did not have permission to see. This was most visible on the issue and merge requests page for a group containing projects that had set their issues or merge requests to "private". Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22481 See merge request !2000 2016-10-26 13:34:06 -04:00			`end`

Fix project deletion when feature visibility is set to private Projects that are destroyed are put in the pending_delete state. The ProjectDestroyWorker checks whether the current user has access, but since the ProjectFeature class uses the default scope of the Project, it will not be able to find the right project. This was a regression in 8.12 that caused the following stack trace: ``` NoMethodError: undefined method `team' for nil:NilClass from app/models/project_feature.rb:62:in `get_permission' from app/models/project_feature.rb:34:in `feature_available?' from app/models/project.rb:21:in `feature_available?' from app/policies/project_policy.rb:170:in `disabled_features!' from app/policies/project_policy.rb:29:in `rules' from app/policies/base_policy.rb:82:in `block in abilities' from app/policies/base_policy.rb:113:in `collect_rules' from app/policies/base_policy.rb:82:in `abilities' from app/policies/base_policy.rb:50:in `abilities' from app/models/ability.rb:64:in `uncached_allowed' from app/models/ability.rb:58:in `allowed' from app/models/ability.rb:49:in `allowed?' from app/services/base_service.rb:11:in `can?' from lib/gitlab/metrics/instrumentation.rb:155:in `block in can?' from lib/gitlab/metrics/method_call.rb:23:in `measure' from lib/gitlab/metrics/instrumentation.rb:155:in `can?' from app/services/projects/destroy_service.rb:18:in `execute' ``` Closes #22948 2016-10-04 23:53:15 -04:00			`# Default scopes force us to unscope here since a service may need to check`
			`# permissions for a project in pending_delete`
			`# http://stackoverflow.com/questions/1540645/how-to-disable-default-scope-for-a-belongs-to`
			`belongs_to :project, -> { unscope(where: :pending_delete) }`
Project tools visibility level 2016-08-01 18:31:21 -04:00
Fix project feature being deleted when updating project with invalid visibility level 2017-09-12 17:07:11 -04:00			`validates :project, presence: true`

Add visibility level to project repository 2016-09-16 15:15:39 -04:00			`validate :repository_children_level`
Make GitLab pages support access control 2018-10-05 09:41:11 -04:00			`validate :allowed_access_levels`
Add visibility level to project repository 2016-09-16 15:15:39 -04:00
Add default values for ProjectFeature Closes gitlab-org/gitlab-ce#22330 2016-09-21 06:10:27 -04:00			`default_value_for :builds_access_level, value: ENABLED, allows_nil: false`
			`default_value_for :issues_access_level, value: ENABLED, allows_nil: false`
			`default_value_for :merge_requests_access_level, value: ENABLED, allows_nil: false`
			`default_value_for :snippets_access_level, value: ENABLED, allows_nil: false`
			`default_value_for :wiki_access_level, value: ENABLED, allows_nil: false`
Add visibility level to project repository 2016-09-16 15:15:39 -04:00			`default_value_for :repository_access_level, value: ENABLED, allows_nil: false`
Add default values for ProjectFeature Closes gitlab-org/gitlab-ce#22330 2016-09-21 06:10:27 -04:00
Fix wrong pages access level default - Set access level in before_validation hook - Add post migration for updating existing project_features 2019-07-17 08:56:58 -04:00			`default_value_for(:pages_access_level, allows_nil: false) { \|feature\| feature.project&.public? ? ENABLED : PRIVATE }`

Project tools visibility level 2016-08-01 18:31:21 -04:00			`def feature_available?(feature, user)`
Add ProjectFeature check for feature flag This will allow an explicitly-disabled feature flag to override a feature being available for a project. As an extreme example, we could quickly disable issues across all projects at runtime by running `Feature.disable(:issues)`. 2018-09-21 16:43:24 -04:00			`# This feature might not be behind a feature flag at all, so default to true`
			`return false unless ::Feature.enabled?(feature, user, default_enabled: true)`

Display the correct number of MRs a user has access to 2019-03-05 10:15:22 -05:00			`get_permission(user, feature)`
convert all the policies to DeclarativePolicy 2017-04-06 17:06:42 -04:00			`end`

