gitlab-org--gitlab-foss/app/services/protected_branches/legacy_api_update_service.rb

# frozen_string_literal: true

# The branches#protect API still uses the `developers_can_push` and `developers_can_merge`
# flags for backward compatibility, and so performs translation between that format and the
# internal data model (separate access levels). The translation code is non-trivial, and so
# lives in this service.
module ProtectedBranches
  class LegacyApiUpdateService < BaseService
    attr_reader :protected_branch, :developers_can_push, :developers_can_merge

    def execute(protected_branch)
      @protected_branch = protected_branch
      @developers_can_push = params.delete(:developers_can_push)
      @developers_can_merge = params.delete(:developers_can_merge)

      protected_branch.transaction do
        delete_redundant_access_levels

        case developers_can_push
        when true
          params[:push_access_levels_attributes] = [{ access_level: Gitlab::Access::DEVELOPER }]
        when false
          params[:push_access_levels_attributes] = [{ access_level: Gitlab::Access::MAINTAINER }]
        end

        case developers_can_merge
        when true
          params[:merge_access_levels_attributes] = [{ access_level: Gitlab::Access::DEVELOPER }]
        when false
          params[:merge_access_levels_attributes] = [{ access_level: Gitlab::Access::MAINTAINER }]
        end

        service = ProtectedBranches::UpdateService.new(project, current_user, params)
        service.execute(protected_branch)
      end
    end

    private

    def delete_redundant_access_levels
      unless developers_can_merge.nil?
        protected_branch.merge_access_levels.destroy_all # rubocop: disable Cop/DestroyAll
      end

      unless developers_can_push.nil?
        protected_branch.push_access_levels.destroy_all # rubocop: disable Cop/DestroyAll
      end
    end
  end
end

ProtectedBranches::LegacyApiUpdateService.prepend_if_ee('EE::ProtectedBranches::LegacyApiUpdateService')
Enable more frozen string in app/services/*/.rb Partially addresses #47424. 2018-07-18 12:03:33 -04:00			`# frozen_string_literal: true`

Renamed ProtectedBranches::ApiUpdateService to LegacyApiUpdateService 2017-11-22 10:16:08 -05:00			# The branches#protect API still uses the `developers_can_push` and `developers_can_merge`
Fix branch protection API. 1. Previously, we were not removing existing access levels before creating new ones. This is not a problem for EE, but _is_ for CE, since we restrict the number of access levels in CE to 1. 2. The correct approach is: CE -> delete all access levels before updating a protected branch EE -> delete developer access levels if "developers_can_{merge,push}" is switched off 3. The dispatch is performed by checking if a "length: 1" validation is present on the access levels or not. 4. Another source of problems was that we didn't put multiple queries in a transaction. If the `destroy_all` passes, but the `update` fails, we should have a rollback. 5. Modifying the API to provide users direct access to CRUD access levels will make things a lot simpler. 6. Create `create/update` services separately for this API, which perform the necessary data translation, before calling the regular `create/update` services. The translation code was getting too large for the API endpoint itself, so this move makes sense. 2016-09-06 01:05:34 -04:00			`# flags for backward compatibility, and so performs translation between that format and the`
			`# internal data model (separate access levels). The translation code is non-trivial, and so`
			`# lives in this service.`
			`module ProtectedBranches`
Renamed ProtectedBranches::ApiUpdateService to LegacyApiUpdateService 2017-11-22 10:16:08 -05:00			`class LegacyApiUpdateService < BaseService`
Reduce remaining diff with EE in app/services Signed-off-by: Rémy Coutable <remy@rymai.me> 2019-02-06 07:41:17 -05:00			`attr_reader :protected_branch, :developers_can_push, :developers_can_merge`

