Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
2ec1bf43
Commit
2ec1bf43
authored
Mar 12, 2021
by
Serena Fang
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add resource access token creation enabled to table
Add to namespace settings table
parent
c70a6991
Changes
10
Show whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
52 additions
and
10 deletions
+52
-10
app/controllers/groups_controller.rb
app/controllers/groups_controller.rb
+2
-1
app/models/group.rb
app/models/group.rb
+1
-0
app/policies/group_policy.rb
app/policies/group_policy.rb
+1
-1
app/policies/project_policy.rb
app/policies/project_policy.rb
+5
-1
db/migrate/20210312193532_add_resource_access_token_creation_allowed_to_namespace_settings.rb
...ce_access_token_creation_allowed_to_namespace_settings.rb
+19
-0
db/schema_migrations/20210312193532
db/schema_migrations/20210312193532
+1
-0
db/structure.sql
db/structure.sql
+1
-0
ee/app/policies/ee/group_policy.rb
ee/app/policies/ee/group_policy.rb
+3
-3
ee/app/policies/ee/project_policy.rb
ee/app/policies/ee/project_policy.rb
+7
-4
spec/support/shared_examples/policies/resource_access_token_shared_examples.rb
...xamples/policies/resource_access_token_shared_examples.rb
+12
-0
No files found.
app/controllers/groups_controller.rb
View file @
2ec1bf43
...
...
@@ -268,7 +268,8 @@ class GroupsController < Groups::ApplicationController
:subgroup_creation_level
,
:default_branch_protection
,
:default_branch_name
,
:allow_mfa_for_subgroups
:allow_mfa_for_subgroups
,
:resource_access_token_creation_allowed
]
end
...
...
app/models/group.rb
View file @
2ec1bf43
...
...
@@ -119,6 +119,7 @@ class Group < Namespace
end
delegate
:default_branch_name
,
to: :namespace_settings
delegate
:resource_access_token_creation_allowed
,
:resource_access_token_creation_allowed
=
,
:resource_access_token_creation_allowed?
,
to: :namespace_settings
class
<<
self
def
sort_by_attribute
(
method
)
...
...
app/policies/group_policy.rb
View file @
2ec1bf43
...
...
@@ -251,7 +251,7 @@ class GroupPolicy < BasePolicy
end
def
resource_access_token_available?
true
group
.
root_ancestor
.
resource_access_token_creation_allowed?
end
end
...
...
app/policies/project_policy.rb
View file @
2ec1bf43
...
...
@@ -731,7 +731,11 @@ class ProjectPolicy < BasePolicy
end
def
resource_access_token_available?
true
group
=
project
.
group
return
true
unless
group
# always enable for projects in personal namespaces
group
.
root_ancestor
.
resource_access_token_creation_allowed?
end
def
project
...
...
db/migrate/20210312193532_add_resource_access_token_creation_allowed_to_namespace_settings.rb
0 → 100644
View file @
2ec1bf43
# frozen_string_literal: true
class
AddResourceAccessTokenCreationAllowedToNamespaceSettings
<
ActiveRecord
::
Migration
[
6.0
]
include
Gitlab
::
Database
::
MigrationHelpers
DOWNTIME
=
false
disable_ddl_transaction!
def
up
with_lock_retries
do
add_column
:namespace_settings
,
:resource_access_token_creation_allowed
,
:boolean
,
default:
true
,
null:
false
end
end
def
down
with_lock_retries
do
remove_column
:namespace_settings
,
:resource_access_token_creation_allowed
end
end
end
db/schema_migrations/20210312193532
0 → 100644
View file @
2ec1bf43
93e92e8eca0765cb8e6e08ec90ce0143d9b31d13e4d61e1b9690dbaed5a1bb63
\ No newline at end of file
db/structure.sql
View file @
2ec1bf43
...
...
@@ -14661,6 +14661,7 @@ CREATE TABLE namespace_settings (
default_branch_name text,
repository_read_only boolean DEFAULT false NOT NULL,
delayed_project_removal boolean DEFAULT false NOT NULL,
resource_access_token_creation_allowed boolean DEFAULT true NOT NULL,
CONSTRAINT check_0ba93c78c7 CHECK ((char_length(default_branch_name) <= 255))
);
ee/app/policies/ee/group_policy.rb
View file @
2ec1bf43
...
...
@@ -393,10 +393,10 @@ module EE
# Available in Core for self-managed but only paid, non-trial for .com to prevent abuse
override
:resource_access_token_available?
def
resource_access_token_available?
return
true
unless
::
Gitlab
.
com?
value_from_super
=
super
return
value_from_super
unless
::
Gitlab
.
com?
::
Feature
.
enabled?
(
:resource_access_token_feature
,
group
,
default_enabled:
true
)
&&
group
.
feature_available_non_trial?
(
:resource_access_token
)
value_from_super
&&
group
.
feature_available_non_trial?
(
:resource_access_token
)
end
end
end
ee/app/policies/ee/project_policy.rb
View file @
2ec1bf43
...
...
@@ -425,12 +425,15 @@ module EE
# Available in Core for self-managed but only paid, non-trial for .com to prevent abuse
override
:resource_access_token_available?
def
resource_access_token_available?
return
true
unless
::
Gitlab
.
com?
value_from_super
=
super
group
=
project
.
namespace
return
value_from_super
unless
::
Gitlab
.
com?
::
Feature
.
enabled?
(
:resource_access_token_feature
,
group
,
default_enabled:
true
)
&&
group
.
feature_available_non_trial?
(
:resource_access_token
)
if
project
.
group
return
value_from_super
&&
project
.
group
.
feature_available_non_trial?
(
:resource_access_token
)
end
project
.
namespace
.
feature_available_non_trial?
(
:resource_access_token
)
end
end
end
spec/support/shared_examples/policies/resource_access_token_shared_examples.rb
View file @
2ec1bf43
...
...
@@ -17,6 +17,18 @@ RSpec.shared_examples 'Self-managed Core resource access tokens' do
it
{
is_expected
.
not_to
be_allowed
(
:create_resource_access_tokens
)
}
end
context
'when resource access tokens are not available'
do
let
(
:current_user
)
{
owner
}
let
(
:group
)
{
create
(
:group
)
}
let
(
:project
)
{
create
(
:project
,
group:
group
)
}
before
do
group
.
namespace_settings
.
update_column
(
:resource_access_token_creation_allowed
,
false
)
end
it
{
is_expected
.
not_to
be_allowed
(
:create_resource_access_tokens
)
}
end
end
context
'read resource access tokens'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment