2018-12-13 13:39:08 +05:30
# frozen_string_literal: true
2014-09-02 18:07:02 +05:30
# Gitlab::Access module
#
# Define allowed roles that can be used
# in GitLab code to determine authorization level
#
module Gitlab
module Access
2017-08-17 22:00:37 +05:30
AccessDeniedError = Class . new ( StandardError )
2016-08-24 12:49:21 +05:30
2020-11-24 15:15:51 +05:30
NO_ACCESS = 0
MINIMAL_ACCESS = 5
GUEST = 10
REPORTER = 20
DEVELOPER = 30
MAINTAINER = 40
OWNER = 50
2014-09-02 18:07:02 +05:30
2015-04-26 12:48:37 +05:30
# Branch protection settings
2016-08-24 12:49:21 +05:30
PROTECTION_NONE = 0
PROTECTION_DEV_CAN_PUSH = 1
PROTECTION_FULL = 2
PROTECTION_DEV_CAN_MERGE = 3
2015-04-26 12:48:37 +05:30
2019-07-07 11:18:12 +05:30
# Default project creation level
NO_ONE_PROJECT_ACCESS = 0
MAINTAINER_PROJECT_ACCESS = 1
DEVELOPER_MAINTAINER_PROJECT_ACCESS = 2
2019-10-12 21:52:04 +05:30
# Default subgroup creation level
OWNER_SUBGROUP_ACCESS = 0
MAINTAINER_SUBGROUP_ACCESS = 1
2014-09-02 18:07:02 +05:30
class << self
2017-08-17 22:00:37 +05:30
delegate :values , to : :options
2014-09-02 18:07:02 +05:30
2015-04-26 12:48:37 +05:30
def all_values
options_with_owner . values
end
2014-09-02 18:07:02 +05:30
def options
{
2018-11-08 19:23:39 +05:30
" Guest " = > GUEST ,
" Reporter " = > REPORTER ,
" Developer " = > DEVELOPER ,
2018-11-18 11:00:15 +05:30
" Maintainer " = > MAINTAINER
2014-09-02 18:07:02 +05:30
}
end
def options_with_owner
options . merge (
" Owner " = > OWNER
)
end
2019-07-07 11:18:12 +05:30
def options_with_none
options_with_owner . merge (
" None " = > NO_ACCESS
)
end
2014-09-02 18:07:02 +05:30
def sym_options
{
2018-11-18 11:00:15 +05:30
guest : GUEST ,
reporter : REPORTER ,
developer : DEVELOPER ,
maintainer : MAINTAINER
2014-09-02 18:07:02 +05:30
}
end
2015-04-26 12:48:37 +05:30
2016-11-03 12:29:30 +05:30
def sym_options_with_owner
sym_options . merge ( owner : OWNER )
end
2015-04-26 12:48:37 +05:30
def protection_options
2021-12-11 22:18:48 +05:30
[
{
label : s_ ( 'DefaultBranchProtection|Not protected' ) ,
help_text : s_ ( 'DefaultBranchProtection|Both developers and maintainers can push new commits, force push, or delete the branch.' ) ,
value : PROTECTION_NONE
} ,
{
label : s_ ( 'DefaultBranchProtection|Protected against pushes' ) ,
help_text : s_ ( 'DefaultBranchProtection|Developers cannot push new commits, but are allowed to accept merge requests to the branch. Maintainers can push to the branch.' ) ,
value : PROTECTION_DEV_CAN_MERGE
} ,
{
label : s_ ( 'DefaultBranchProtection|Partially protected' ) ,
help_text : s_ ( 'DefaultBranchProtection|Both developers and maintainers can push new commits, but cannot force push.' ) ,
value : PROTECTION_DEV_CAN_PUSH
} ,
{
label : s_ ( 'DefaultBranchProtection|Fully protected' ) ,
help_text : s_ ( 'DefaultBranchProtection|Developers cannot push new commits, but maintainers can. No one can force push.' ) ,
value : PROTECTION_FULL
}
]
2015-04-26 12:48:37 +05:30
end
def protection_values
2021-12-11 22:18:48 +05:30
protection_options . map { | option | option [ :value ] }
2015-04-26 12:48:37 +05:30
end
2018-03-17 18:26:18 +05:30
def human_access ( access )
options_with_owner . key ( access )
end
2019-07-07 11:18:12 +05:30
def human_access_with_none ( access )
options_with_none . key ( access )
end
def project_creation_options
{
s_ ( 'ProjectCreationLevel|No one' ) = > NO_ONE_PROJECT_ACCESS ,
s_ ( 'ProjectCreationLevel|Maintainers' ) = > MAINTAINER_PROJECT_ACCESS ,
s_ ( 'ProjectCreationLevel|Developers + Maintainers' ) = > DEVELOPER_MAINTAINER_PROJECT_ACCESS
}
end
2019-12-21 20:55:43 +05:30
def project_creation_string_options
{
'noone' = > NO_ONE_PROJECT_ACCESS ,
'maintainer' = > MAINTAINER_PROJECT_ACCESS ,
'developer' = > DEVELOPER_MAINTAINER_PROJECT_ACCESS
}
end
2019-07-07 11:18:12 +05:30
def project_creation_values
project_creation_options . values
end
2019-12-21 20:55:43 +05:30
def project_creation_string_values
project_creation_string_options . keys
end
2019-07-07 11:18:12 +05:30
def project_creation_level_name ( name )
project_creation_options . key ( name )
end
2019-10-12 21:52:04 +05:30
def subgroup_creation_options
{
s_ ( 'SubgroupCreationlevel|Owners' ) = > OWNER_SUBGROUP_ACCESS ,
s_ ( 'SubgroupCreationlevel|Maintainers' ) = > MAINTAINER_SUBGROUP_ACCESS
}
end
2019-12-21 20:55:43 +05:30
def subgroup_creation_string_options
{
'owner' = > OWNER_SUBGROUP_ACCESS ,
'maintainer' = > MAINTAINER_SUBGROUP_ACCESS
}
end
def subgroup_creation_values
subgroup_creation_options . values
end
def subgroup_creation_string_values
subgroup_creation_string_options . keys
end
2014-09-02 18:07:02 +05:30
end
def human_access
2018-03-17 18:26:18 +05:30
Gitlab :: Access . human_access ( access_field )
2014-09-02 18:07:02 +05:30
end
2019-07-07 11:18:12 +05:30
def human_access_with_none
Gitlab :: Access . human_access_with_none ( access_field )
end
2014-09-02 18:07:02 +05:30
def owner?
access_field == OWNER
end
end
end
2019-12-04 20:38:33 +05:30
2021-06-08 01:23:25 +05:30
Gitlab :: Access . prepend_mod_with ( 'Gitlab::Access' )