gitlab-org--gitlab-foss/lib/gitlab/access.rb

# frozen_string_literal: true

# Gitlab::Access module
#
# Define allowed roles that can be used
# in GitLab code to determine authorization level
#
module Gitlab
  module Access
    AccessDeniedError = Class.new(StandardError)

    NO_ACCESS  = 0
    GUEST      = 10
    REPORTER   = 20
    DEVELOPER  = 30
    MAINTAINER = 40
    # @deprecated
    MASTER     = MAINTAINER
    OWNER      = 50

    # Branch protection settings
    PROTECTION_NONE          = 0
    PROTECTION_DEV_CAN_PUSH  = 1
    PROTECTION_FULL          = 2
    PROTECTION_DEV_CAN_MERGE = 3

    # Default project creation level
    NO_ONE_PROJECT_ACCESS = 0
    MAINTAINER_PROJECT_ACCESS = 1
    DEVELOPER_MAINTAINER_PROJECT_ACCESS = 2

    class << self
      delegate :values, to: :options

      def all_values
        options_with_owner.values
      end

      def options
        {
          "Guest"      => GUEST,
          "Reporter"   => REPORTER,
          "Developer"  => DEVELOPER,
          "Maintainer" => MAINTAINER
        }
      end

      def options_with_owner
        options.merge(
          "Owner" => OWNER
        )
      end

      def options_with_none
        options_with_owner.merge(
          "None" => NO_ACCESS
        )
      end

      def sym_options
        {
          guest:      GUEST,
          reporter:   REPORTER,
          developer:  DEVELOPER,
          maintainer: MAINTAINER
        }
      end

      def sym_options_with_owner
        sym_options.merge(owner: OWNER)
      end

      def protection_options
        {
          "Not protected: Both developers and maintainers can push new commits, force push, or delete the branch." => PROTECTION_NONE,
          "Protected against pushes: Developers cannot push new commits, but are allowed to accept merge requests to the branch. Maintainers can push to the branch." => PROTECTION_DEV_CAN_MERGE,
          "Partially protected: Both developers and maintainers can push new commits, but cannot force push or delete the branch." => PROTECTION_DEV_CAN_PUSH,
          "Fully protected: Developers cannot push new commits, but maintainers can. No-one can force push or delete the branch." => PROTECTION_FULL
        }
      end

      def protection_values
        protection_options.values
      end

      def human_access(access)
        options_with_owner.key(access)
      end

      def human_access_with_none(access)
        options_with_none.key(access)
      end

      def project_creation_options
        {
          s_('ProjectCreationLevel|No one') => NO_ONE_PROJECT_ACCESS,
          s_('ProjectCreationLevel|Maintainers') => MAINTAINER_PROJECT_ACCESS,
          s_('ProjectCreationLevel|Developers + Maintainers') => DEVELOPER_MAINTAINER_PROJECT_ACCESS
        }
      end

      def project_creation_values
        project_creation_options.values
      end

      def project_creation_level_name(name)
        project_creation_options.key(name)
      end
    end

    def human_access
      Gitlab::Access.human_access(access_field)
    end

    def human_access_with_none
      Gitlab::Access.human_access_with_none(access_field)
    end

    def owner?
      access_field == OWNER
    end
  end
end
Enable frozen string for lib/gitlab/*.rb 2018-10-22 03:00:50 -04:00			`# frozen_string_literal: true`

