1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
# frozen_string_literal: true
module Namespaces
####################################################################
# PLEASE DO NOT OVERRIDE METHODS IN THIS CLASS!
#
# This class is a placeholder for STI. But we also want to ensure
# tests using `:namespace` factory are still testing the same functionality.
#
# Many legacy tests use `:namespace` which has a slight semantic
# mismatch as it always has been a User (personal) namespace.
#
# If you need to make a change here, please ping the
# Tenant Scale group so we can ensure that the
# changes do not break existing functionality.
#
# As Namespaces evolve we may be able to relax this restriction
# but for now, please check in with us <3
#
# For details, see the discussion in
# https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74152
####################################################################
class UserNamespace < Namespace
self.allow_legacy_sti_class = true
def self.sti_name
'User'
end
def owners
Array.wrap(owner)
end
def member?(user, min_access_level = Gitlab::Access::GUEST)
return false unless user
max_member_access_for_user(user) >= min_access_level
end
# Return the highest access level for a user
#
# A special case is handled here when the user is a GitLab admin
# which implies it has "OWNER" access everywhere, but should not
# officially appear as a member unless specifically added to it
#
# @param user [User]
# @param only_concrete_membership [Bool] whether require admin concrete membership status
def max_member_access_for_user(user, only_concrete_membership: false)
return Gitlab::Access::NO_ACCESS unless user
if !only_concrete_membership && (user.can_admin_all_resources? || user.can_admin_organization?(organization))
return Gitlab::Access::OWNER
end
owner == user ? Gitlab::Access::OWNER : Gitlab::Access::NO_ACCESS
end
def crm_group
nil
end
end
end
|
