gitlab-org--gitlab-foss/lib/gitlab/access.rb
Rémy Coutable 654565c9dc Raise a new Gitlab::Access::AccessDeniedError when permission is not enough to destroy a member
This is a try for a new approach to put the access checks at the service level.

Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-06-18 06:06:34 +02:00

75 lines
1.7 KiB
Ruby

# Gitlab::Access module
#
# Define allowed roles that can be used
# in GitLab code to determine authorization level
#
module Gitlab
module Access
class AccessDeniedError < StandardError; end
GUEST = 10
REPORTER = 20
DEVELOPER = 30
MASTER = 40
OWNER = 50
# Branch protection settings
PROTECTION_NONE = 0
PROTECTION_DEV_CAN_PUSH = 1
PROTECTION_FULL = 2
class << self
def values
options.values
end
def all_values
options_with_owner.values
end
def options
{
"Guest" => GUEST,
"Reporter" => REPORTER,
"Developer" => DEVELOPER,
"Master" => MASTER,
}
end
def options_with_owner
options.merge(
"Owner" => OWNER
)
end
def sym_options
{
guest: GUEST,
reporter: REPORTER,
developer: DEVELOPER,
master: MASTER,
}
end
def protection_options
{
"Not protected: Both developers and masters can push new commits, force push, or delete the branch." => PROTECTION_NONE,
"Partially protected: Developers can push new commits, but cannot force push or delete the branch. Masters can do all of those." => PROTECTION_DEV_CAN_PUSH,
"Fully protected: Developers cannot push new commits, force push, or delete the branch. Only masters can do any of those." => PROTECTION_FULL,
}
end
def protection_values
protection_options.values
end
end
def human_access
Gitlab::Access.options_with_owner.key(access_field)
end
def owner?
access_field == OWNER
end
end
end