debian-mirror-gitlab/lib/gitlab/ci/pipeline/chain/validate/abilities.rb

61 lines
1.7 KiB
Ruby
Raw Normal View History

2018-12-13 13:39:08 +05:30
# frozen_string_literal: true
2018-03-17 18:26:18 +05:30
module Gitlab
module Ci
module Pipeline
module Chain
module Validate
class Abilities < Chain::Base
include Gitlab::Allowable
include Chain::Helpers
def perform!
2021-02-11 23:33:58 +05:30
if project.pending_delete?
return error('Project is deleted!')
end
2018-03-17 18:26:18 +05:30
unless project.builds_enabled?
return error('Pipelines are disabled!')
end
2020-03-13 15:44:24 +05:30
unless allowed_to_create_pipeline?
return error('Insufficient permissions to create a new pipeline')
2019-09-30 21:07:59 +05:30
end
2020-03-13 15:44:24 +05:30
unless allowed_to_write_ref?
2020-07-28 23:09:34 +05:30
error("Insufficient permissions for protected ref '#{command.ref}'")
2018-03-17 18:26:18 +05:30
end
end
def break?
@pipeline.errors.any?
end
2020-03-13 15:44:24 +05:30
private
2018-03-17 18:26:18 +05:30
2020-03-13 15:44:24 +05:30
def allowed_to_create_pipeline?
can?(current_user, :create_pipeline, project)
end
2018-03-17 18:26:18 +05:30
2020-03-13 15:44:24 +05:30
def allowed_to_write_ref?
2020-10-24 23:57:45 +05:30
access = Gitlab::UserAccess.new(current_user, container: project)
2018-03-17 18:26:18 +05:30
if @command.branch_exists?
access.can_update_branch?(@command.ref)
elsif @command.tag_exists?
access.can_create_tag?(@command.ref)
2019-07-07 11:18:12 +05:30
elsif @command.merge_request_ref_exists?
access.can_update_branch?(@command.merge_request.source_branch)
2018-03-17 18:26:18 +05:30
else
true # Allow it for now and we'll reject when we check ref existence
end
end
end
end
end
end
end
end
2019-12-04 20:38:33 +05:30
Gitlab::Ci::Pipeline::Chain::Validate::Abilities.prepend_if_ee('EE::Gitlab::Ci::Pipeline::Chain::Validate::Abilities')