File: protected_ref.rb

package info (click to toggle)
gitlab 17.6.5-19
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 629,368 kB
  • sloc: ruby: 1,915,304; javascript: 557,307; sql: 60,639; xml: 6,509; sh: 4,567; makefile: 1,239; python: 406
file content (71 lines) | stat: -rw-r--r-- 2,261 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
# frozen_string_literal: true

module ProtectedRef
  extend ActiveSupport::Concern

  include Importable

  included do
    belongs_to :project, touch: true

    validates :name, presence: true

    delegate :matching, :matches?, :wildcard?, to: :ref_matcher

    scope :for_project, ->(project) { where(project: project) }
  end

  def commit
    project&.commit(name)
  end

  class_methods do
    def protected_ref_access_levels(*types)
      protected_ref = model_name.singular
      types.each do |type|
        access_levels_for_type = :"#{type}_access_levels"
        has_many access_levels_for_type, inverse_of: protected_ref
        accepts_nested_attributes_for access_levels_for_type, allow_destroy: true
      end
    end

    def protected_ref_accessible_to?(ref, user, project:, action:, protected_refs: nil)
      access_levels_for_ref(ref, action: action, protected_refs: protected_refs).any? do |access_level|
        access_level.check_access(user, project)
      end
    end

    def developers_can?(action, ref, protected_refs: nil)
      access_levels_for_ref(ref, action: action, protected_refs: protected_refs).any? do |access_level|
        access_level.access_level == Gitlab::Access::DEVELOPER
      end
    end

    def access_levels_for_ref(ref, action:, protected_refs: nil)
      matching(ref, protected_refs: protected_refs)
        .flat_map(&:"#{action}_access_levels")
    end

    # Returns all protected refs that match the given ref name.
    # This checks all records from the scope built up so far, and does
    # _not_ return a relation.
    #
    # This method optionally takes in a list of `protected_refs` to search
    # through, to avoid calling out to the database.
    def matching(ref_name, protected_refs: nil)
      (protected_refs || all).select { |protected_ref| protected_ref.matches?(ref_name) }
    end
  end

  private

  def ref_matcher
    @ref_matcher ||= RefMatcher.new(name)
  end
end

# Prepending a module into a concern doesn't work very well for class methods,
# since these are defined in a ClassMethods constant. As such, we prepend the
# module directly into ProtectedRef::ClassMethods, instead of prepending it into
# ProtectedRef.
ProtectedRef::ClassMethods.prepend_mod_with('ProtectedRef')