2018-12-13 13:39:08 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
module Gitlab
|
|
|
|
module Ci
|
|
|
|
module Pipeline
|
|
|
|
module Chain
|
|
|
|
module Validate
|
|
|
|
class Abilities < Chain::Base
|
|
|
|
include Gitlab::Allowable
|
|
|
|
include Chain::Helpers
|
|
|
|
|
|
|
|
def perform!
|
|
|
|
unless project.builds_enabled?
|
|
|
|
return error('Pipelines are disabled!')
|
|
|
|
end
|
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
unless allowed_to_create_pipeline?
|
|
|
|
return error('Insufficient permissions to create a new pipeline')
|
2019-09-30 21:07:59 +05:30
|
|
|
end
|
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
unless allowed_to_write_ref?
|
2020-07-28 23:09:34 +05:30
|
|
|
error("Insufficient permissions for protected ref '#{command.ref}'")
|
2018-03-17 18:26:18 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def break?
|
|
|
|
@pipeline.errors.any?
|
|
|
|
end
|
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
private
|
2018-03-17 18:26:18 +05:30
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
def allowed_to_create_pipeline?
|
|
|
|
can?(current_user, :create_pipeline, project)
|
|
|
|
end
|
2018-03-17 18:26:18 +05:30
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
def allowed_to_write_ref?
|
2020-10-24 23:57:45 +05:30
|
|
|
access = Gitlab::UserAccess.new(current_user, container: project)
|
2018-03-17 18:26:18 +05:30
|
|
|
|
|
|
|
if @command.branch_exists?
|
|
|
|
access.can_update_branch?(@command.ref)
|
|
|
|
elsif @command.tag_exists?
|
|
|
|
access.can_create_tag?(@command.ref)
|
2019-07-07 11:18:12 +05:30
|
|
|
elsif @command.merge_request_ref_exists?
|
|
|
|
access.can_update_branch?(@command.merge_request.source_branch)
|
2018-03-17 18:26:18 +05:30
|
|
|
else
|
|
|
|
true # Allow it for now and we'll reject when we check ref existence
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2019-12-04 20:38:33 +05:30
|
|
|
|
|
|
|
Gitlab::Ci::Pipeline::Chain::Validate::Abilities.prepend_if_ee('EE::Gitlab::Ci::Pipeline::Chain::Validate::Abilities')
|