2018-08-10 02:45:01 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2019-03-28 09:17:42 -04:00
|
|
|
class ProtectedBranch::PushAccessLevel < ApplicationRecord
|
2016-08-16 01:09:13 -04:00
|
|
|
include ProtectedBranchAccess
|
2022-10-13 05:37:59 -04:00
|
|
|
# default value for the access_level column
|
|
|
|
GITLAB_DEFAULT_ACCESS_LEVEL = Gitlab::Access::MAINTAINER
|
2020-11-13 10:09:24 -05:00
|
|
|
|
|
|
|
belongs_to :deploy_key
|
|
|
|
|
|
|
|
validates :access_level, uniqueness: { scope: :protected_branch_id, if: :role?,
|
|
|
|
conditions: -> { where(user_id: nil, group_id: nil, deploy_key_id: nil) } }
|
|
|
|
validates :deploy_key_id, uniqueness: { scope: :protected_branch_id, allow_nil: true }
|
|
|
|
validate :validate_deploy_key_membership
|
|
|
|
|
|
|
|
def type
|
|
|
|
if self.deploy_key.present?
|
|
|
|
:deploy_key
|
|
|
|
else
|
|
|
|
super
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-12-02 13:09:35 -05:00
|
|
|
def check_access(user)
|
2021-02-16 04:09:36 -05:00
|
|
|
if user && deploy_key.present?
|
2021-07-01 17:08:38 -04:00
|
|
|
return user.can?(:read_project, project) && enabled_deploy_key_for_user?(deploy_key, user)
|
2020-12-02 13:09:35 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
super
|
|
|
|
end
|
|
|
|
|
2020-11-13 10:09:24 -05:00
|
|
|
private
|
|
|
|
|
|
|
|
def validate_deploy_key_membership
|
|
|
|
return unless deploy_key
|
|
|
|
|
|
|
|
unless project.deploy_keys_projects.where(deploy_key: deploy_key).exists?
|
|
|
|
self.errors.add(:deploy_key, 'is not enabled for this project')
|
|
|
|
end
|
|
|
|
end
|
2020-12-02 13:09:35 -05:00
|
|
|
|
|
|
|
def enabled_deploy_key_for_user?(deploy_key, user)
|
2020-12-07 13:10:36 -05:00
|
|
|
deploy_key.user_id == user.id && DeployKey.with_write_access_for_project(protected_branch.project, deploy_key: deploy_key).any?
|
2020-12-02 13:09:35 -05:00
|
|
|
end
|
2016-07-05 03:40:42 -04:00
|
|
|
end
|