2014-09-02 18:07:02 +05:30
|
|
|
module Gitlab
|
2016-08-24 12:49:21 +05:30
|
|
|
class UserAccess
|
|
|
|
attr_reader :user, :project
|
|
|
|
|
|
|
|
def initialize(user, project: nil)
|
|
|
|
@user = user
|
|
|
|
@project = project
|
|
|
|
end
|
|
|
|
|
|
|
|
def can_do_action?(action)
|
|
|
|
@permission_cache ||= {}
|
|
|
|
@permission_cache[action] ||= user.can?(action, project)
|
|
|
|
end
|
|
|
|
|
|
|
|
def cannot_do_action?(action)
|
|
|
|
!can_do_action?(action)
|
|
|
|
end
|
|
|
|
|
|
|
|
def allowed?
|
|
|
|
return false if user.blank? || user.blocked?
|
2014-09-02 18:07:02 +05:30
|
|
|
|
2016-04-02 18:10:28 +05:30
|
|
|
if user.requires_ldap_check? && user.try_obtain_ldap_lease
|
2014-09-02 18:07:02 +05:30
|
|
|
return false unless Gitlab::LDAP::Access.allowed?(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
true
|
|
|
|
end
|
2016-08-24 12:49:21 +05:30
|
|
|
|
|
|
|
def can_push_to_branch?(ref)
|
|
|
|
return false unless user
|
|
|
|
|
|
|
|
if project.protected_branch?(ref) && !project.developers_can_push_to_protected_branch?(ref)
|
|
|
|
user.can?(:push_code_to_protected_branches, project)
|
|
|
|
else
|
|
|
|
user.can?(:push_code, project)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def can_merge_to_branch?(ref)
|
|
|
|
return false unless user
|
|
|
|
|
|
|
|
if project.protected_branch?(ref) && !project.developers_can_merge_to_protected_branch?(ref)
|
|
|
|
user.can?(:push_code_to_protected_branches, project)
|
|
|
|
else
|
|
|
|
user.can?(:push_code, project)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def can_read_project?
|
|
|
|
return false unless user
|
|
|
|
|
|
|
|
user.can?(:read_project, project)
|
|
|
|
end
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
end
|