debian-mirror-gitlab/app/models/deploy_key.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

83 lines
2.4 KiB
Ruby
Raw Normal View History

2018-11-18 11:00:15 +05:30
# frozen_string_literal: true
2014-09-02 18:07:02 +05:30
class DeployKey < Key
2019-10-12 21:52:04 +05:30
include FromUnion
2020-01-01 13:55:28 +05:30
include IgnorableColumns
2021-09-04 01:27:46 +05:30
include PolicyActor
2022-11-25 23:54:43 +05:30
include Presentable
2018-03-17 18:26:18 +05:30
has_many :deploy_keys_projects, inverse_of: :deploy_key, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
2014-09-02 18:07:02 +05:30
has_many :projects, through: :deploy_keys_projects
2021-12-11 22:18:48 +05:30
2023-04-23 21:23:45 +05:30
has_many :deploy_keys_projects_with_write_access, -> { with_write_access }, class_name: "DeployKeysProject", inverse_of: :deploy_key
2021-12-11 22:18:48 +05:30
has_many :projects_with_write_access, -> { includes(:route) }, class_name: 'Project', through: :deploy_keys_projects_with_write_access, source: :project
2023-04-23 21:23:45 +05:30
has_many :protected_branch_push_access_levels, class_name: '::ProtectedBranch::PushAccessLevel', inverse_of: :deploy_key
has_many :protected_tag_create_access_levels, class_name: '::ProtectedTag::CreateAccessLevel', inverse_of: :deploy_key
2014-09-02 18:07:02 +05:30
2021-01-29 00:20:46 +05:30
scope :in_projects, ->(projects) { joins(:deploy_keys_projects).where(deploy_keys_projects: { project_id: projects }) }
scope :with_write_access, -> { joins(:deploy_keys_projects).merge(DeployKeysProject.with_write_access) }
scope :are_public, -> { where(public: true) }
2020-01-01 13:55:28 +05:30
scope :with_projects, -> { includes(deploy_keys_projects: { project: [:route, namespace: :route] }) }
2021-12-11 22:18:48 +05:30
scope :including_projects_with_write_access, -> { includes(:projects_with_write_access) }
2015-04-26 12:48:37 +05:30
2023-03-17 16:20:25 +05:30
accepts_nested_attributes_for :deploy_keys_projects, reject_if: :reject_deploy_keys_projects?
2018-03-17 18:26:18 +05:30
2015-04-26 12:48:37 +05:30
def private?
!public?
end
def orphaned?
2018-12-05 23:21:45 +05:30
self.deploy_keys_projects.empty?
2015-04-26 12:48:37 +05:30
end
def almost_orphaned?
2020-01-01 13:55:28 +05:30
self.deploy_keys_projects.size == 1
2015-04-26 12:48:37 +05:30
end
def destroyed_when_orphaned?
self.private?
end
2017-08-17 22:00:37 +05:30
2018-05-09 12:01:36 +05:30
def user
super || User.ghost
end
2022-08-27 11:52:29 +05:30
def audit_details
title
end
2017-08-17 22:00:37 +05:30
def has_access_to?(project)
2018-03-17 18:26:18 +05:30
deploy_keys_project_for(project).present?
2017-08-17 22:00:37 +05:30
end
def can_push_to?(project)
2018-03-17 18:26:18 +05:30
!!deploy_keys_project_for(project)&.can_push?
2017-08-17 22:00:37 +05:30
end
2018-03-17 18:26:18 +05:30
def deploy_keys_project_for(project)
2020-01-01 13:55:28 +05:30
if association(:deploy_keys_projects).loaded?
deploy_keys_projects.find { |dkp| dkp.project_id.eql?(project&.id) }
else
deploy_keys_projects.find_by(project: project)
end
2018-03-17 18:26:18 +05:30
end
2017-08-17 22:00:37 +05:30
2021-01-29 00:20:46 +05:30
def self.with_write_access_for_project(project, deploy_key: nil)
query = in_projects(project).with_write_access
query = query.where(id: deploy_key) if deploy_key
query
end
2022-08-27 11:52:29 +05:30
# This is used for the internal logic of AuditEvents::BuildService.
def impersonated?
false
end
2023-03-17 16:20:25 +05:30
private
def reject_deploy_keys_projects?
!self.valid?
end
2014-09-02 18:07:02 +05:30
end