Commit 2ec1bf43 authored by Serena Fang's avatar Serena Fang

Add resource access token creation enabled to table

Add to namespace settings table
parent c70a6991
...@@ -268,7 +268,8 @@ class GroupsController < Groups::ApplicationController ...@@ -268,7 +268,8 @@ class GroupsController < Groups::ApplicationController
:subgroup_creation_level, :subgroup_creation_level,
:default_branch_protection, :default_branch_protection,
:default_branch_name, :default_branch_name,
:allow_mfa_for_subgroups :allow_mfa_for_subgroups,
:resource_access_token_creation_allowed
] ]
end end
......
...@@ -119,6 +119,7 @@ class Group < Namespace ...@@ -119,6 +119,7 @@ class Group < Namespace
end end
delegate :default_branch_name, to: :namespace_settings delegate :default_branch_name, to: :namespace_settings
delegate :resource_access_token_creation_allowed, :resource_access_token_creation_allowed=, :resource_access_token_creation_allowed?, to: :namespace_settings
class << self class << self
def sort_by_attribute(method) def sort_by_attribute(method)
......
...@@ -251,7 +251,7 @@ class GroupPolicy < BasePolicy ...@@ -251,7 +251,7 @@ class GroupPolicy < BasePolicy
end end
def resource_access_token_available? def resource_access_token_available?
true group.root_ancestor.resource_access_token_creation_allowed?
end end
end end
......
...@@ -731,7 +731,11 @@ class ProjectPolicy < BasePolicy ...@@ -731,7 +731,11 @@ class ProjectPolicy < BasePolicy
end end
def resource_access_token_available? def resource_access_token_available?
true group = project.group
return true unless group # always enable for projects in personal namespaces
group.root_ancestor.resource_access_token_creation_allowed?
end end
def project def project
......
# frozen_string_literal: true
class AddResourceAccessTokenCreationAllowedToNamespaceSettings < ActiveRecord::Migration[6.0]
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
disable_ddl_transaction!
def up
with_lock_retries do
add_column :namespace_settings, :resource_access_token_creation_allowed, :boolean, default: true, null: false
end
end
def down
with_lock_retries do
remove_column :namespace_settings, :resource_access_token_creation_allowed
end
end
end
93e92e8eca0765cb8e6e08ec90ce0143d9b31d13e4d61e1b9690dbaed5a1bb63
\ No newline at end of file
...@@ -14661,6 +14661,7 @@ CREATE TABLE namespace_settings ( ...@@ -14661,6 +14661,7 @@ CREATE TABLE namespace_settings (
default_branch_name text, default_branch_name text,
repository_read_only boolean DEFAULT false NOT NULL, repository_read_only boolean DEFAULT false NOT NULL,
delayed_project_removal boolean DEFAULT false NOT NULL, delayed_project_removal boolean DEFAULT false NOT NULL,
resource_access_token_creation_allowed boolean DEFAULT true NOT NULL,
CONSTRAINT check_0ba93c78c7 CHECK ((char_length(default_branch_name) <= 255)) CONSTRAINT check_0ba93c78c7 CHECK ((char_length(default_branch_name) <= 255))
); );
...@@ -393,10 +393,10 @@ module EE ...@@ -393,10 +393,10 @@ module EE
# Available in Core for self-managed but only paid, non-trial for .com to prevent abuse # Available in Core for self-managed but only paid, non-trial for .com to prevent abuse
override :resource_access_token_available? override :resource_access_token_available?
def resource_access_token_available? def resource_access_token_available?
return true unless ::Gitlab.com? value_from_super = super
return value_from_super unless ::Gitlab.com?
::Feature.enabled?(:resource_access_token_feature, group, default_enabled: true) && value_from_super && group.feature_available_non_trial?(:resource_access_token)
group.feature_available_non_trial?(:resource_access_token)
end end
end end
end end
...@@ -425,12 +425,15 @@ module EE ...@@ -425,12 +425,15 @@ module EE
# Available in Core for self-managed but only paid, non-trial for .com to prevent abuse # Available in Core for self-managed but only paid, non-trial for .com to prevent abuse
override :resource_access_token_available? override :resource_access_token_available?
def resource_access_token_available? def resource_access_token_available?
return true unless ::Gitlab.com? value_from_super = super
group = project.namespace return value_from_super unless ::Gitlab.com?
::Feature.enabled?(:resource_access_token_feature, group, default_enabled: true) && if project.group
group.feature_available_non_trial?(:resource_access_token) return value_from_super && project.group.feature_available_non_trial?(:resource_access_token)
end
project.namespace.feature_available_non_trial?(:resource_access_token)
end end
end end
end end
...@@ -17,6 +17,18 @@ RSpec.shared_examples 'Self-managed Core resource access tokens' do ...@@ -17,6 +17,18 @@ RSpec.shared_examples 'Self-managed Core resource access tokens' do
it { is_expected.not_to be_allowed(:create_resource_access_tokens) } it { is_expected.not_to be_allowed(:create_resource_access_tokens) }
end end
context 'when resource access tokens are not available' do
let(:current_user) { owner }
let(:group) { create(:group) }
let(:project) { create(:project, group: group) }
before do
group.namespace_settings.update_column(:resource_access_token_creation_allowed, false)
end
it { is_expected.not_to be_allowed(:create_resource_access_tokens) }
end
end end
context 'read resource access tokens' do context 'read resource access tokens' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment