Commit 323ed342 authored by Timothy Andrew's avatar Timothy Andrew

Extract a `ProtectedBranchAccessEe` module

- EE-specific protected branch access level code lives in this new module, while
  CE or CE/EE code lives in the existing `ProtectedBranchAccess` module. This
  allows us to make changes without introducing conflicts.

- The access level model classes first include `ProtectedBranchAccess`, followed
  by `ProtectedBranchAccessEe`, which preserves the inheritance chain:

  {Push,Merge}AccessLevel > ProtectedBranchAccessEe > ProtectedBranchAccess
parent 05610a23
...@@ -2,12 +2,6 @@ module ProtectedBranchAccess ...@@ -2,12 +2,6 @@ module ProtectedBranchAccess
extend ActiveSupport::Concern extend ActiveSupport::Concern
included do included do
validates_uniqueness_of :group_id, scope: :protected_branch, allow_nil: true
validates_uniqueness_of :user_id, scope: :protected_branch, allow_nil: true
validates_uniqueness_of :access_level,
scope: :protected_branch,
unless: Proc.new { |access_level| access_level.user_id? || access_level.group_id? },
conditions: -> { where(user_id: nil, group_id: nil) }
belongs_to :protected_branch belongs_to :protected_branch
delegate :project, to: :protected_branch delegate :project, to: :protected_branch
...@@ -15,21 +9,14 @@ module ProtectedBranchAccess ...@@ -15,21 +9,14 @@ module ProtectedBranchAccess
scope :developer, -> { where(access_level: Gitlab::Access::DEVELOPER) } scope :developer, -> { where(access_level: Gitlab::Access::DEVELOPER) }
end end
def type def humanize
if self.user.present? self.class.human_access_levels[self.access_level]
:user
elsif self.group.present?
:group
else
:role
end
end end
def humanize def check_access(user)
return self.user.name if self.user.present? return true if user.is_admin?
return self.group.name if self.group.present?
self.class.human_access_levels[self.access_level] project.team.max_member_access(user.id) >= access_level
end end
def check_access(user) def check_access(user)
......
# EE-specific code related to protected branch access levels.
#
# Note: Include `ProtectedBranchAccess` _before_ including this module, since
# a number of methods here override methods in `ProtectedBranchAccess`
module ProtectedBranchAccessEe
extend ActiveSupport::Concern
included do
belongs_to :user
belongs_to :group
validates_uniqueness_of :group_id, scope: :protected_branch, allow_nil: true
validates_uniqueness_of :user_id, scope: :protected_branch, allow_nil: true
validates_uniqueness_of :access_level,
scope: :protected_branch,
if: :role?,
conditions: -> { where(user_id: nil, group_id: nil) }
scope :by_user, -> (user) { where(user: user ) }
scope :by_group, -> (group) { where(group: group ) }
end
def type
if self.user.present?
:user
elsif self.group.present?
:group
else
:role
end
end
# Is this a role-based access level?
def role?
type == :role
end
def humanize
return self.user.name if self.user.present?
return self.group.name if self.group.present?
super
end
def check_access(user)
return true if user.is_admin?
return user.id == self.user_id if self.user.present?
return group.users.exists?(user.id) if self.group.present?
super
end
end
class ProtectedBranch::MergeAccessLevel < ActiveRecord::Base class ProtectedBranch::MergeAccessLevel < ActiveRecord::Base
include ProtectedBranchAccess include ProtectedBranchAccess
include ProtectedBranchAccessEe
belongs_to :user
belongs_to :group
validates :access_level, presence: true, inclusion: { in: [Gitlab::Access::MASTER, validates :access_level, presence: true, inclusion: { in: [Gitlab::Access::MASTER,
Gitlab::Access::DEVELOPER] } Gitlab::Access::DEVELOPER] }
scope :by_user, -> (user) { where(user: user ) }
scope :by_group, -> (group) { where(group: group ) }
def self.human_access_levels def self.human_access_levels
{ {
Gitlab::Access::MASTER => "Masters", Gitlab::Access::MASTER => "Masters",
Gitlab::Access::DEVELOPER => "Developers + Masters" Gitlab::Access::DEVELOPER => "Developers + Masters"
}.with_indifferent_access }.with_indifferent_access
end end
def check_access(user)
return true if user.is_admin?
return user.id == self.user_id if self.user.present?
return group.users.exists?(user.id) if self.group.present?
super
end
end end
class ProtectedBranch::PushAccessLevel < ActiveRecord::Base class ProtectedBranch::PushAccessLevel < ActiveRecord::Base
include ProtectedBranchAccess include ProtectedBranchAccess
include ProtectedBranchAccessEe
belongs_to :user
belongs_to :group
validates :access_level, presence: true, inclusion: { in: [Gitlab::Access::MASTER, validates :access_level, presence: true, inclusion: { in: [Gitlab::Access::MASTER,
Gitlab::Access::DEVELOPER, Gitlab::Access::DEVELOPER,
Gitlab::Access::NO_ACCESS] } Gitlab::Access::NO_ACCESS] }
scope :by_user, -> (user) { where(user: user ) }
scope :by_group, -> (group) { where(group: group ) }
def self.human_access_levels def self.human_access_levels
{ {
Gitlab::Access::MASTER => "Masters", Gitlab::Access::MASTER => "Masters",
...@@ -21,9 +16,6 @@ class ProtectedBranch::PushAccessLevel < ActiveRecord::Base ...@@ -21,9 +16,6 @@ class ProtectedBranch::PushAccessLevel < ActiveRecord::Base
def check_access(user) def check_access(user)
return false if access_level == Gitlab::Access::NO_ACCESS return false if access_level == Gitlab::Access::NO_ACCESS
return true if user.is_admin?
return user.id == self.user_id if self.user.present?
return group.users.exists?(user.id) if self.group.present?
super super
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment