debian-mirror-gitlab/app/models/ci/job_token/project_scope_link.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

60 lines
2.1 KiB
Ruby
Raw Permalink Normal View History

2021-09-04 01:27:46 +05:30
# frozen_string_literal: true
2023-04-23 21:23:45 +05:30
# The connection between a source project (which the job token scope's allowlist applies too)
# and a target project which is added to the scope's allowlist.
2021-09-04 01:27:46 +05:30
module Ci
module JobToken
2021-11-18 22:05:49 +05:30
class ProjectScopeLink < Ci::ApplicationRecord
2021-09-04 01:27:46 +05:30
self.table_name = 'ci_job_token_project_scope_links'
2023-04-23 21:23:45 +05:30
PROJECT_LINK_DIRECTIONAL_LIMIT = 100
2021-09-04 01:27:46 +05:30
belongs_to :source_project, class_name: 'Project'
2023-04-23 21:23:45 +05:30
# the project added to the scope's allowlist
2021-09-04 01:27:46 +05:30
belongs_to :target_project, class_name: 'Project'
belongs_to :added_by, class_name: 'User'
2023-04-23 21:23:45 +05:30
scope :with_access_direction, ->(direction) { where(direction: direction) }
scope :with_source, ->(project) { where(source_project: project) }
scope :with_target, ->(project) { where(target_project: project) }
2021-09-04 01:27:46 +05:30
validates :source_project, presence: true
validates :target_project, presence: true
validate :not_self_referential_link
2023-04-23 21:23:45 +05:30
validate :source_project_under_link_limit, on: :create
2021-09-04 01:27:46 +05:30
2023-04-23 21:23:45 +05:30
# When outbound the target project is allowed to be accessed by the source job token.
# When inbound the source project is allowed to be accessed by the target job token.
2022-11-25 23:54:43 +05:30
enum direction: {
outbound: 0,
inbound: 1
}
2021-09-30 23:02:18 +05:30
def self.for_source_and_target(source_project, target_project)
self.find_by(source_project: source_project, target_project: target_project)
end
2021-09-04 01:27:46 +05:30
private
def not_self_referential_link
return unless source_project && target_project
if source_project == target_project
self.errors.add(:target_project, _("can't be the same as the source project"))
end
end
2023-04-23 21:23:45 +05:30
def source_project_under_link_limit
return unless source_project
existing_links_count = self.class.with_source(source_project).with_access_direction(direction).count
if existing_links_count >= PROJECT_LINK_DIRECTIONAL_LIMIT
errors.add(:source_project, "exceeds the allowable number of project links in this direction")
end
end
2021-09-04 01:27:46 +05:30
end
end
end