2018-11-20 20:47:30 +05:30
# frozen_string_literal: true
2017-08-17 22:00:37 +05:30
module ProtectedRef
extend ActiveSupport :: Concern
included do
2021-04-29 21:17:54 +05:30
belongs_to :project , touch : true
2017-08-17 22:00:37 +05:30
validates :name , presence : true
validates :project , presence : true
delegate :matching , :matches? , :wildcard? , to : :ref_matcher
2020-03-13 15:44:24 +05:30
scope :for_project , - > ( project ) { where ( project : project ) }
2021-02-22 17:27:13 +05:30
def allow_multiple? ( type )
false
end
2017-09-10 17:25:29 +05:30
end
2017-08-17 22:00:37 +05:30
2017-09-10 17:25:29 +05:30
def commit
project . commit ( self . name )
end
class_methods do
def protected_ref_access_levels ( * types )
types . each do | type |
# We need to set `inverse_of` to make sure the `belongs_to`-object is set
# when creating children using `accepts_nested_attributes_for`.
#
# If we don't `protected_branch` or `protected_tag` would be empty and
# `project` cannot be delegated to it, which in turn would cause validations
# to fail.
2018-11-18 11:00:15 +05:30
has_many :" #{ type } _access_levels " , inverse_of : self . model_name . singular
2017-09-10 17:25:29 +05:30
2021-02-22 17:27:13 +05:30
validates :" #{ type } _access_levels " , length : { is : 1 , message : " are restricted to a single instance per #{ self . model_name . human } . " } , unless : - > { allow_multiple? ( type ) }
2017-09-10 17:25:29 +05:30
accepts_nested_attributes_for :" #{ type } _access_levels " , allow_destroy : true
end
end
2018-05-09 12:01:36 +05:30
def protected_ref_accessible_to? ( ref , user , project : , action : , protected_refs : nil )
2017-09-10 17:25:29 +05:30
access_levels_for_ref ( ref , action : action , protected_refs : protected_refs ) . any? do | access_level |
2017-08-17 22:00:37 +05:30
access_level . check_access ( user )
end
end
2019-12-26 22:10:19 +05:30
def developers_can? ( action , ref , protected_refs : nil )
access_levels_for_ref ( ref , action : action , protected_refs : protected_refs ) . any? do | access_level |
2017-08-17 22:00:37 +05:30
access_level . access_level == Gitlab :: Access :: DEVELOPER
end
end
2017-09-10 17:25:29 +05:30
def access_levels_for_ref ( ref , action : , protected_refs : nil )
self . matching ( ref , protected_refs : protected_refs )
2019-10-12 21:52:04 +05:30
. flat_map ( & :" #{ action } _access_levels " )
2017-08-17 22:00:37 +05:30
end
2018-11-20 20:47:30 +05:30
# Returns all protected refs that match the given ref name.
# This checks all records from the scope built up so far, and does
# _not_ return a relation.
#
# This method optionally takes in a list of `protected_refs` to search
# through, to avoid calling out to the database.
2017-09-10 17:25:29 +05:30
def matching ( ref_name , protected_refs : nil )
2018-11-20 20:47:30 +05:30
( protected_refs || self . all ) . select { | protected_ref | protected_ref . matches? ( ref_name ) }
2017-08-17 22:00:37 +05:30
end
end
private
def ref_matcher
2018-11-20 20:47:30 +05:30
@ref_matcher || = RefMatcher . new ( self . name )
2017-08-17 22:00:37 +05:30
end
end
2019-12-04 20:38:33 +05:30
# Prepending a module into a concern doesn't work very well for class methods,
# since these are defined in a ClassMethods constant. As such, we prepend the
# module directly into ProtectedRef::ClassMethods, instead of prepending it into
# ProtectedRef.
ProtectedRef :: ClassMethods . prepend_if_ee ( 'EE::ProtectedRef' )