gitlab-org--gitlab-foss/lib/gitlab/access.rb

# Gitlab::Access module
#
# Define allowed roles that can be used
# in GitLab code to determine authorization level
#
module Gitlab
  module Access
    AccessDeniedError = Class.new(StandardError)

    NO_ACCESS = 0
    GUEST     = 10
    REPORTER  = 20
    DEVELOPER = 30
    MASTER    = 40
    OWNER     = 50

    # Branch protection settings
    PROTECTION_NONE          = 0
    PROTECTION_DEV_CAN_PUSH  = 1
    PROTECTION_FULL          = 2
    PROTECTION_DEV_CAN_MERGE = 3

    class << self
      delegate :values, to: :options

      def all_values
        options_with_owner.values
      end

      def options
        {
          "Guest"     => GUEST,
          "Reporter"  => REPORTER,
          "Developer" => DEVELOPER,
          "Master"    => MASTER
        }
      end

      def options_with_owner
        options.merge(
          "Owner" => OWNER
        )
      end

      def sym_options
        {
          guest:     GUEST,
          reporter:  REPORTER,
          developer: DEVELOPER,
          master:    MASTER
        }
      end

      def sym_options_with_owner
        sym_options.merge(owner: OWNER)
      end

      def protection_options
        {
          "Not protected: Both developers and masters can push new commits, force push, or delete the branch." => PROTECTION_NONE,
          "Protected against pushes: Developers cannot push new commits, but are allowed to accept merge requests to the branch. Masters can push to the branch." => PROTECTION_DEV_CAN_MERGE,
          "Partially protected: Both developers and masters can push new commits, but cannot force push or delete the branch." => PROTECTION_DEV_CAN_PUSH,
          "Fully protected: Developers cannot push new commits, but masters can. No-one can force push or delete the branch." => PROTECTION_FULL
        }
      end

      def protection_values
        protection_options.values
      end

      def human_access(access)
        options_with_owner.key(access)
      end
    end

    def human_access
      Gitlab::Access.human_access(access_field)
    end

    def owner?
      access_field == OWNER
    end
  end
end
Added Gitlab::Access module 2013-08-20 08:59:26 -04:00			`# Gitlab::Access module`
			`#`
			`# Define allowed roles that can be used`
			`# in GitLab code to determine authorization level`
			`#`
			`module Gitlab`
			`module Access`
Enable and autocorrect the CustomErrorClass cop 2017-03-01 06:00:37 -05:00			`AccessDeniedError = Class.new(StandardError)`
Raise a new Gitlab::Access::AccessDeniedError when permission is not enough to destroy a member This is a try for a new approach to put the access checks at the service level. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 12:59:33 -04:00
Optimize maximum user access level lookup in loading of notes NotesHelper#note_editable? and ProjectTeam#human_max_access currently take about 16% of the load time of an issue page. This MR preloads the maximum access level of users for all notes in issues and merge requests with several queries instead of one per user and caches the result in RequestStore. 2016-07-20 00:52:31 -04:00			`NO_ACCESS = 0`
Added Gitlab::Access module 2013-08-20 08:59:26 -04:00			`GUEST = 10`
			`REPORTER = 20`
			`DEVELOPER = 30`
			`MASTER = 40`
			`OWNER = 50`

Allow configuring protection of the default branch upon first push 2015-01-25 10:33:54 -05:00			`# Branch protection settings`
Revert "Revert "Merge branch '18193-developers-can-merge' into 'master' "" This reverts commit 530f5158e297f3cde27f3566cfe13bad74ba3b50. See !4892. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-18 04:16:56 -04:00			`PROTECTION_NONE = 0`
			`PROTECTION_DEV_CAN_PUSH = 1`
			`PROTECTION_FULL = 2`
			`PROTECTION_DEV_CAN_MERGE = 3`
Allow configuring protection of the default branch upon first push 2015-01-25 10:33:54 -05:00
Added Gitlab::Access module 2013-08-20 08:59:26 -04:00			`class << self`
Enable Rails/Delegate 2017-02-22 12:51:46 -05:00			`delegate :values, to: :options`
Added Gitlab::Access module 2013-08-20 08:59:26 -04:00
Huge replace of old users_project and users_group references Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-09-14 12:32:51 -04:00			`def all_values`
			`options_with_owner.values`
			`end`