			`def access_level(feature)`
Re-enable SqlInjection and CommandInjection 2017-08-03 22:20:34 -04:00			`public_send(ProjectFeature.access_level_attribute(feature)) # rubocop:disable GitlabSecurity/PublicSend`
Project tools visibility level 2016-08-01 18:31:21 -04:00			`end`

Add *_access_level to project API - issues_access_level - repository_access_level - merge_requests_access_level - builds_access_level - wiki_access_level - snippets_access_level 2019-05-15 07:19:16 -04:00			`def string_access_level(feature)`
			`ProjectFeature.str_from_access_level(access_level(feature))`
			`end`

Project tools visibility level 2016-08-01 18:31:21 -04:00			`def builds_enabled?`
			`builds_access_level > DISABLED`
			`end`

			`def wiki_enabled?`
			`wiki_access_level > DISABLED`
			`end`

			`def merge_requests_enabled?`
			`merge_requests_access_level > DISABLED`
			`end`

issue and mergerequest slash command for mattermost This commit includes a couple of thing: - A chatops controller - Mattermost::CommandService - Mattermost::Commands::(IssueService\|MergeRequestService) The controller is the point where mattermost, and later slack will have to fire their payload to. This in turn will execute the CommandService. Thats where the authentication and authorization should happen. So far this is not yet implemented. This should happen in later commits. Per subcommand, in case of `/gitlab issue show 123` issue whould be the subcommand, there is a service to parse the data, and fetch the resource. The resource is passed back to the CommandService which structures the data. 2016-11-12 05:17:24 -05:00			`def issues_enabled?`
			`issues_access_level > DISABLED`
			`end`

Make GitLab pages support access control 2018-10-05 09:41:11 -04:00			`def pages_enabled?`
			`pages_access_level > DISABLED`
			`end`

			`def public_pages?`
			`return true unless Gitlab.config.pages.access_control`

			`pages_access_level == PUBLIC \|\| pages_access_level == ENABLED && project.public?`
			`end`

Project tools visibility level 2016-08-01 18:31:21 -04:00			`private`

Add visibility level to project repository 2016-09-16 15:15:39 -04:00			`# Validates builds and merge requests access level`
			`# which cannot be higher than repository access level`
			`def repository_children_level`
			`validator = lambda do \|field\|`
Re-enable SqlInjection and CommandInjection 2017-08-03 22:20:34 -04:00			`level = public_send(field) \|\| ProjectFeature::ENABLED # rubocop:disable GitlabSecurity/PublicSend`
Add visibility level to project repository 2016-09-16 15:15:39 -04:00			`not_allowed = level > repository_access_level`
			`self.errors.add(field, "cannot have higher visibility level than repository access level") if not_allowed`
			`end`

			`%i(merge_requests_access_level builds_access_level).each(&validator)`
			`end`

Make GitLab pages support access control 2018-10-05 09:41:11 -04:00			`# Validates access level for other than pages cannot be PUBLIC`
			`def allowed_access_levels`
			`validator = lambda do \|field\|`
			`level = public_send(field) \|\| ProjectFeature::ENABLED # rubocop:disable GitlabSecurity/PublicSend`
			`not_allowed = level > ProjectFeature::ENABLED`
			`self.errors.add(field, "cannot have public visibility level") if not_allowed`
			`end`

			`(FEATURES - %i(pages)).each {\|f\| validator.call("#{f}_access_level")}`
			`end`

Display the correct number of MRs a user has access to 2019-03-05 10:15:22 -05:00			`def get_permission(user, feature)`
			`case access_level(feature)`
Project tools visibility level 2016-08-01 18:31:21 -04:00			`when DISABLED`
			`false`
			`when PRIVATE`
Display the correct number of MRs a user has access to 2019-03-05 10:15:22 -05:00			`team_access?(user, feature)`
Project tools visibility level 2016-08-01 18:31:21 -04:00			`when ENABLED`
			`true`
Make GitLab pages support access control 2018-10-05 09:41:11 -04:00			`when PUBLIC`
			`true`
Project tools visibility level 2016-08-01 18:31:21 -04:00			`else`
			`true`
			`end`
			`end`
Display the correct number of MRs a user has access to 2019-03-05 10:15:22 -05:00
			`def team_access?(user, feature)`
			`return unless user`
			`return true if user.full_private_access?`

			`project.team.member?(user, ProjectFeature.required_minimum_access_level(feature))`
			`end`
Project tools visibility level 2016-08-01 18:31:21 -04:00			`end`