gitlab-org--gitlab-foss/app/services/concerns/validates_classification_label.rb

# frozen_string_literal: true

module ValidatesClassificationLabel
  def validate_classification_label(record, attribute_name)
    return unless ::Gitlab::ExternalAuthorization.enabled?
    return unless classification_label_change?(record, attribute_name)

    new_label = params[attribute_name].presence
    new_label ||= ::Gitlab::CurrentSettings.current_application_settings
                    .external_authorization_service_default_label

    unless ::Gitlab::ExternalAuthorization.access_allowed?(current_user, new_label)
      reason = rejection_reason_for_label(new_label)
      message = s_('ClassificationLabelUnavailable|is unavailable: %{reason}') % { reason: reason }
      record.errors.add(attribute_name, message)
    end
  end

  def rejection_reason_for_label(label)
    reason_from_service = ::Gitlab::ExternalAuthorization.rejection_reason(current_user, label).presence
    reason_from_service || _("Access to '%{classification_label}' not allowed") % { classification_label: label }
  end

  def classification_label_change?(record, attribute_name)
    params.key?(attribute_name) || record.new_record?
  end
end
Move Contribution Analytics related spec in spec/features/groups/group_page_with_external_authorization_service_spec to EE 2019-04-09 11:38:58 -04:00			`# frozen_string_literal: true`

			`module ValidatesClassificationLabel`
			`def validate_classification_label(record, attribute_name)`
			`return unless ::Gitlab::ExternalAuthorization.enabled?`
			`return unless classification_label_change?(record, attribute_name)`

			`new_label = params[attribute_name].presence`
			`new_label \|\|= ::Gitlab::CurrentSettings.current_application_settings`
			`.external_authorization_service_default_label`

			`unless ::Gitlab::ExternalAuthorization.access_allowed?(current_user, new_label)`
			`reason = rejection_reason_for_label(new_label)`
			`message = s_('ClassificationLabelUnavailable\|is unavailable: %{reason}') % { reason: reason }`
			`record.errors.add(attribute_name, message)`
			`end`
			`end`

			`def rejection_reason_for_label(label)`
			`reason_from_service = ::Gitlab::ExternalAuthorization.rejection_reason(current_user, label).presence`
			`reason_from_service \|\| _("Access to '%{classification_label}' not allowed") % { classification_label: label }`
			`end`

			`def classification_label_change?(record, attribute_name)`
			`params.key?(attribute_name) \|\| record.new_record?`
			`end`
			`end`