2018-08-03 13:22:24 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2017-04-03 21:59:37 -04:00
|
|
|
module ProtectedRefAccess
|
|
|
|
extend ActiveSupport::Concern
|
2017-11-24 07:43:02 -05:00
|
|
|
HUMAN_ACCESS_LEVELS = {
|
2019-08-31 15:57:00 -04:00
|
|
|
Gitlab::Access::MAINTAINER => "Maintainers",
|
|
|
|
Gitlab::Access::DEVELOPER => "Developers + Maintainers",
|
|
|
|
Gitlab::Access::NO_ACCESS => "No one"
|
2017-11-24 07:43:02 -05:00
|
|
|
}.freeze
|
|
|
|
|
2018-08-28 12:30:38 -04:00
|
|
|
class_methods do
|
|
|
|
def allowed_access_levels
|
|
|
|
[
|
|
|
|
Gitlab::Access::MAINTAINER,
|
|
|
|
Gitlab::Access::DEVELOPER,
|
|
|
|
Gitlab::Access::NO_ACCESS
|
|
|
|
]
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-04-03 21:59:37 -04:00
|
|
|
included do
|
2018-07-11 10:36:08 -04:00
|
|
|
scope :maintainer, -> { where(access_level: Gitlab::Access::MAINTAINER) }
|
2017-04-03 21:59:37 -04:00
|
|
|
scope :developer, -> { where(access_level: Gitlab::Access::DEVELOPER) }
|
2018-06-14 09:47:49 -04:00
|
|
|
scope :by_user, -> (user) { where(user_id: user ) }
|
|
|
|
scope :by_group, -> (group) { where(group_id: group ) }
|
|
|
|
scope :for_role, -> { where(user_id: nil, group_id: nil) }
|
|
|
|
scope :for_user, -> { where.not(user_id: nil) }
|
|
|
|
scope :for_group, -> { where.not(group_id: nil) }
|
2017-11-24 07:41:36 -05:00
|
|
|
|
|
|
|
validates :access_level, presence: true, if: :role?, inclusion: {
|
2018-08-28 12:30:38 -04:00
|
|
|
in: self.allowed_access_levels
|
2017-11-24 07:41:36 -05:00
|
|
|
}
|
2017-04-03 21:59:37 -04:00
|
|
|
end
|
2017-03-15 18:29:07 -04:00
|
|
|
|
2017-04-03 21:59:37 -04:00
|
|
|
def humanize
|
2017-11-24 07:43:02 -05:00
|
|
|
HUMAN_ACCESS_LEVELS[self.access_level]
|
2017-04-03 21:59:37 -04:00
|
|
|
end
|
2017-03-15 18:29:07 -04:00
|
|
|
|
2020-11-13 10:09:24 -05:00
|
|
|
def type
|
|
|
|
:role
|
|
|
|
end
|
|
|
|
|
2017-11-24 07:41:36 -05:00
|
|
|
def role?
|
2020-11-13 10:09:24 -05:00
|
|
|
type == :role
|
2017-11-24 07:41:36 -05:00
|
|
|
end
|
|
|
|
|
2017-04-03 21:59:37 -04:00
|
|
|
def check_access(user)
|
2020-12-07 13:10:36 -05:00
|
|
|
return false unless user
|
2017-04-06 20:14:10 -04:00
|
|
|
return true if user.admin?
|
2017-03-15 18:29:07 -04:00
|
|
|
|
2017-12-11 09:21:06 -05:00
|
|
|
user.can?(:push_code, project) &&
|
|
|
|
project.team.max_member_access(user.id) >= access_level
|
2017-04-03 21:59:37 -04:00
|
|
|
end
|
|
|
|
end
|
2019-09-13 09:26:31 -04:00
|
|
|
|
2021-05-11 17:10:21 -04:00
|
|
|
ProtectedRefAccess.include_mod_with('ProtectedRefAccess::Scopes')
|
|
|
|
ProtectedRefAccess.prepend_mod_with('ProtectedRefAccess')
|
2019-09-13 09:26:31 -04:00
|
|
|
|
|
|
|
# When using `prepend` (or `include` for that matter), the `ClassMethods`
|
|
|
|
# constants are not merged. This means that `class_methods` in
|
|
|
|
# `EE::ProtectedRefAccess` would be ignored.
|
|
|
|
#
|
|
|
|
# To work around this, we prepend the `ClassMethods` constant manually.
|
2021-05-11 17:10:21 -04:00
|
|
|
ProtectedRefAccess::ClassMethods.prepend_mod_with('ProtectedRefAccess::ClassMethods')
|