203 lines
6.9 KiB
Ruby
203 lines
6.9 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
module VisibilityLevelHelper
|
|
def visibility_level_color(level)
|
|
case level
|
|
when Gitlab::VisibilityLevel::PRIVATE
|
|
'vs-private'
|
|
when Gitlab::VisibilityLevel::INTERNAL
|
|
'vs-internal'
|
|
when Gitlab::VisibilityLevel::PUBLIC
|
|
'vs-public'
|
|
end
|
|
end
|
|
|
|
# Return the description for the +level+ argument.
|
|
#
|
|
# +level+ One of the Gitlab::VisibilityLevel constants
|
|
# +form_model+ Either a model object (Project, Snippet, etc.) or the name of
|
|
# a Project or Snippet class.
|
|
def visibility_level_description(level, form_model)
|
|
case form_model
|
|
when Project
|
|
project_visibility_level_description(level)
|
|
when Group
|
|
group_visibility_level_description(level)
|
|
end
|
|
end
|
|
|
|
def project_visibility_level_description(level)
|
|
case level
|
|
when Gitlab::VisibilityLevel::PRIVATE
|
|
_("Project access must be granted explicitly to each user. If this project is part of a group, access will be granted to members of the group.")
|
|
when Gitlab::VisibilityLevel::INTERNAL
|
|
_("The project can be accessed by any logged in user except external users.")
|
|
when Gitlab::VisibilityLevel::PUBLIC
|
|
_("The project can be accessed without any authentication.")
|
|
end
|
|
end
|
|
|
|
def group_visibility_level_description(level)
|
|
case level
|
|
when Gitlab::VisibilityLevel::PRIVATE
|
|
_("The group and its projects can only be viewed by members.")
|
|
when Gitlab::VisibilityLevel::INTERNAL
|
|
_("The group and any internal projects can be viewed by any logged in user except external users.")
|
|
when Gitlab::VisibilityLevel::PUBLIC
|
|
_("The group and any public projects can be viewed without any authentication.")
|
|
end
|
|
end
|
|
|
|
# Note: these messages closely mirror the form validation strings found in the project
|
|
# model and any changes or additons to these may also need to be made there.
|
|
def disallowed_project_visibility_level_description(level, project)
|
|
level_name = Gitlab::VisibilityLevel.level_name(level).downcase
|
|
reasons = []
|
|
instructions = []
|
|
|
|
unless project.visibility_level_allowed_as_fork?(level)
|
|
reasons << "the fork source project has lower visibility"
|
|
end
|
|
|
|
unless project.visibility_level_allowed_by_group?(level)
|
|
errors = visibility_level_errors_for_group(project.group, level_name)
|
|
|
|
reasons << errors[:reason]
|
|
instructions << errors[:instruction]
|
|
end
|
|
|
|
reasons = reasons.any? ? ' because ' + reasons.to_sentence : ''
|
|
"This project cannot be #{level_name}#{reasons}.#{instructions.join}".html_safe
|
|
end
|
|
|
|
# Note: these messages closely mirror the form validation strings found in the group
|
|
# model and any changes or additons to these may also need to be made there.
|
|
def disallowed_group_visibility_level_description(level, group)
|
|
level_name = Gitlab::VisibilityLevel.level_name(level).downcase
|
|
reasons = []
|
|
instructions = []
|
|
|
|
unless group.visibility_level_allowed_by_projects?(level)
|
|
reasons << "it contains projects with higher visibility"
|
|
end
|
|
|
|
unless group.visibility_level_allowed_by_sub_groups?(level)
|
|
reasons << "it contains sub-groups with higher visibility"
|
|
end
|
|
|
|
unless group.visibility_level_allowed_by_parent?(level)
|
|
errors = visibility_level_errors_for_group(group.parent, level_name)
|
|
|
|
reasons << errors[:reason]
|
|
instructions << errors[:instruction]
|
|
end
|
|
|
|
reasons = reasons.any? ? ' because ' + reasons.to_sentence : ''
|
|
"This group cannot be #{level_name}#{reasons}.#{instructions.join}".html_safe
|
|
end
|
|
|
|
def visibility_icon_description(form_model)
|
|
if form_model.respond_to?(:visibility_level_allowed_as_fork?)
