debian-mirror-gitlab/app/services/projects/protect_default_branch_service.rb
2023-04-23 21:23:45 +05:30

77 lines
2.1 KiB
Ruby

# frozen_string_literal: true
module Projects
# Service class that can be used to execute actions necessary after creating a
# default branch.
class ProtectDefaultBranchService
attr_reader :project, :default_branch_protection
# @param [Project] project
def initialize(project)
@project = project
@default_branch_protection = Gitlab::Access::BranchProtection
.new(project.namespace.default_branch_protection)
end
def execute
protect_default_branch if default_branch
end
def protect_default_branch
# Ensure HEAD points to the default branch in case it is not master
project.change_head(default_branch)
create_protected_branch if protect_branch? && !protected_branch_exists?
end
def create_protected_branch
params = {
name: default_branch,
push_access_levels_attributes: [{ access_level: push_access_level }],
merge_access_levels_attributes: [{ access_level: merge_access_level }]
}
# The creator of the project is always allowed to create protected
# branches, so we skip the authorization check in this service class.
ProtectedBranches::CreateService
.new(project, project.creator, params)
.execute(skip_authorization: true)
end
def protect_branch?
default_branch_protection.any? &&
!ProtectedBranch.protected?(project, default_branch)
end
def protected_branch_exists?
if Feature.enabled?(:group_protected_branches)
project.all_protected_branches.find_by_name(default_branch).present?
else
project.protected_branches.find_by_name(default_branch).present?
end
end
def default_branch
project.default_branch
end
def push_access_level
if default_branch_protection.developer_can_push?
Gitlab::Access::DEVELOPER
else
Gitlab::Access::MAINTAINER
end
end
def merge_access_level
if default_branch_protection.developer_can_merge?
Gitlab::Access::DEVELOPER
else
Gitlab::Access::MAINTAINER
end
end
end
end
Projects::ProtectDefaultBranchService.prepend_mod