debian-mirror-gitlab/app/models/concerns/protected_ref.rb

76 lines
2.5 KiB
Ruby
Raw Normal View History

2018-11-20 20:47:30 +05:30
# frozen_string_literal: true
2017-08-17 22:00:37 +05:30
module ProtectedRef
extend ActiveSupport::Concern
included do
belongs_to :project
validates :name, presence: true
validates :project, presence: true
delegate :matching, :matches?, :wildcard?, to: :ref_matcher
2017-09-10 17:25:29 +05:30
end
2017-08-17 22:00:37 +05:30
2017-09-10 17:25:29 +05:30
def commit
project.commit(self.name)
end
class_methods do
def protected_ref_access_levels(*types)
types.each do |type|
# We need to set `inverse_of` to make sure the `belongs_to`-object is set
# when creating children using `accepts_nested_attributes_for`.
#
# If we don't `protected_branch` or `protected_tag` would be empty and
# `project` cannot be delegated to it, which in turn would cause validations
# to fail.
2018-11-18 11:00:15 +05:30
has_many :"#{type}_access_levels", inverse_of: self.model_name.singular
2017-09-10 17:25:29 +05:30
validates :"#{type}_access_levels", length: { is: 1, message: "are restricted to a single instance per #{self.model_name.human}." }
accepts_nested_attributes_for :"#{type}_access_levels", allow_destroy: true
end
end
2018-05-09 12:01:36 +05:30
def protected_ref_accessible_to?(ref, user, project:, action:, protected_refs: nil)
2017-09-10 17:25:29 +05:30
access_levels_for_ref(ref, action: action, protected_refs: protected_refs).any? do |access_level|
2017-08-17 22:00:37 +05:30
access_level.check_access(user)
end
end
2017-09-10 17:25:29 +05:30
def developers_can?(action, ref)
2017-08-17 22:00:37 +05:30
access_levels_for_ref(ref, action: action).any? do |access_level|
access_level.access_level == Gitlab::Access::DEVELOPER
end
end
2017-09-10 17:25:29 +05:30
def access_levels_for_ref(ref, action:, protected_refs: nil)
self.matching(ref, protected_refs: protected_refs)
2019-10-12 21:52:04 +05:30
.flat_map(&:"#{action}_access_levels")
2017-08-17 22:00:37 +05:30
end
2018-11-20 20:47:30 +05:30
# Returns all protected refs that match the given ref name.
# This checks all records from the scope built up so far, and does
# _not_ return a relation.
#
# This method optionally takes in a list of `protected_refs` to search
# through, to avoid calling out to the database.
2017-09-10 17:25:29 +05:30
def matching(ref_name, protected_refs: nil)
2018-11-20 20:47:30 +05:30
(protected_refs || self.all).select { |protected_ref| protected_ref.matches?(ref_name) }
2017-08-17 22:00:37 +05:30
end
end
private
def ref_matcher
2018-11-20 20:47:30 +05:30
@ref_matcher ||= RefMatcher.new(self.name)
2017-08-17 22:00:37 +05:30
end
end
2019-12-04 20:38:33 +05:30
# Prepending a module into a concern doesn't work very well for class methods,
# since these are defined in a ClassMethods constant. As such, we prepend the
# module directly into ProtectedRef::ClassMethods, instead of prepending it into
# ProtectedRef.
ProtectedRef::ClassMethods.prepend_if_ee('EE::ProtectedRef')