|
|
project_visibility_icon_description(form_model.visibility_level)
|
|
elsif form_model.respond_to?(:visibility_level_allowed_by_sub_groups?)
|
|
group_visibility_icon_description(form_model.visibility_level)
|
|
end
|
|
end
|
|
|
|
def group_visibility_icon_description(level)
|
|
"#{visibility_level_label(level)} - #{group_visibility_level_description(level)}"
|
|
end
|
|
|
|
def project_visibility_icon_description(level)
|
|
"#{visibility_level_label(level)} - #{project_visibility_level_description(level)}"
|
|
end
|
|
|
|
def visibility_level_label(level)
|
|
# The visibility level can be:
|
|
# 'VisibilityLevel|Private', 'VisibilityLevel|Internal', 'VisibilityLevel|Public'
|
|
s_(Project.visibility_levels.key(level))
|
|
end
|
|
|
|
def restricted_visibility_levels(show_all = false)
|
|
return [] if current_user.admin? && !show_all
|
|
|
|
Gitlab::CurrentSettings.restricted_visibility_levels || []
|
|
end
|
|
|
|
delegate :default_project_visibility,
|
|
:default_group_visibility,
|
|
to: :'Gitlab::CurrentSettings.current_application_settings'
|
|
|
|
def disallowed_visibility_level?(form_model, level)
|
|
return false unless form_model.respond_to?(:visibility_level_allowed?)
|
|
|
|
!form_model.visibility_level_allowed?(level)
|
|
end
|
|
|
|
# Visibility level can be restricted in two ways:
|
|
#
|
|
# 1. The group permissions (e.g. a subgroup is private, which requires
|
|
# all projects to be private)
|
|
# 2. The global allowed visibility settings, set by the admin
|
|
def selected_visibility_level(form_model, requested_level)
|
|
requested_level =
|
|
if requested_level.present?
|
|
requested_level.to_i
|
|
else
|
|
default_project_visibility
|
|
end
|
|
|
|
[requested_level, max_allowed_visibility_level(form_model)].min
|
|
end
|
|
|
|
def available_visibility_levels(form_model)
|
|
Gitlab::VisibilityLevel.values.reject do |level|
|
|
disallowed_visibility_level?(form_model, level) ||
|
|
restricted_visibility_levels.include?(level)
|
|
end
|
|
end
|
|
|
|
def snippets_selected_visibility_level(visibility_levels, selected)
|
|
visibility_levels.find { |level| level == selected } || visibility_levels.min
|
|
end
|
|
|
|
def multiple_visibility_levels_restricted?
|
|
restricted_visibility_levels.many? # rubocop: disable CodeReuse/ActiveRecord
|
|
end
|
|
|
|
def all_visibility_levels_restricted?
|
|
Gitlab::VisibilityLevel.values == restricted_visibility_levels
|
|
end
|
|
|
|
private
|
|
|
|
def max_allowed_visibility_level(form_model)
|
|
# First obtain the maximum visibility for the project or group
|
|
current_level = max_allowed_visibility_level_by_model(form_model)
|
|
|
|
# Now limit this by the global setting
|
|
Gitlab::VisibilityLevel.closest_allowed_level(current_level)
|
|
end
|
|
|
|
def max_allowed_visibility_level_by_model(form_model)
|
|
current_level = Gitlab::VisibilityLevel::PRIVATE
|
|
|
|
Gitlab::VisibilityLevel.values.sort.each do |value|
|
|
if disallowed_visibility_level?(form_model, value)
|
|
break
|
|
else
|
|
current_level = value
|
|
end
|
|
end
|
|
|
|
current_level
|
|
end
|
|
|
|
def visibility_level_errors_for_group(group, level_name)
|
|
group_name = link_to group.name, group_path(group)
|
|
change_visibility = link_to 'change the visibility', edit_group_path(group)
|
|
|
|
{ reason: "the visibility of #{group_name} is #{group.visibility}",
|
|
instruction: " To make this group #{level_name}, you must first #{change_visibility} of the parent group." }
|
|
end
|
|
end
|