debian-mirror-gitlab/app/models/concerns/protected_ref_access.rb

# frozen_string_literal: true

module ProtectedRefAccess
  extend ActiveSupport::Concern
  HUMAN_ACCESS_LEVELS = {
    Gitlab::Access::MAINTAINER => "Maintainers",
    Gitlab::Access::DEVELOPER => "Developers + Maintainers",
    Gitlab::Access::NO_ACCESS => "No one"
  }.freeze

  class_methods do
    def allowed_access_levels
      [
        Gitlab::Access::MAINTAINER,
        Gitlab::Access::DEVELOPER,
        Gitlab::Access::NO_ACCESS
      ]
    end
  end

  included do
    scope :master, -> { maintainer } # @deprecated
    scope :maintainer, -> { where(access_level: Gitlab::Access::MAINTAINER) }
    scope :developer, -> { where(access_level: Gitlab::Access::DEVELOPER) }
    scope :by_user, -> (user) { where(user_id: user ) }
    scope :by_group, -> (group) { where(group_id: group ) }
    scope :for_role, -> { where(user_id: nil, group_id: nil) }
    scope :for_user, -> { where.not(user_id: nil) }
    scope :for_group, -> { where.not(group_id: nil) }

    validates :access_level, presence: true, if: :role?, inclusion: {
      in: self.allowed_access_levels
    }
  end

  def humanize
    HUMAN_ACCESS_LEVELS[self.access_level]
  end

  # CE access levels are always role-based,
  # where as EE allows groups and users too
  def role?
    true
  end

  def check_access(user)
    return true if user.admin?

    user.can?(:push_code, project) &&
      project.team.max_member_access(user.id) >= access_level
  end
end

ProtectedRefAccess.include_if_ee('EE::ProtectedRefAccess::Scopes') # rubocop: disable Cop/InjectEnterpriseEditionModule
ProtectedRefAccess.prepend_if_ee('EE::ProtectedRefAccess') # rubocop: disable Cop/InjectEnterpriseEditionModule

# When using `prepend` (or `include` for that matter), the `ClassMethods`
# constants are not merged. This means that `class_methods` in
# `EE::ProtectedRefAccess` would be ignored.
#
# To work around this, we prepend the `ClassMethods` constant manually.
ProtectedRefAccess::ClassMethods.prepend_if_ee('EE::ProtectedRefAccess::ClassMethods')
New upstream version 11.3.10+dfsg 2018-11-20 20:47:30 +05:30			`# frozen_string_literal: true`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`module ProtectedRefAccess`
			`extend ActiveSupport::Concern`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`HUMAN_ACCESS_LEVELS = {`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`Gitlab::Access::MAINTAINER => "Maintainers",`
			`Gitlab::Access::DEVELOPER => "Developers + Maintainers",`
			`Gitlab::Access::NO_ACCESS => "No one"`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`}.freeze`

New upstream version 11.4.9+dfsg 2018-12-05 23:21:45 +05:30			`class_methods do`
			`def allowed_access_levels`
			`[`
			`Gitlab::Access::MAINTAINER,`
			`Gitlab::Access::DEVELOPER,`
			`Gitlab::Access::NO_ACCESS`
			`]`
			`end`
			`end`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`included do`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`scope :master, -> { maintainer } # @deprecated`
			`scope :maintainer, -> { where(access_level: Gitlab::Access::MAINTAINER) }`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`scope :developer, -> { where(access_level: Gitlab::Access::DEVELOPER) }`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`scope :by_user, -> (user) { where(user_id: user ) }`
			`scope :by_group, -> (group) { where(group_id: group ) }`
			`scope :for_role, -> { where(user_id: nil, group_id: nil) }`
			`scope :for_user, -> { where.not(user_id: nil) }`
			`scope :for_group, -> { where.not(group_id: nil) }`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30
			`validates :access_level, presence: true, if: :role?, inclusion: {`
New upstream version 11.4.9+dfsg 2018-12-05 23:21:45 +05:30			`in: self.allowed_access_levels`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`}`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`

			`def humanize`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`HUMAN_ACCESS_LEVELS[self.access_level]`
			`end`

			`# CE access levels are always role-based,`
			`# where as EE allows groups and users too`
			`def role?`
			`true`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`

			`def check_access(user)`
			`return true if user.admin?`

New upstream version 10.6.0+dfsg 2018-03-27 19:54:05 +05:30			`user.can?(:push_code, project) &&`
			`project.team.max_member_access(user.id) >= access_level`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`
			`end`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`ProtectedRefAccess.include_if_ee('EE::ProtectedRefAccess::Scopes') # rubocop: disable Cop/InjectEnterpriseEditionModule`
			`ProtectedRefAccess.prepend_if_ee('EE::ProtectedRefAccess') # rubocop: disable Cop/InjectEnterpriseEditionModule`

			# When using `prepend` (or `include` for that matter), the `ClassMethods`
			# constants are not merged. This means that `class_methods` in
			# `EE::ProtectedRefAccess` would be ignored.
			`#`
			# To work around this, we prepend the `ClassMethods` constant manually.
			`ProtectedRefAccess::ClassMethods.prepend_if_ee('EE::ProtectedRefAccess::ClassMethods')`