debian-mirror-gitlab/app/models/concerns/protected_ref_access.rb

63 lines
2 KiB
Ruby
Raw Normal View History

2018-11-20 20:47:30 +05:30
# frozen_string_literal: true
2017-08-17 22:00:37 +05:30
module ProtectedRefAccess
extend ActiveSupport::Concern
2018-03-17 18:26:18 +05:30
HUMAN_ACCESS_LEVELS = {
2019-12-04 20:38:33 +05:30
Gitlab::Access::MAINTAINER => "Maintainers",
Gitlab::Access::DEVELOPER => "Developers + Maintainers",
Gitlab::Access::NO_ACCESS => "No one"
2018-03-17 18:26:18 +05:30
}.freeze
2018-12-05 23:21:45 +05:30
class_methods do
def allowed_access_levels
[
Gitlab::Access::MAINTAINER,
Gitlab::Access::DEVELOPER,
Gitlab::Access::NO_ACCESS
]
end
end
2017-08-17 22:00:37 +05:30
included do
2018-11-18 11:00:15 +05:30
scope :master, -> { maintainer } # @deprecated
scope :maintainer, -> { where(access_level: Gitlab::Access::MAINTAINER) }
2017-08-17 22:00:37 +05:30
scope :developer, -> { where(access_level: Gitlab::Access::DEVELOPER) }
2018-11-18 11:00:15 +05:30
scope :by_user, -> (user) { where(user_id: user ) }
scope :by_group, -> (group) { where(group_id: group ) }
scope :for_role, -> { where(user_id: nil, group_id: nil) }
scope :for_user, -> { where.not(user_id: nil) }
scope :for_group, -> { where.not(group_id: nil) }
2018-03-17 18:26:18 +05:30
validates :access_level, presence: true, if: :role?, inclusion: {
2018-12-05 23:21:45 +05:30
in: self.allowed_access_levels
2018-03-17 18:26:18 +05:30
}
2017-08-17 22:00:37 +05:30
end
def humanize
2018-03-17 18:26:18 +05:30
HUMAN_ACCESS_LEVELS[self.access_level]
end
# CE access levels are always role-based,
# where as EE allows groups and users too
def role?
true
2017-08-17 22:00:37 +05:30
end
def check_access(user)
return true if user.admin?
2018-03-27 19:54:05 +05:30
user.can?(:push_code, project) &&
project.team.max_member_access(user.id) >= access_level
2017-08-17 22:00:37 +05:30
end
end
2019-12-04 20:38:33 +05:30
ProtectedRefAccess.include_if_ee('EE::ProtectedRefAccess::Scopes') # rubocop: disable Cop/InjectEnterpriseEditionModule
ProtectedRefAccess.prepend_if_ee('EE::ProtectedRefAccess') # rubocop: disable Cop/InjectEnterpriseEditionModule
# When using `prepend` (or `include` for that matter), the `ClassMethods`
# constants are not merged. This means that `class_methods` in
# `EE::ProtectedRefAccess` would be ignored.
#
# To work around this, we prepend the `ClassMethods` constant manually.
ProtectedRefAccess::ClassMethods.prepend_if_ee('EE::ProtectedRefAccess::ClassMethods')