debian-mirror-gitlab/app/models/deploy_key.rb

# frozen_string_literal: true

class DeployKey < Key
  include FromUnion
  include IgnorableColumns
  include PolicyActor
  include Presentable

  has_many :deploy_keys_projects, inverse_of: :deploy_key, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
  has_many :projects, through: :deploy_keys_projects

  has_many :deploy_keys_projects_with_write_access, -> { with_write_access }, class_name: "DeployKeysProject", inverse_of: :deploy_key
  has_many :projects_with_write_access, -> { includes(:route) }, class_name: 'Project', through: :deploy_keys_projects_with_write_access, source: :project
  has_many :protected_branch_push_access_levels, class_name: '::ProtectedBranch::PushAccessLevel', inverse_of: :deploy_key
  has_many :protected_tag_create_access_levels, class_name: '::ProtectedTag::CreateAccessLevel', inverse_of: :deploy_key

  scope :in_projects, ->(projects) { joins(:deploy_keys_projects).where(deploy_keys_projects: { project_id: projects }) }
  scope :with_write_access, -> { joins(:deploy_keys_projects).merge(DeployKeysProject.with_write_access) }
  scope :are_public, -> { where(public: true) }
  scope :with_projects, -> { includes(deploy_keys_projects: { project: [:route, namespace: :route] }) }
  scope :including_projects_with_write_access, -> { includes(:projects_with_write_access) }

  accepts_nested_attributes_for :deploy_keys_projects, reject_if: :reject_deploy_keys_projects?

  def private?
    !public?
  end

  def orphaned?
    self.deploy_keys_projects.empty?
  end

  def almost_orphaned?
    self.deploy_keys_projects.size == 1
  end

  def destroyed_when_orphaned?
    self.private?
  end

  def user
    super || User.ghost
  end

  def audit_details
    title
  end

  def has_access_to?(project)
    deploy_keys_project_for(project).present?
  end

  def can_push_to?(project)
    !!deploy_keys_project_for(project)&.can_push?
  end

  def deploy_keys_project_for(project)
    if association(:deploy_keys_projects).loaded?
      deploy_keys_projects.find { |dkp| dkp.project_id.eql?(project&.id) }
    else
      deploy_keys_projects.find_by(project: project)
    end
  end

  def self.with_write_access_for_project(project, deploy_key: nil)
    query = in_projects(project).with_write_access
    query = query.where(id: deploy_key) if deploy_key

    query
  end

  # This is used for the internal logic of AuditEvents::BuildService.
  def impersonated?
    false
  end

  private

  def reject_deploy_keys_projects?
    !self.valid?
  end
end
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`# frozen_string_literal: true`

Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30			`class DeployKey < Key`
New upstream version 12.2.8 2019-10-12 21:52:04 +05:30			`include FromUnion`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`include IgnorableColumns`
New upstream version 14.0.10 2021-09-04 01:27:46 +05:30			`include PolicyActor`
New upstream version 15.5.4+ds1 2022-11-25 23:54:43 +05:30			`include Presentable`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30
			`has_many :deploy_keys_projects, inverse_of: :deploy_key, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent`
Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30			`has_many :projects, through: :deploy_keys_projects`
New upstream version 14.5.2+ds1 2021-12-11 22:18:48 +05:30
New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30			`has_many :deploy_keys_projects_with_write_access, -> { with_write_access }, class_name: "DeployKeysProject", inverse_of: :deploy_key`
New upstream version 14.5.2+ds1 2021-12-11 22:18:48 +05:30			`has_many :projects_with_write_access, -> { includes(:route) }, class_name: 'Project', through: :deploy_keys_projects_with_write_access, source: :project`
New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30			`has_many :protected_branch_push_access_levels, class_name: '::ProtectedBranch::PushAccessLevel', inverse_of: :deploy_key`
			`has_many :protected_tag_create_access_levels, class_name: '::ProtectedTag::CreateAccessLevel', inverse_of: :deploy_key`
Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30
New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`scope :in_projects, ->(projects) { joins(:deploy_keys_projects).where(deploy_keys_projects: { project_id: projects }) }`
			`scope :with_write_access, -> { joins(:deploy_keys_projects).merge(DeployKeysProject.with_write_access) }`
			`scope :are_public, -> { where(public: true) }`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`scope :with_projects, -> { includes(deploy_keys_projects: { project: [:route, namespace: :route] }) }`
New upstream version 14.5.2+ds1 2021-12-11 22:18:48 +05:30			`scope :including_projects_with_write_access, -> { includes(:projects_with_write_access) }`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30
New upstream version 15.8.4+ds1 2023-03-17 16:20:25 +05:30			`accepts_nested_attributes_for :deploy_keys_projects, reject_if: :reject_deploy_keys_projects?`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`def private?`
			`!public?`
			`end`

			`def orphaned?`
New upstream version 11.4.9+dfsg 2018-12-05 23:21:45 +05:30			`self.deploy_keys_projects.empty?`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`end`

			`def almost_orphaned?`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`self.deploy_keys_projects.size == 1`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`end`

			`def destroyed_when_orphaned?`
			`self.private?`
			`end`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 10.7.3+dfsg 2018-05-09 12:01:36 +05:30			`def user`
			`super \|\| User.ghost`
			`end`

New upstream version 15.3.1+ds1 2022-08-27 11:52:29 +05:30			`def audit_details`
			`title`
			`end`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`def has_access_to?(project)`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`deploy_keys_project_for(project).present?`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`

			`def can_push_to?(project)`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`!!deploy_keys_project_for(project)&.can_push?`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`

New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`def deploy_keys_project_for(project)`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`if association(:deploy_keys_projects).loaded?`
			`deploy_keys_projects.find { \|dkp\| dkp.project_id.eql?(project&.id) }`
			`else`
			`deploy_keys_projects.find_by(project: project)`
			`end`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`end`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`def self.with_write_access_for_project(project, deploy_key: nil)`
			`query = in_projects(project).with_write_access`
			`query = query.where(id: deploy_key) if deploy_key`

			`query`
			`end`
New upstream version 15.3.1+ds1 2022-08-27 11:52:29 +05:30
			`# This is used for the internal logic of AuditEvents::BuildService.`
			`def impersonated?`
			`false`
			`end`
New upstream version 15.8.4+ds1 2023-03-17 16:20:25 +05:30
			`private`

			`def reject_deploy_keys_projects?`
			`!self.valid?`
			`end`
Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30			`end`