gitlab-org--gitlab-foss/app/models/concerns/protected_ref_access.rb

module ProtectedRefAccess
  extend ActiveSupport::Concern

  ALLOWED_ACCESS_LEVELS = [
    Gitlab::Access::MAINTAINER,
    Gitlab::Access::DEVELOPER,
    Gitlab::Access::NO_ACCESS
  ].freeze

  HUMAN_ACCESS_LEVELS = {
    Gitlab::Access::MAINTAINER => "Maintainers".freeze,
    Gitlab::Access::DEVELOPER => "Developers + Maintainers".freeze,
    Gitlab::Access::NO_ACCESS => "No one".freeze
  }.freeze

  included do
    scope :master, -> { maintainer } # @deprecated
    scope :maintainer, -> { where(access_level: Gitlab::Access::MAINTAINER) }
    scope :developer, -> { where(access_level: Gitlab::Access::DEVELOPER) }

    validates :access_level, presence: true, if: :role?, inclusion: {
      in: ALLOWED_ACCESS_LEVELS
    }
  end

  def humanize
    HUMAN_ACCESS_LEVELS[self.access_level]
  end

  # CE access levels are always role-based,
  # where as EE allows groups and users too
  def role?
    true
  end

  def check_access(user)
    return true if user.admin?

    user.can?(:push_code, project) &&
      project.team.max_member_access(user.id) >= access_level
  end
end
Cleaned up duplication with ProtectedRefAccess concern 2017-04-04 01:59:37 +00:00			`module ProtectedRefAccess`
			`extend ActiveSupport::Concern`
Protected tags copy/paste from protected branches Should provide basic CRUD backend for frontend to work from. Doesn’t include frontend, API, or the internal API used from gitlab-shell 2017-03-15 22:29:07 +00:00
Fix ProtectedBranch access level validations Before an access_level was required in EE even when an it had been set for a user/group. 2017-11-24 12:41:36 +00:00			`ALLOWED_ACCESS_LEVELS = [`
Resolve "Rename the `Master` role to `Maintainer`" Backend 2018-07-11 14:36:08 +00:00			`Gitlab::Access::MAINTAINER,`
Fix ProtectedBranch access level validations Before an access_level was required in EE even when an it had been set for a user/group. 2017-11-24 12:41:36 +00:00			`Gitlab::Access::DEVELOPER,`
			`Gitlab::Access::NO_ACCESS`
			`].freeze`

Deduplicate protected ref human_access_levels Previously these were duplicated so they could be different for push/merge, but this was no longer necessary after https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11232 2017-11-24 12:43:02 +00:00			`HUMAN_ACCESS_LEVELS = {`
Resolve "Rename the `Master` role to `Maintainer`" Backend 2018-07-11 14:36:08 +00:00			`Gitlab::Access::MAINTAINER => "Maintainers".freeze,`
Rename “Developers + Masters” 2018-05-22 11:54:50 +00:00			`Gitlab::Access::DEVELOPER => "Developers + Maintainers".freeze,`
Deduplicate protected ref human_access_levels Previously these were duplicated so they could be different for push/merge, but this was no longer necessary after https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11232 2017-11-24 12:43:02 +00:00			`Gitlab::Access::NO_ACCESS => "No one".freeze`
			`}.freeze`

Cleaned up duplication with ProtectedRefAccess concern 2017-04-04 01:59:37 +00:00			`included do`
Resolve "Rename the `Master` role to `Maintainer`" Backend 2018-07-11 14:36:08 +00:00			`scope :master, -> { maintainer } # @deprecated`
			`scope :maintainer, -> { where(access_level: Gitlab::Access::MAINTAINER) }`
Cleaned up duplication with ProtectedRefAccess concern 2017-04-04 01:59:37 +00:00			`scope :developer, -> { where(access_level: Gitlab::Access::DEVELOPER) }`
Fix ProtectedBranch access level validations Before an access_level was required in EE even when an it had been set for a user/group. 2017-11-24 12:41:36 +00:00
			`validates :access_level, presence: true, if: :role?, inclusion: {`
			`in: ALLOWED_ACCESS_LEVELS`
			`}`
Cleaned up duplication with ProtectedRefAccess concern 2017-04-04 01:59:37 +00:00			`end`
Protected tags copy/paste from protected branches Should provide basic CRUD backend for frontend to work from. Doesn’t include frontend, API, or the internal API used from gitlab-shell 2017-03-15 22:29:07 +00:00
Cleaned up duplication with ProtectedRefAccess concern 2017-04-04 01:59:37 +00:00			`def humanize`
Deduplicate protected ref human_access_levels Previously these were duplicated so they could be different for push/merge, but this was no longer necessary after https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11232 2017-11-24 12:43:02 +00:00			`HUMAN_ACCESS_LEVELS[self.access_level]`
Cleaned up duplication with ProtectedRefAccess concern 2017-04-04 01:59:37 +00:00			`end`
Protected tags copy/paste from protected branches Should provide basic CRUD backend for frontend to work from. Doesn’t include frontend, API, or the internal API used from gitlab-shell 2017-03-15 22:29:07 +00:00
Fix ProtectedBranch access level validations Before an access_level was required in EE even when an it had been set for a user/group. 2017-11-24 12:41:36 +00:00			`# CE access levels are always role-based,`
			`# where as EE allows groups and users too`
			`def role?`
			`true`
			`end`

Cleaned up duplication with ProtectedRefAccess concern 2017-04-04 01:59:37 +00:00			`def check_access(user)`
Protected tags changes from backend maintainer review 2017-04-07 00:14:10 +00:00			`return true if user.admin?`
Protected tags copy/paste from protected branches Should provide basic CRUD backend for frontend to work from. Doesn’t include frontend, API, or the internal API used from gitlab-shell 2017-03-15 22:29:07 +00:00
Port `read_cross_project` ability from EE 2017-12-11 14:21:06 +00:00			`user.can?(:push_code, project) &&`
			`project.team.max_member_access(user.id) >= access_level`
Cleaned up duplication with ProtectedRefAccess concern 2017-04-04 01:59:37 +00:00			`end`
			`end`