debian-mirror-gitlab/app/finders/clusters/agent_authorizations_finder.rb

# frozen_string_literal: true

module Clusters
  class AgentAuthorizationsFinder
    def initialize(project)
      @project = project
    end

    def execute
      # closest, most-specific authorization for a given agent wins
      (project_authorizations + implicit_authorizations + group_authorizations)
        .uniq(&:agent_id)
    end

    private

    attr_reader :project

    def implicit_authorizations
      project.cluster_agents.map do |agent|
        Clusters::Agents::ImplicitAuthorization.new(agent: agent)
      end
    end

    # rubocop: disable CodeReuse/ActiveRecord
    def project_authorizations
      namespace_ids = project.group ? all_namespace_ids : project.namespace_id

      Clusters::Agents::ProjectAuthorization
        .where(project_id: project.id)
        .joins(agent: :project)
        .preload(agent: :project)
        .where(cluster_agents: { projects: { namespace_id: namespace_ids } })
        .with_available_ci_access_fields(project)
        .to_a
    end

    def group_authorizations
      return [] unless project.group

      authorizations = Clusters::Agents::GroupAuthorization.arel_table

      ordered_ancestors_cte = Gitlab::SQL::CTE.new(
        :ordered_ancestors,
        project.group.self_and_ancestors(hierarchy_order: :asc).reselect(:id)
      )

      cte_join_sources = authorizations.join(ordered_ancestors_cte.table).on(
        authorizations[:group_id].eq(ordered_ancestors_cte.table[:id])
      ).join_sources

      Clusters::Agents::GroupAuthorization
        .with(ordered_ancestors_cte.to_arel)
        .joins(cte_join_sources)
        .joins(agent: :project)
        .with_available_ci_access_fields(project)
        .where(projects: { namespace_id: all_namespace_ids })
        .order(Arel.sql('agent_id, array_position(ARRAY(SELECT id FROM ordered_ancestors)::bigint[], agent_group_authorizations.group_id)'))
        .select('DISTINCT ON (agent_id) agent_group_authorizations.*')
        .preload(agent: :project)
        .to_a
    end
    # rubocop: enable CodeReuse/ActiveRecord

    def all_namespace_ids
      project.root_ancestor.self_and_descendants.select(:id)
    end
  end
end
New upstream version 14.5.2+ds1 2021-12-11 22:18:48 +05:30			`# frozen_string_literal: true`

			`module Clusters`
			`class AgentAuthorizationsFinder`
			`def initialize(project)`
			`@project = project`
			`end`

			`def execute`
			`# closest, most-specific authorization for a given agent wins`
			`(project_authorizations + implicit_authorizations + group_authorizations)`
			`.uniq(&:agent_id)`
			`end`

			`private`

			`attr_reader :project`

			`def implicit_authorizations`
			`project.cluster_agents.map do \|agent\|`
			`Clusters::Agents::ImplicitAuthorization.new(agent: agent)`
			`end`
			`end`

			`# rubocop: disable CodeReuse/ActiveRecord`
			`def project_authorizations`
New upstream version 15.6.4+ds1 2023-01-13 00:05:48 +05:30			`namespace_ids = project.group ? all_namespace_ids : project.namespace_id`
New upstream version 14.5.2+ds1 2021-12-11 22:18:48 +05:30
			`Clusters::Agents::ProjectAuthorization`
			`.where(project_id: project.id)`
			`.joins(agent: :project)`
			`.preload(agent: :project)`
New upstream version 15.5.4+ds1 2022-11-25 23:54:43 +05:30			`.where(cluster_agents: { projects: { namespace_id: namespace_ids } })`
New upstream version 14.5.2+ds1 2021-12-11 22:18:48 +05:30			`.with_available_ci_access_fields(project)`
			`.to_a`
			`end`

			`def group_authorizations`
			`return [] unless project.group`

			`authorizations = Clusters::Agents::GroupAuthorization.arel_table`

			`ordered_ancestors_cte = Gitlab::SQL::CTE.new(`
			`:ordered_ancestors,`
			`project.group.self_and_ancestors(hierarchy_order: :asc).reselect(:id)`
			`)`

			`cte_join_sources = authorizations.join(ordered_ancestors_cte.table).on(`
			`authorizations[:group_id].eq(ordered_ancestors_cte.table[:id])`
			`).join_sources`

New upstream version 15.6.4+ds1 2023-01-13 00:05:48 +05:30			`Clusters::Agents::GroupAuthorization`
New upstream version 14.5.2+ds1 2021-12-11 22:18:48 +05:30			`.with(ordered_ancestors_cte.to_arel)`
			`.joins(cte_join_sources)`
			`.joins(agent: :project)`
			`.with_available_ci_access_fields(project)`
New upstream version 15.6.4+ds1 2023-01-13 00:05:48 +05:30			`.where(projects: { namespace_id: all_namespace_ids })`
New upstream version 14.5.2+ds1 2021-12-11 22:18:48 +05:30			`.order(Arel.sql('agent_id, array_position(ARRAY(SELECT id FROM ordered_ancestors)::bigint[], agent_group_authorizations.group_id)'))`
			`.select('DISTINCT ON (agent_id) agent_group_authorizations.*')`
			`.preload(agent: :project)`
New upstream version 15.6.4+ds1 2023-01-13 00:05:48 +05:30			`.to_a`
New upstream version 14.5.2+ds1 2021-12-11 22:18:48 +05:30			`end`
			`# rubocop: enable CodeReuse/ActiveRecord`
New upstream version 15.5.4+ds1 2022-11-25 23:54:43 +05:30
			`def all_namespace_ids`
			`project.root_ancestor.self_and_descendants.select(:id)`
			`end`
New upstream version 14.5.2+ds1 2021-12-11 22:18:48 +05:30			`end`
			`end`