Added Gitlab::Access module 2013-08-20 08:59:26 -04:00			`# Gitlab::Access module`
			`#`
			`# Define allowed roles that can be used`
			`# in GitLab code to determine authorization level`
			`#`
			`module Gitlab`
			`module Access`
Enable and autocorrect the CustomErrorClass cop 2017-03-01 06:00:37 -05:00			`AccessDeniedError = Class.new(StandardError)`
Raise a new Gitlab::Access::AccessDeniedError when permission is not enough to destroy a member This is a try for a new approach to put the access checks at the service level. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 12:59:33 -04:00
Resolve "Rename the `Master` role to `Maintainer`" Backend 2018-07-11 10:36:08 -04:00			`NO_ACCESS = 0`
			`GUEST = 10`
			`REPORTER = 20`
			`DEVELOPER = 30`
			`MAINTAINER = 40`
			`# @deprecated`
			`MASTER = MAINTAINER`
			`OWNER = 50`
Added Gitlab::Access module 2013-08-20 08:59:26 -04:00
Allow configuring protection of the default branch upon first push 2015-01-25 10:33:54 -05:00			`# Branch protection settings`
Revert "Revert "Merge branch '18193-developers-can-merge' into 'master' "" This reverts commit 530f5158e297f3cde27f3566cfe13bad74ba3b50. See !4892. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-18 04:16:56 -04:00			`PROTECTION_NONE = 0`
			`PROTECTION_DEV_CAN_PUSH = 1`
			`PROTECTION_FULL = 2`
			`PROTECTION_DEV_CAN_MERGE = 3`
Allow configuring protection of the default branch upon first push 2015-01-25 10:33:54 -05:00
Add part of needed code Add columns to store project creation settings Add project creation level column in groups and default project creation column in application settings Remove obsolete line from schema Update migration with project_creation_level column existence check Rename migrations to avoid conflicts Update migration methods Update migration method 2019-04-05 14:49:46 -04:00			`# Default project creation level`
			`NO_ONE_PROJECT_ACCESS = 0`
			`MAINTAINER_PROJECT_ACCESS = 1`
			`DEVELOPER_MAINTAINER_PROJECT_ACCESS = 2`

Added Gitlab::Access module 2013-08-20 08:59:26 -04:00			`class << self`
Enable Rails/Delegate 2017-02-22 12:51:46 -05:00			`delegate :values, to: :options`
Added Gitlab::Access module 2013-08-20 08:59:26 -04:00
Huge replace of old users_project and users_group references Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-09-14 12:32:51 -04:00			`def all_values`
			`options_with_owner.values`
			`end`

Added Gitlab::Access module 2013-08-20 08:59:26 -04:00			`def options`
			`{`
Rename master to maintainer 2018-05-22 04:51:45 -04:00			`"Guest" => GUEST,`
			`"Reporter" => REPORTER,`
			`"Developer" => DEVELOPER,`
Resolve "Rename the `Master` role to `Maintainer`" Backend 2018-07-11 10:36:08 -04:00			`"Maintainer" => MAINTAINER`
Added Gitlab::Access module 2013-08-20 08:59:26 -04:00			`}`
			`end`

			`def options_with_owner`
			`options.merge(`
			`"Owner" => OWNER`
			`)`
			`end`

Add highest_role method to User 2019-03-22 05:54:03 -04:00			`def options_with_none`
			`options_with_owner.merge(`
			`"None" => NO_ACCESS`
			`)`
			`end`

Added Gitlab::Access module 2013-08-20 08:59:26 -04:00			`def sym_options`
			`{`
Resolve "Rename the `Master` role to `Maintainer`" Backend 2018-07-11 10:36:08 -04:00			`guest: GUEST,`
			`reporter: REPORTER,`
			`developer: DEVELOPER,`
			`maintainer: MAINTAINER`
Added Gitlab::Access module 2013-08-20 08:59:26 -04:00			`}`
			`end`
Allow configuring protection of the default branch upon first push 2015-01-25 10:33:54 -05:00
Allow Member.add_user to handle access requesters Changes include: - Ensure Member.add_user is not called directly when not necessary - New GroupMember.add_users_to_group to have the same abstraction level as for Project - Refactor Member.add_user to take a source instead of an array of members - Fix Rubocop offenses - Always use Project#add_user instead of project.team.add_user - Factorize users addition as members in Member.add_users_to_source - Make access_level a keyword argument in GroupMember.add_users_to_group and ProjectMember.add_users_to_projects - Destroy any requester before adding them as a member - Improve the way we handle access requesters in Member.add_user Instead of removing the requester and creating a new member, we now simply accepts their access request. This way, they will receive a "access request granted" email. - Fix error that was previously silently ignored - Stop raising when access level is invalid in Member, let Rails validation do their work Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-09-16 11:54:21 -04:00			`def sym_options_with_owner`
			`sym_options.merge(owner: OWNER)`
			`end`

