debian-mirror-gitlab/app/models/ci/job_token/project_scope_link.rb

# frozen_string_literal: true

# The connection between a source project (which the job token scope's allowlist applies too)
# and a target project which is added to the scope's allowlist.

module Ci
  module JobToken
    class ProjectScopeLink < Ci::ApplicationRecord
      self.table_name = 'ci_job_token_project_scope_links'

      PROJECT_LINK_DIRECTIONAL_LIMIT = 100

      belongs_to :source_project, class_name: 'Project'
      # the project added to the scope's allowlist
      belongs_to :target_project, class_name: 'Project'
      belongs_to :added_by, class_name: 'User'

      scope :with_access_direction, ->(direction) { where(direction: direction) }
      scope :with_source, ->(project)   { where(source_project: project) }
      scope :with_target, ->(project)   { where(target_project: project) }

      validates :source_project, presence: true
      validates :target_project, presence: true
      validate :not_self_referential_link
      validate :source_project_under_link_limit, on: :create

      # When outbound the target project is allowed to be accessed by the source job token.
      # When inbound the source project is allowed to be accessed by the target job token.
      enum direction: {
        outbound: 0,
        inbound: 1
      }

      def self.for_source_and_target(source_project, target_project)
        self.find_by(source_project: source_project, target_project: target_project)
      end

      private

      def not_self_referential_link
        return unless source_project && target_project

        if source_project == target_project
          self.errors.add(:target_project, _("can't be the same as the source project"))
        end
      end

      def source_project_under_link_limit
        return unless source_project

        existing_links_count = self.class.with_source(source_project).with_access_direction(direction).count

        if existing_links_count >= PROJECT_LINK_DIRECTIONAL_LIMIT
          errors.add(:source_project, "exceeds the allowable number of project links in this direction")
        end
      end
    end
  end
end
New upstream version 14.0.10 2021-09-04 01:27:46 +05:30			`# frozen_string_literal: true`

New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30			`# The connection between a source project (which the job token scope's allowlist applies too)`
			`# and a target project which is added to the scope's allowlist.`
New upstream version 14.0.10 2021-09-04 01:27:46 +05:30
			`module Ci`
			`module JobToken`
New upstream version 14.4.2+ds1 2021-11-18 22:05:49 +05:30			`class ProjectScopeLink < Ci::ApplicationRecord`
New upstream version 14.0.10 2021-09-04 01:27:46 +05:30			`self.table_name = 'ci_job_token_project_scope_links'`

New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30			`PROJECT_LINK_DIRECTIONAL_LIMIT = 100`

New upstream version 14.0.10 2021-09-04 01:27:46 +05:30			`belongs_to :source_project, class_name: 'Project'`
New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30			`# the project added to the scope's allowlist`
New upstream version 14.0.10 2021-09-04 01:27:46 +05:30			`belongs_to :target_project, class_name: 'Project'`
			`belongs_to :added_by, class_name: 'User'`

New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30			`scope :with_access_direction, ->(direction) { where(direction: direction) }`
			`scope :with_source, ->(project) { where(source_project: project) }`
			`scope :with_target, ->(project) { where(target_project: project) }`
New upstream version 14.0.10 2021-09-04 01:27:46 +05:30
			`validates :source_project, presence: true`
			`validates :target_project, presence: true`
			`validate :not_self_referential_link`
New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30			`validate :source_project_under_link_limit, on: :create`
New upstream version 14.0.10 2021-09-04 01:27:46 +05:30
New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30			`# When outbound the target project is allowed to be accessed by the source job token.`
			`# When inbound the source project is allowed to be accessed by the target job token.`
New upstream version 15.5.4+ds1 2022-11-25 23:54:43 +05:30			`enum direction: {`
			`outbound: 0,`
			`inbound: 1`
			`}`

New upstream version 14.1.7+ds1 2021-09-30 23:02:18 +05:30			`def self.for_source_and_target(source_project, target_project)`
			`self.find_by(source_project: source_project, target_project: target_project)`
			`end`

New upstream version 14.0.10 2021-09-04 01:27:46 +05:30			`private`

			`def not_self_referential_link`
			`return unless source_project && target_project`

			`if source_project == target_project`
			`self.errors.add(:target_project, _("can't be the same as the source project"))`
			`end`
			`end`
New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30
			`def source_project_under_link_limit`
			`return unless source_project`

			`existing_links_count = self.class.with_source(source_project).with_access_direction(direction).count`

			`if existing_links_count >= PROJECT_LINK_DIRECTIONAL_LIMIT`
			`errors.add(:source_project, "exceeds the allowable number of project links in this direction")`
			`end`
			`end`
New upstream version 14.0.10 2021-09-04 01:27:46 +05:30			`end`
			`end`
			`end`