2018-12-13 13:39:08 +05:30
# frozen_string_literal: true
2018-03-17 18:26:18 +05:30
module Gitlab
module Ci
module Pipeline
module Chain
module Validate
class Abilities < Chain :: Base
include Gitlab :: Allowable
include Chain :: Helpers
def perform!
2021-02-11 23:33:58 +05:30
if project . pending_delete?
return error ( 'Project is deleted!' )
end
2018-03-17 18:26:18 +05:30
unless project . builds_enabled?
return error ( 'Pipelines are disabled!' )
end
2020-03-13 15:44:24 +05:30
unless allowed_to_create_pipeline?
return error ( 'Insufficient permissions to create a new pipeline' )
2019-09-30 21:07:59 +05:30
end
2020-03-13 15:44:24 +05:30
unless allowed_to_write_ref?
2022-05-03 16:02:30 +05:30
error ( " You do not have sufficient permission to run a pipeline on ' #{ command . ref } '. Please select a different branch or contact your administrator for assistance. " )
2018-03-17 18:26:18 +05:30
end
end
def break?
@pipeline . errors . any?
end
2020-03-13 15:44:24 +05:30
private
2018-03-17 18:26:18 +05:30
2020-03-13 15:44:24 +05:30
def allowed_to_create_pipeline?
can? ( current_user , :create_pipeline , project )
end
2018-03-17 18:26:18 +05:30
2020-03-13 15:44:24 +05:30
def allowed_to_write_ref?
2020-10-24 23:57:45 +05:30
access = Gitlab :: UserAccess . new ( current_user , container : project )
2018-03-17 18:26:18 +05:30
if @command . branch_exists?
access . can_update_branch? ( @command . ref )
elsif @command . tag_exists?
access . can_create_tag? ( @command . ref )
2019-07-07 11:18:12 +05:30
elsif @command . merge_request_ref_exists?
access . can_update_branch? ( @command . merge_request . source_branch )
2018-03-17 18:26:18 +05:30
else
true # Allow it for now and we'll reject when we check ref existence
end
end
end
end
end
end
end
end
2019-12-04 20:38:33 +05:30
2021-06-08 01:23:25 +05:30
Gitlab :: Ci :: Pipeline :: Chain :: Validate :: Abilities . prepend_mod_with ( 'Gitlab::Ci::Pipeline::Chain::Validate::Abilities' )
