File: validates_classification_label.rb

package info (click to toggle)
gitlab 17.6.5-19
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 629,368 kB
  • sloc: ruby: 1,915,304; javascript: 557,307; sql: 60,639; xml: 6,509; sh: 4,567; makefile: 1,239; python: 406
file content (27 lines) | stat: -rw-r--r-- 1,138 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
# frozen_string_literal: true

module ValidatesClassificationLabel
  def validate_classification_label(record, attribute_name)
    return unless ::Gitlab::ExternalAuthorization.enabled?
    return unless classification_label_change?(record, attribute_name)

    new_label = params[attribute_name].presence
    new_label ||= ::Gitlab::CurrentSettings.current_application_settings
                    .external_authorization_service_default_label

    unless ::Gitlab::ExternalAuthorization.access_allowed?(current_user, new_label)
      reason = rejection_reason_for_label(new_label)
      message = s_('ClassificationLabelUnavailable|is unavailable: %{reason}') % { reason: reason }
      record.errors.add(attribute_name, message)
    end
  end

  def rejection_reason_for_label(label)
    reason_from_service = ::Gitlab::ExternalAuthorization.rejection_reason(current_user, label).presence
    reason_from_service || (_("Access to '%{classification_label}' not allowed") % { classification_label: label })
  end

  def classification_label_change?(record, attribute_name)
    params.key?(attribute_name) || record.new_record?
  end
end