2018-10-22 07:00:50 +00:00
# frozen_string_literal: true
2013-08-20 12:59:26 +00:00
# Gitlab::Access module
#
# Define allowed roles that can be used
# in GitLab code to determine authorization level
#
module Gitlab
module Access
2017-03-01 11:00:37 +00:00
AccessDeniedError = Class . new ( StandardError )
2016-06-17 16:59:33 +00:00
2020-09-10 18:08:54 +00:00
NO_ACCESS = 0
MINIMAL_ACCESS = 5
GUEST = 10
REPORTER = 20
DEVELOPER = 30
MAINTAINER = 40
OWNER = 50
2013-08-20 12:59:26 +00:00
2015-01-25 15:33:54 +00:00
# Branch protection settings
2016-07-18 08:16:56 +00:00
PROTECTION_NONE = 0
PROTECTION_DEV_CAN_PUSH = 1
PROTECTION_FULL = 2
PROTECTION_DEV_CAN_MERGE = 3
2015-01-25 15:33:54 +00:00
2019-04-05 18:49:46 +00:00
# Default project creation level
NO_ONE_PROJECT_ACCESS = 0
MAINTAINER_PROJECT_ACCESS = 1
DEVELOPER_MAINTAINER_PROJECT_ACCESS = 2
2019-06-27 20:39:04 +00:00
# Default subgroup creation level
OWNER_SUBGROUP_ACCESS = 0
MAINTAINER_SUBGROUP_ACCESS = 1
2013-08-20 12:59:26 +00:00
class << self
2022-02-15 15:15:04 +00:00
delegate :values , to : :options
2013-08-20 12:59:26 +00:00
2014-09-14 16:32:51 +00:00
def all_values
options_with_owner . values
end
2013-08-20 12:59:26 +00:00
def options
{
2022-08-18 15:12:17 +00:00
" Guest " = > GUEST ,
" Reporter " = > REPORTER ,
" Developer " = > DEVELOPER ,
2018-07-11 14:36:08 +00:00
" Maintainer " = > MAINTAINER
2013-08-20 12:59:26 +00:00
}
end
def options_with_owner
options . merge (
" Owner " = > OWNER
)
end
2019-03-22 09:54:03 +00:00
def options_with_none
options_with_owner . merge (
" None " = > NO_ACCESS
)
end
2013-08-20 12:59:26 +00:00
def sym_options
{
2022-08-18 15:12:17 +00:00
guest : GUEST ,
reporter : REPORTER ,
developer : DEVELOPER ,
2018-07-11 14:36:08 +00:00
maintainer : MAINTAINER
2013-08-20 12:59:26 +00:00
}
end
2015-01-25 15:33:54 +00:00
2016-09-16 15:54:21 +00:00
def sym_options_with_owner
sym_options . merge ( owner : OWNER )
end
2015-01-25 15:33:54 +00:00
def protection_options
2021-10-29 21:13:01 +00:00
[
{
label : s_ ( 'DefaultBranchProtection|Not protected' ) ,
help_text : s_ ( 'DefaultBranchProtection|Both developers and maintainers can push new commits, force push, or delete the branch.' ) ,
value : PROTECTION_NONE
} ,
{
label : s_ ( 'DefaultBranchProtection|Protected against pushes' ) ,
help_text : s_ ( 'DefaultBranchProtection|Developers cannot push new commits, but are allowed to accept merge requests to the branch. Maintainers can push to the branch.' ) ,
value : PROTECTION_DEV_CAN_MERGE
} ,
{
label : s_ ( 'DefaultBranchProtection|Partially protected' ) ,
help_text : s_ ( 'DefaultBranchProtection|Both developers and maintainers can push new commits, but cannot force push.' ) ,
value : PROTECTION_DEV_CAN_PUSH
} ,
{
label : s_ ( 'DefaultBranchProtection|Fully protected' ) ,
help_text : s_ ( 'DefaultBranchProtection|Developers cannot push new commits, but maintainers can. No one can force push.' ) ,
value : PROTECTION_FULL
}
]
2015-01-25 15:33:54 +00:00
end
2015-02-04 02:12:20 +00:00
2015-01-25 15:33:54 +00:00
def protection_values
2021-10-29 21:13:01 +00:00
protection_options . map { | option | option [ :value ] }
2015-01-25 15:33:54 +00:00
end
2017-07-29 15:04:42 +00:00
def human_access ( access )
options_with_owner . key ( access )
end
2019-03-22 09:54:03 +00:00
def human_access_with_none ( access )
options_with_none . key ( access )
end
2019-04-05 18:49:46 +00:00
def project_creation_options
{
s_ ( 'ProjectCreationLevel|No one' ) = > NO_ONE_PROJECT_ACCESS ,
s_ ( 'ProjectCreationLevel|Maintainers' ) = > MAINTAINER_PROJECT_ACCESS ,
s_ ( 'ProjectCreationLevel|Developers + Maintainers' ) = > DEVELOPER_MAINTAINER_PROJECT_ACCESS
}
end
2019-10-07 15:05:59 +00:00
def project_creation_string_options
{
2022-08-18 15:12:17 +00:00
'noone' = > NO_ONE_PROJECT_ACCESS ,
'maintainer' = > MAINTAINER_PROJECT_ACCESS ,
'developer' = > DEVELOPER_MAINTAINER_PROJECT_ACCESS
2019-10-07 15:05:59 +00:00
}
end
2019-04-05 18:49:46 +00:00
def project_creation_values
project_creation_options . values
end
2019-10-07 15:05:59 +00:00
def project_creation_string_values
project_creation_string_options . keys
end
2019-04-05 18:49:46 +00:00
def project_creation_level_name ( name )
project_creation_options . key ( name )
end
2019-06-27 21:11:09 +00:00
def subgroup_creation_options
{
s_ ( 'SubgroupCreationlevel|Owners' ) = > OWNER_SUBGROUP_ACCESS ,
s_ ( 'SubgroupCreationlevel|Maintainers' ) = > MAINTAINER_SUBGROUP_ACCESS
}
end
2019-10-07 15:05:59 +00:00
def subgroup_creation_string_options
{
2022-08-18 15:12:17 +00:00
'owner' = > OWNER_SUBGROUP_ACCESS ,
2019-10-07 15:05:59 +00:00
'maintainer' = > MAINTAINER_SUBGROUP_ACCESS
}
end
def subgroup_creation_values
subgroup_creation_options . values
end
def subgroup_creation_string_values
subgroup_creation_string_options . keys
end
2013-08-20 12:59:26 +00:00
end
def human_access
2017-07-29 15:04:42 +00:00
Gitlab :: Access . human_access ( access_field )
2013-08-20 12:59:26 +00:00
end
2013-08-27 18:35:41 +00:00
2019-03-22 09:54:03 +00:00
def human_access_with_none
Gitlab :: Access . human_access_with_none ( access_field )
end
2013-08-27 18:35:41 +00:00
def owner?
access_field == OWNER
end
2013-08-20 12:59:26 +00:00
end
end
2019-09-13 13:26:31 +00:00
2021-05-11 21:10:21 +00:00
Gitlab :: Access . prepend_mod_with ( 'Gitlab::Access' )