Implement third round of review comments from @DouweM. Extract/mutate `params` in the `execute` method of the API services, rather than in `initialize`. 2016-10-24 02:02:09 -04:00			`def execute(protected_branch)`
Reduce remaining diff with EE in app/services Signed-off-by: Rémy Coutable <remy@rymai.me> 2019-02-06 07:41:17 -05:00			`@protected_branch = protected_branch`
Implement second round of review comments from @DouweM. - Pass `developers_and_merge` and `developers_can_push` in `params` instead of using keyword arguments. - Refactor a slightly complex boolean check to a simple `nil?` check. 2016-09-30 03:44:46 -04:00			`@developers_can_push = params.delete(:developers_can_push)`
Implement third round of review comments from @DouweM. Extract/mutate `params` in the `execute` method of the API services, rather than in `initialize`. 2016-10-24 02:02:09 -04:00			`@developers_can_merge = params.delete(:developers_can_merge)`
Fix branch protection API. 1. Previously, we were not removing existing access levels before creating new ones. This is not a problem for EE, but _is_ for CE, since we restrict the number of access levels in CE to 1. 2. The correct approach is: CE -> delete all access levels before updating a protected branch EE -> delete developer access levels if "developers_can_{merge,push}" is switched off 3. The dispatch is performed by checking if a "length: 1" validation is present on the access levels or not. 4. Another source of problems was that we didn't put multiple queries in a transaction. If the `destroy_all` passes, but the `update` fails, we should have a rollback. 5. Modifying the API to provide users direct access to CRUD access levels will make things a lot simpler. 6. Create `create/update` services separately for this API, which perform the necessary data translation, before calling the regular `create/update` services. The translation code was getting too large for the API endpoint itself, so this move makes sense. 2016-09-06 01:05:34 -04:00
			`protected_branch.transaction do`
Implement review comments from @dbalexandre. 1. Don't have any EE-only code in CE. Ok to have CE-only code in EE. 2. Use `case` instead of `if/elsif` 2016-09-13 22:34:29 -04:00			`delete_redundant_access_levels`
Fix branch protection API. 1. Previously, we were not removing existing access levels before creating new ones. This is not a problem for EE, but _is_ for CE, since we restrict the number of access levels in CE to 1. 2. The correct approach is: CE -> delete all access levels before updating a protected branch EE -> delete developer access levels if "developers_can_{merge,push}" is switched off 3. The dispatch is performed by checking if a "length: 1" validation is present on the access levels or not. 4. Another source of problems was that we didn't put multiple queries in a transaction. If the `destroy_all` passes, but the `update` fails, we should have a rollback. 5. Modifying the API to provide users direct access to CRUD access levels will make things a lot simpler. 6. Create `create/update` services separately for this API, which perform the necessary data translation, before calling the regular `create/update` services. The translation code was getting too large for the API endpoint itself, so this move makes sense. 2016-09-06 01:05:34 -04:00
Reduce remaining diff with EE in app/services Signed-off-by: Rémy Coutable <remy@rymai.me> 2019-02-06 07:41:17 -05:00			`case developers_can_push`
Implement review comments from @dbalexandre. 1. Don't have any EE-only code in CE. Ok to have CE-only code in EE. 2. Use `case` instead of `if/elsif` 2016-09-13 22:34:29 -04:00			`when true`
Enable Performance/RedundantMerge 2017-02-21 18:50:22 -05:00			`params[:push_access_levels_attributes] = [{ access_level: Gitlab::Access::DEVELOPER }]`
Implement review comments from @dbalexandre. 1. Don't have any EE-only code in CE. Ok to have CE-only code in EE. 2. Use `case` instead of `if/elsif` 2016-09-13 22:34:29 -04:00			`when false`
Resolve "Rename the `Master` role to `Maintainer`" Backend 2018-07-11 10:36:08 -04:00			`params[:push_access_levels_attributes] = [{ access_level: Gitlab::Access::MAINTAINER }]`
Fix branch protection API. 1. Previously, we were not removing existing access levels before creating new ones. This is not a problem for EE, but _is_ for CE, since we restrict the number of access levels in CE to 1. 2. The correct approach is: CE -> delete all access levels before updating a protected branch EE -> delete developer access levels if "developers_can_{merge,push}" is switched off 3. The dispatch is performed by checking if a "length: 1" validation is present on the access levels or not. 4. Another source of problems was that we didn't put multiple queries in a transaction. If the `destroy_all` passes, but the `update` fails, we should have a rollback. 5. Modifying the API to provide users direct access to CRUD access levels will make things a lot simpler. 6. Create `create/update` services separately for this API, which perform the necessary data translation, before calling the regular `create/update` services. The translation code was getting too large for the API endpoint itself, so this move makes sense. 2016-09-06 01:05:34 -04:00			`end`

Reduce remaining diff with EE in app/services Signed-off-by: Rémy Coutable <remy@rymai.me> 2019-02-06 07:41:17 -05:00			`case developers_can_merge`
Implement review comments from @dbalexandre. 1. Don't have any EE-only code in CE. Ok to have CE-only code in EE. 2. Use `case` instead of `if/elsif` 2016-09-13 22:34:29 -04:00			`when true`
Enable Performance/RedundantMerge 2017-02-21 18:50:22 -05:00			`params[:merge_access_levels_attributes] = [{ access_level: Gitlab::Access::DEVELOPER }]`
Implement review comments from @dbalexandre. 1. Don't have any EE-only code in CE. Ok to have CE-only code in EE. 2. Use `case` instead of `if/elsif` 2016-09-13 22:34:29 -04:00			`when false`
Resolve "Rename the `Master` role to `Maintainer`" Backend 2018-07-11 10:36:08 -04:00			`params[:merge_access_levels_attributes] = [{ access_level: Gitlab::Access::MAINTAINER }]`
Fix branch protection API. 1. Previously, we were not removing existing access levels before creating new ones. This is not a problem for EE, but _is_ for CE, since we restrict the number of access levels in CE to 1. 2. The correct approach is: CE -> delete all access levels before updating a protected branch EE -> delete developer access levels if "developers_can_{merge,push}" is switched off 3. The dispatch is performed by checking if a "length: 1" validation is present on the access levels or not. 4. Another source of problems was that we didn't put multiple queries in a transaction. If the `destroy_all` passes, but the `update` fails, we should have a rollback. 5. Modifying the API to provide users direct access to CRUD access levels will make things a lot simpler. 6. Create `create/update` services separately for this API, which perform the necessary data translation, before calling the regular `create/update` services. The translation code was getting too large for the API endpoint itself, so this move makes sense. 2016-09-06 01:05:34 -04:00			`end`

