debian-mirror-gitlab/app/controllers/groups/application_controller.rb

# frozen_string_literal: true

class Groups::ApplicationController < ApplicationController
  include RoutableActions
  include ControllerWithCrossProjectAccessCheck
  include SortingHelper
  include SortingPreference

  layout 'group'

  skip_before_action :authenticate_user!
  before_action :group
  before_action :set_sorting
  requires_cross_project_access

  private

  def group
    @group ||= find_routable!(Group, params[:group_id] || params[:id], request.fullpath)
  end

  def group_projects
    @projects ||= GroupProjectsFinder.new(group: group, current_user: current_user).execute
  end

  def group_projects_with_subgroups
    @group_projects_with_subgroups ||= GroupProjectsFinder.new(
      group: group,
      current_user: current_user,
      options: { include_subgroups: true }
    ).execute
  end

  def authorize_admin_group!
    unless can?(current_user, :admin_group, group)
      render_404
    end
  end

  def authorize_admin_group_runners!
    unless can?(current_user, :admin_group_runners, group)
      render_404
    end
  end

  def authorize_read_group_runners!
    unless can?(current_user, :read_group_runners, group)
      render_404
    end
  end

  def authorize_create_deploy_token!
    unless can?(current_user, :create_deploy_token, group)
      render_404
    end
  end

  def authorize_destroy_deploy_token!
    unless can?(current_user, :destroy_deploy_token, group)
      render_404
    end
  end

  def authorize_admin_group_member!
    unless can?(current_user, :admin_group_member, group)
      render_403
    end
  end

  def authorize_billings_page!
    render_404 unless can?(current_user, :read_billing, group)
  end

  def authorize_read_group_member!
    unless can?(current_user, :read_group_member, group)
      render_403
    end
  end

  def build_canonical_path(group)
    params[:group_id] = group.to_param

    url_for(safe_params)
  end

  def set_sorting
    if has_project_list?
      @group_projects_sort = set_sort_order(Project::SORTING_PREFERENCE_FIELD, sort_value_name)
    end
  end

  def has_project_list?
    false
  end

  def validate_root_group!
    render_404 unless group.root?
  end

  def authorize_action!(action)
    access_denied! unless can?(current_user, action, group)
  end

  def respond_to_missing?(method, *args)
    case method.to_s
    when /\Aauthorize_(.*)!\z/
      true
    else
      super
    end
  end

  def method_missing(method_sym, *arguments, &block)
    case method_sym.to_s
    when /\Aauthorize_(.*)!\z/
      authorize_action!(Regexp.last_match(1).to_sym)
    else
      super
    end
  end
end

Groups::ApplicationController.prepend_mod_with('Groups::ApplicationController')
New upstream version 11.4.9+dfsg 2018-12-05 23:21:45 +05:30			`# frozen_string_literal: true`

Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`class Groups::ApplicationController < ApplicationController`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`include RoutableActions`
New upstream version 10.6.0+dfsg 2018-03-27 19:54:05 +05:30			`include ControllerWithCrossProjectAccessCheck`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`include SortingHelper`
			`include SortingPreference`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`layout 'group'`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30
			`skip_before_action :authenticate_user!`
Imported Upstream version 8.2.1 2015-11-26 14:37:03 +05:30			`before_action :group`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`before_action :set_sorting`
New upstream version 10.6.0+dfsg 2018-03-27 19:54:05 +05:30			`requires_cross_project_access`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30
			`private`
Imported Upstream version 8.2.1 2015-11-26 14:37:03 +05:30
			`def group`
New upstream version 14.3.4+ds1 2021-11-11 11:23:49 +05:30			`@group \|\|= find_routable!(Group, params[:group_id] \|\| params[:id], request.fullpath)`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`end`

			`def group_projects`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`@projects \|\|= GroupProjectsFinder.new(group: group, current_user: current_user).execute`
			`end`

New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`def group_projects_with_subgroups`
			`@group_projects_with_subgroups \|\|= GroupProjectsFinder.new(`
			`group: group,`
			`current_user: current_user,`
			`options: { include_subgroups: true }`
			`).execute`
			`end`

Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`def authorize_admin_group!`
			`unless can?(current_user, :admin_group, group)`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`render_404`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`end`
			`end`
Imported Upstream version 8.2.1 2015-11-26 14:37:03 +05:30
New upstream version 14.7.4+ds1 2022-03-02 08:16:31 +05:30			`def authorize_admin_group_runners!`
			`unless can?(current_user, :admin_group_runners, group)`
			`render_404`
			`end`
			`end`

			`def authorize_read_group_runners!`
			`unless can?(current_user, :read_group_runners, group)`
			`render_404`
			`end`
			`end`

New upstream version 13.1.2 2020-07-02 01:45:43 +05:30			`def authorize_create_deploy_token!`
			`unless can?(current_user, :create_deploy_token, group)`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`render_404`
New upstream version 13.1.2 2020-07-02 01:45:43 +05:30			`end`
			`end`

			`def authorize_destroy_deploy_token!`
			`unless can?(current_user, :destroy_deploy_token, group)`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`render_404`
New upstream version 13.1.2 2020-07-02 01:45:43 +05:30			`end`
			`end`

Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`def authorize_admin_group_member!`
			`unless can?(current_user, :admin_group_member, group)`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`render_403`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`end`
			`end`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 15.5.4+ds1 2022-11-25 23:54:43 +05:30			`def authorize_billings_page!`
			`render_404 unless can?(current_user, :read_billing, group)`
			`end`

New upstream version 14.9.5+ds1 2022-06-02 21:05:25 +05:30			`def authorize_read_group_member!`
			`unless can?(current_user, :read_group_member, group)`
			`render_403`
			`end`
			`end`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`def build_canonical_path(group)`
			`params[:group_id] = group.to_param`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30
New upstream version 10.7.6+dfsg 2018-06-27 16:04:02 +05:30			`url_for(safe_params)`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30
			`def set_sorting`
			`if has_project_list?`
			`@group_projects_sort = set_sort_order(Project::SORTING_PREFERENCE_FIELD, sort_value_name)`
			`end`
			`end`

			`def has_project_list?`
			`false`
			`end`
New upstream version 14.9.4+ds1 2022-05-07 20:08:51 +05:30
			`def validate_root_group!`
			`render_404 unless group.root?`
			`end`
New upstream version 15.7.8+ds1 2023-03-04 22:38:38 +05:30
			`def authorize_action!(action)`
			`access_denied! unless can?(current_user, action, group)`
			`end`

			`def respond_to_missing?(method, *args)`
			`case method.to_s`
			`when /\Aauthorize_(.*)!\z/`
			`true`
			`else`
			`super`
			`end`
			`end`

			`def method_missing(method_sym, *arguments, &block)`
			`case method_sym.to_s`
			`when /\Aauthorize_(.*)!\z/`
			`authorize_action!(Regexp.last_match(1).to_sym)`
			`else`
			`super`
			`end`
			`end`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`end`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
New upstream version 13.12.3+ds1 2021-06-08 01:23:25 +05:30			`Groups::ApplicationController.prepend_mod_with('Groups::ApplicationController')`