debian-mirror-gitlab/app/models/protected_branch/push_access_level.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

45 lines
1.3 KiB
Ruby
Raw Normal View History

2018-11-20 20:47:30 +05:30
# frozen_string_literal: true
2019-07-07 11:18:12 +05:30
class ProtectedBranch::PushAccessLevel < ApplicationRecord
2016-09-13 17:45:13 +05:30
include ProtectedBranchAccess
2022-11-25 23:54:43 +05:30
# default value for the access_level column
GITLAB_DEFAULT_ACCESS_LEVEL = Gitlab::Access::MAINTAINER
2021-01-29 00:20:46 +05:30
belongs_to :deploy_key
validates :access_level, uniqueness: { scope: :protected_branch_id, if: :role?,
conditions: -> { where(user_id: nil, group_id: nil, deploy_key_id: nil) } }
validates :deploy_key_id, uniqueness: { scope: :protected_branch_id, allow_nil: true }
validate :validate_deploy_key_membership
def type
if self.deploy_key.present?
:deploy_key
else
super
end
end
2021-02-22 17:27:13 +05:30
def check_access(user)
2021-03-11 19:13:27 +05:30
if user && deploy_key.present?
2021-07-02 01:05:55 +05:30
return user.can?(:read_project, project) && enabled_deploy_key_for_user?(deploy_key, user)
2021-02-22 17:27:13 +05:30
end
super
end
2021-01-29 00:20:46 +05:30
private
def validate_deploy_key_membership
return unless deploy_key
unless project.deploy_keys_projects.where(deploy_key: deploy_key).exists?
self.errors.add(:deploy_key, 'is not enabled for this project')
end
end
2021-02-22 17:27:13 +05:30
def enabled_deploy_key_for_user?(deploy_key, user)
deploy_key.user_id == user.id && DeployKey.with_write_access_for_project(protected_branch.project, deploy_key: deploy_key).any?
end
2016-09-13 17:45:13 +05:30
end