debian-mirror-gitlab/lib/gitlab/ci/pipeline/chain/validate/abilities.rb

# frozen_string_literal: true

module Gitlab
  module Ci
    module Pipeline
      module Chain
        module Validate
          class Abilities < Chain::Base
            include Gitlab::Allowable
            include Chain::Helpers

            def perform!
              if project.pending_delete?
                return error('Project is deleted!')
              end

              unless project.builds_enabled?
                return error('Pipelines are disabled!')
              end

              unless allowed_to_create_pipeline?
                return error('Insufficient permissions to create a new pipeline')
              end

              unless allowed_to_write_ref?
                error("You do not have sufficient permission to run a pipeline on '#{command.ref}'. Please select a different branch or contact your administrator for assistance. <a href=https://docs.gitlab.com/ee/ci/pipelines/#pipeline-security-on-protected-branches>Learn more</a>".html_safe)
              end
            end

            def break?
              @pipeline.errors.any?
            end

            private

            def allowed_to_create_pipeline?
              can?(current_user, :create_pipeline, project)
            end

            def allowed_to_write_ref?
              access = Gitlab::UserAccess.new(current_user, container: project)

              if @command.branch_exists?
                access.can_update_branch?(@command.ref)
              elsif @command.tag_exists?
                access.can_create_tag?(@command.ref)
              elsif @command.merge_request_ref_exists?
                access.can_update_branch?(@command.merge_request.source_branch)
              else
                true # Allow it for now and we'll reject when we check ref existence
              end
            end
          end
        end
      end
    end
  end
end

Gitlab::Ci::Pipeline::Chain::Validate::Abilities.prepend_mod_with('Gitlab::Ci::Pipeline::Chain::Validate::Abilities')
New upstream version 11.5.3+dfsg 2018-12-13 13:39:08 +05:30			`# frozen_string_literal: true`

New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`module Gitlab`
			`module Ci`
			`module Pipeline`
			`module Chain`
			`module Validate`
			`class Abilities < Chain::Base`
			`include Gitlab::Allowable`
			`include Chain::Helpers`

			`def perform!`
New upstream version 13.6.7 2021-02-11 23:33:58 +05:30			`if project.pending_delete?`
			`return error('Project is deleted!')`
			`end`

New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`unless project.builds_enabled?`
			`return error('Pipelines are disabled!')`
			`end`

New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`unless allowed_to_create_pipeline?`
			`return error('Insufficient permissions to create a new pipeline')`
New upstream version 12.1.11 2019-09-30 21:07:59 +05:30			`end`

New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`unless allowed_to_write_ref?`
New upstream version 13.8.5+ds1 2021-03-08 18:12:59 +05:30			`error("You do not have sufficient permission to run a pipeline on '#{command.ref}'. Please select a different branch or contact your administrator for assistance. <a href=https://docs.gitlab.com/ee/ci/pipelines/#pipeline-security-on-protected-branches>Learn more</a>".html_safe)`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`end`
			`end`

			`def break?`
			`@pipeline.errors.any?`
			`end`

New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`private`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30
New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`def allowed_to_create_pipeline?`
			`can?(current_user, :create_pipeline, project)`
			`end`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30
New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`def allowed_to_write_ref?`
New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`access = Gitlab::UserAccess.new(current_user, container: project)`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30
			`if @command.branch_exists?`
			`access.can_update_branch?(@command.ref)`
			`elsif @command.tag_exists?`
			`access.can_create_tag?(@command.ref)`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`elsif @command.merge_request_ref_exists?`
			`access.can_update_branch?(@command.merge_request.source_branch)`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`else`
			`true # Allow it for now and we'll reject when we check ref existence`
			`end`
			`end`
			`end`
			`end`
			`end`
			`end`
			`end`
			`end`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
New upstream version 13.12.3+ds1 2021-06-08 01:23:25 +05:30			`Gitlab::Ci::Pipeline::Chain::Validate::Abilities.prepend_mod_with('Gitlab::Ci::Pipeline::Chain::Validate::Abilities')`