ec0061a95c
Changes include: - Ensure Member.add_user is not called directly when not necessary - New GroupMember.add_users_to_group to have the same abstraction level as for Project - Refactor Member.add_user to take a source instead of an array of members - Fix Rubocop offenses - Always use Project#add_user instead of project.team.add_user - Factorize users addition as members in Member.add_users_to_source - Make access_level a keyword argument in GroupMember.add_users_to_group and ProjectMember.add_users_to_projects - Destroy any requester before adding them as a member - Improve the way we handle access requesters in Member.add_user Instead of removing the requester and creating a new member, we now simply accepts their access request. This way, they will receive a "access request granted" email. - Fix error that was previously silently ignored - Stop raising when access level is invalid in Member, let Rails validation do their work Signed-off-by: Rémy Coutable <remy@rymai.me>
82 lines
2 KiB
Ruby
82 lines
2 KiB
Ruby
# Gitlab::Access module
|
|
#
|
|
# Define allowed roles that can be used
|
|
# in GitLab code to determine authorization level
|
|
#
|
|
module Gitlab
|
|
module Access
|
|
class AccessDeniedError < StandardError; end
|
|
|
|
NO_ACCESS = 0
|
|
GUEST = 10
|
|
REPORTER = 20
|
|
DEVELOPER = 30
|
|
MASTER = 40
|
|
OWNER = 50
|
|
|
|
# Branch protection settings
|
|
PROTECTION_NONE = 0
|
|
PROTECTION_DEV_CAN_PUSH = 1
|
|
PROTECTION_FULL = 2
|
|
PROTECTION_DEV_CAN_MERGE = 3
|
|
|
|
class << self
|
|
def values
|
|
options.values
|
|
end
|
|
|
|
def all_values
|
|
options_with_owner.values
|
|
end
|
|
|
|
def options
|
|
{
|
|
"Guest" => GUEST,
|
|
"Reporter" => REPORTER,
|
|
"Developer" => DEVELOPER,
|
|
"Master" => MASTER,
|
|
}
|
|
end
|
|
|
|
def options_with_owner
|
|
options.merge(
|
|
"Owner" => OWNER
|
|
)
|
|
end
|
|
|
|
def sym_options
|
|
{
|
|
guest: GUEST,
|
|
reporter: REPORTER,
|
|
developer: DEVELOPER,
|
|
master: MASTER,
|
|
}
|
|
end
|
|
|
|
def sym_options_with_owner
|
|
sym_options.merge(owner: OWNER)
|
|
end
|
|
|
|
def protection_options
|
|
{
|
|
"Not protected: Both developers and masters can push new commits, force push, or delete the branch." => PROTECTION_NONE,
|
|
"Protected against pushes: Developers cannot push new commits, but are allowed to accept merge requests to the branch." => PROTECTION_DEV_CAN_MERGE,
|
|
"Partially protected: Developers can push new commits, but cannot force push or delete the branch. Masters can do all of those." => PROTECTION_DEV_CAN_PUSH,
|
|
"Fully protected: Developers cannot push new commits, force push, or delete the branch. Only masters can do any of those." => PROTECTION_FULL,
|
|
}
|
|
end
|
|
|
|
def protection_values
|
|
protection_options.values
|
|
end
|
|
end
|
|
|
|
def human_access
|
|
Gitlab::Access.options_with_owner.key(access_field)
|
|
end
|
|
|
|
def owner?
|
|
access_field == OWNER
|
|
end
|
|
end
|
|
end
|