Reduce remaining diff with EE in app/services Signed-off-by: Rémy Coutable <remy@rymai.me> 2019-02-06 07:41:17 -05:00			`service = ProtectedBranches::UpdateService.new(project, current_user, params)`
Fix branch protection API. 1. Previously, we were not removing existing access levels before creating new ones. This is not a problem for EE, but _is_ for CE, since we restrict the number of access levels in CE to 1. 2. The correct approach is: CE -> delete all access levels before updating a protected branch EE -> delete developer access levels if "developers_can_{merge,push}" is switched off 3. The dispatch is performed by checking if a "length: 1" validation is present on the access levels or not. 4. Another source of problems was that we didn't put multiple queries in a transaction. If the `destroy_all` passes, but the `update` fails, we should have a rollback. 5. Modifying the API to provide users direct access to CRUD access levels will make things a lot simpler. 6. Create `create/update` services separately for this API, which perform the necessary data translation, before calling the regular `create/update` services. The translation code was getting too large for the API endpoint itself, so this move makes sense. 2016-09-06 01:05:34 -04:00			`service.execute(protected_branch)`
			`end`
			`end`

			`private`

Implement review comments from @dbalexandre. 1. Don't have any EE-only code in CE. Ok to have CE-only code in EE. 2. Use `case` instead of `if/elsif` 2016-09-13 22:34:29 -04:00			`def delete_redundant_access_levels`
Reduce remaining diff with EE in app/services Signed-off-by: Rémy Coutable <remy@rymai.me> 2019-02-06 07:41:17 -05:00			`unless developers_can_merge.nil?`
Add latest changes from gitlab-org/gitlab@master 2020-05-28 17:08:22 -04:00			`protected_branch.merge_access_levels.destroy_all # rubocop: disable Cop/DestroyAll`
Fix branch protection API. 1. Previously, we were not removing existing access levels before creating new ones. This is not a problem for EE, but _is_ for CE, since we restrict the number of access levels in CE to 1. 2. The correct approach is: CE -> delete all access levels before updating a protected branch EE -> delete developer access levels if "developers_can_{merge,push}" is switched off 3. The dispatch is performed by checking if a "length: 1" validation is present on the access levels or not. 4. Another source of problems was that we didn't put multiple queries in a transaction. If the `destroy_all` passes, but the `update` fails, we should have a rollback. 5. Modifying the API to provide users direct access to CRUD access levels will make things a lot simpler. 6. Create `create/update` services separately for this API, which perform the necessary data translation, before calling the regular `create/update` services. The translation code was getting too large for the API endpoint itself, so this move makes sense. 2016-09-06 01:05:34 -04:00			`end`

Reduce remaining diff with EE in app/services Signed-off-by: Rémy Coutable <remy@rymai.me> 2019-02-06 07:41:17 -05:00			`unless developers_can_push.nil?`
Add latest changes from gitlab-org/gitlab@master 2020-05-28 17:08:22 -04:00			`protected_branch.push_access_levels.destroy_all # rubocop: disable Cop/DestroyAll`
Fix branch protection API. 1. Previously, we were not removing existing access levels before creating new ones. This is not a problem for EE, but _is_ for CE, since we restrict the number of access levels in CE to 1. 2. The correct approach is: CE -> delete all access levels before updating a protected branch EE -> delete developer access levels if "developers_can_{merge,push}" is switched off 3. The dispatch is performed by checking if a "length: 1" validation is present on the access levels or not. 4. Another source of problems was that we didn't put multiple queries in a transaction. If the `destroy_all` passes, but the `update` fails, we should have a rollback. 5. Modifying the API to provide users direct access to CRUD access levels will make things a lot simpler. 6. Create `create/update` services separately for this API, which perform the necessary data translation, before calling the regular `create/update` services. The translation code was getting too large for the API endpoint itself, so this move makes sense. 2016-09-06 01:05:34 -04:00			`end`
			`end`
			`end`
			`end`
Add latest changes from gitlab-org/gitlab@master 2019-09-13 09:26:31 -04:00
			`ProtectedBranches::LegacyApiUpdateService.prepend_if_ee('EE::ProtectedBranches::LegacyApiUpdateService')`