Allow configuring protection of the default branch upon first push 2015-01-25 10:33:54 -05:00			`def protection_options`
Improve protected branches selectbox options 2015-02-03 21:12:20 -05:00			`{`
Rename master to maintainer 2018-05-22 04:51:45 -04:00			`"Not protected: Both developers and maintainers can push new commits, force push, or delete the branch." => PROTECTION_NONE,`
			`"Protected against pushes: Developers cannot push new commits, but are allowed to accept merge requests to the branch. Maintainers can push to the branch." => PROTECTION_DEV_CAN_MERGE,`
			`"Partially protected: Both developers and maintainers can push new commits, but cannot force push or delete the branch." => PROTECTION_DEV_CAN_PUSH,`
			`"Fully protected: Developers cannot push new commits, but maintainers can. No-one can force push or delete the branch." => PROTECTION_FULL`
Improve protected branches selectbox options 2015-02-03 21:12:20 -05:00			`}`
Allow configuring protection of the default branch upon first push 2015-01-25 10:33:54 -05:00			`end`
Improve protected branches selectbox options 2015-02-03 21:12:20 -05:00
Allow configuring protection of the default branch upon first push 2015-01-25 10:33:54 -05:00			`def protection_values`
			`protection_options.values`
			`end`
WIP: refactor the first-contributor to Issuable this will remove the need make N queries (per-note) at the cost of having to mark notes with an attribute this opens up the possibility for other special roles for notes 2017-07-29 11:04:42 -04:00
			`def human_access(access)`
			`options_with_owner.key(access)`
			`end`
Add highest_role method to User 2019-03-22 05:54:03 -04:00
			`def human_access_with_none(access)`
			`options_with_none.key(access)`
			`end`
Add part of needed code Add columns to store project creation settings Add project creation level column in groups and default project creation column in application settings Remove obsolete line from schema Update migration with project_creation_level column existence check Rename migrations to avoid conflicts Update migration methods Update migration method 2019-04-05 14:49:46 -04:00
			`def project_creation_options`
			`{`
			`s_('ProjectCreationLevel\|No one') => NO_ONE_PROJECT_ACCESS,`
			`s_('ProjectCreationLevel\|Maintainers') => MAINTAINER_PROJECT_ACCESS,`
			`s_('ProjectCreationLevel\|Developers + Maintainers') => DEVELOPER_MAINTAINER_PROJECT_ACCESS`
			`}`
			`end`

			`def project_creation_values`
			`project_creation_options.values`
			`end`

			`def project_creation_level_name(name)`
			`project_creation_options.key(name)`
			`end`
Added Gitlab::Access module 2013-08-20 08:59:26 -04:00			`end`

			`def human_access`
WIP: refactor the first-contributor to Issuable this will remove the need make N queries (per-note) at the cost of having to mark notes with an attribute this opens up the possibility for other special roles for notes 2017-07-29 11:04:42 -04:00			`Gitlab::Access.human_access(access_field)`
Added Gitlab::Access module 2013-08-20 08:59:26 -04:00			`end`
Improve admin user show page Show permissions for all project. Add ability to remove user from group if not an owner Remove unnecessary admin controller 2013-08-27 14:35:41 -04:00
Add highest_role method to User 2019-03-22 05:54:03 -04:00			`def human_access_with_none`
			`Gitlab::Access.human_access_with_none(access_field)`
			`end`

Improve admin user show page Show permissions for all project. Add ability to remove user from group if not an owner Remove unnecessary admin controller 2013-08-27 14:35:41 -04:00			`def owner?`
			`access_field == OWNER`
			`end`
Added Gitlab::Access module 2013-08-20 08:59:26 -04:00			`end`
			`end`