Added Gitlab::Access module 2013-08-20 08:59:26 -04:00			`def options`
			`{`
			`"Guest" => GUEST,`
			`"Reporter" => REPORTER,`
			`"Developer" => DEVELOPER,`
Enable the Style/TrailingCommaInLiteral cop Use the EnforcedStyleForMultiline: no_comma option. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-05-03 07:22:03 -04:00			`"Master" => MASTER`
Added Gitlab::Access module 2013-08-20 08:59:26 -04:00			`}`
			`end`

			`def options_with_owner`
			`options.merge(`
			`"Owner" => OWNER`
			`)`
			`end`

			`def sym_options`
			`{`
			`guest: GUEST,`
			`reporter: REPORTER,`
			`developer: DEVELOPER,`
Enable the Style/TrailingCommaInLiteral cop Use the EnforcedStyleForMultiline: no_comma option. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-05-03 07:22:03 -04:00			`master: MASTER`
Added Gitlab::Access module 2013-08-20 08:59:26 -04:00			`}`
			`end`
Allow configuring protection of the default branch upon first push 2015-01-25 10:33:54 -05:00
Allow Member.add_user to handle access requesters Changes include: - Ensure Member.add_user is not called directly when not necessary - New GroupMember.add_users_to_group to have the same abstraction level as for Project - Refactor Member.add_user to take a source instead of an array of members - Fix Rubocop offenses - Always use Project#add_user instead of project.team.add_user - Factorize users addition as members in Member.add_users_to_source - Make access_level a keyword argument in GroupMember.add_users_to_group and ProjectMember.add_users_to_projects - Destroy any requester before adding them as a member - Improve the way we handle access requesters in Member.add_user Instead of removing the requester and creating a new member, we now simply accepts their access request. This way, they will receive a "access request granted" email. - Fix error that was previously silently ignored - Stop raising when access level is invalid in Member, let Rails validation do their work Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-09-16 11:54:21 -04:00			`def sym_options_with_owner`
			`sym_options.merge(owner: OWNER)`
			`end`

Allow configuring protection of the default branch upon first push 2015-01-25 10:33:54 -05:00			`def protection_options`
Improve protected branches selectbox options 2015-02-03 21:12:20 -05:00			`{`
Improve description of branch protection levels. 2015-05-12 06:38:42 -04:00			`"Not protected: Both developers and masters can push new commits, force push, or delete the branch." => PROTECTION_NONE,`
Clarify wording of protected branch settings for the default branch No-one is allowed to force push to a protected branch, or delete it. That's correct in the documentation, but was wrong in the drop-down. 2017-11-20 11:09:56 -05:00			`"Protected against pushes: Developers cannot push new commits, but are allowed to accept merge requests to the branch. Masters can push to the branch." => PROTECTION_DEV_CAN_MERGE,`
			`"Partially protected: Both developers and masters can push new commits, but cannot force push or delete the branch." => PROTECTION_DEV_CAN_PUSH,`
			`"Fully protected: Developers cannot push new commits, but masters can. No-one can force push or delete the branch." => PROTECTION_FULL`
Improve protected branches selectbox options 2015-02-03 21:12:20 -05:00			`}`
Allow configuring protection of the default branch upon first push 2015-01-25 10:33:54 -05:00			`end`
Improve protected branches selectbox options 2015-02-03 21:12:20 -05:00
Allow configuring protection of the default branch upon first push 2015-01-25 10:33:54 -05:00			`def protection_values`
			`protection_options.values`
			`end`
WIP: refactor the first-contributor to Issuable this will remove the need make N queries (per-note) at the cost of having to mark notes with an attribute this opens up the possibility for other special roles for notes 2017-07-29 11:04:42 -04:00
			`def human_access(access)`
			`options_with_owner.key(access)`
			`end`
Added Gitlab::Access module 2013-08-20 08:59:26 -04:00			`end`

			`def human_access`
WIP: refactor the first-contributor to Issuable this will remove the need make N queries (per-note) at the cost of having to mark notes with an attribute this opens up the possibility for other special roles for notes 2017-07-29 11:04:42 -04:00			`Gitlab::Access.human_access(access_field)`
Added Gitlab::Access module 2013-08-20 08:59:26 -04:00			`end`
Improve admin user show page Show permissions for all project. Add ability to remove user from group if not an owner Remove unnecessary admin controller 2013-08-27 14:35:41 -04:00
			`def owner?`
			`access_field == OWNER`
			`end`
Added Gitlab::Access module 2013-08-20 08:59:26 -04:00			`end`
			`end`