Remove EE-specific code from ProtectedRefAccess

97f9659a · Sean McGivern · Lin Jen-Shin · ce4ff82e · 97f9659a · 97f9659a
Commit 97f9659a authored Aug 28, 2018 by Sean McGivern Committed by Lin Jen-Shin Sep 18, 2018
7 changed files
--- a/app/models/concerns/protected_branch_access.rb
+++ b/app/models/concerns/protected_branch_access.rb
@@ -4,8 +4,6 @@ module ProtectedBranchAccess
  extend ActiveSupport::Concern
  include ProtectedRefAccess

-  include EE::ProtectedRefAccess # Can't use prepend. It'll override wrongly
-
  included do
    belongs_to :protected_branch


--- a/app/models/concerns/protected_ref_access.rb
+++ b/app/models/concerns/protected_ref_access.rb
@@ -2,13 +2,8 @@

 module ProtectedRefAccess
  extend ActiveSupport::Concern
-
-  ALLOWED_ACCESS_LEVELS = [
-    Gitlab::Access::MAINTAINER,
-    Gitlab::Access::DEVELOPER,
-    Gitlab::Access::NO_ACCESS,
-    Gitlab::Access::ADMIN
-  ].freeze
+  include EE::ProtectedRefAccess::Scopes
+  prepend EE::ProtectedRefAccess

  HUMAN_ACCESS_LEVELS = {
    Gitlab::Access::MAINTAINER => "Maintainers".freeze,
@@ -16,6 +11,16 @@ module ProtectedRefAccess
    Gitlab::Access::NO_ACCESS => "No one".freeze
  }.freeze

+  class_methods do
+    def allowed_access_levels
+      [
+        Gitlab::Access::MAINTAINER,
+        Gitlab::Access::DEVELOPER,
+        Gitlab::Access::NO_ACCESS
+      ]
+    end
+  end
+
  included do
    scope :master, -> { maintainer } # @deprecated
    scope :maintainer, -> { where(access_level: Gitlab::Access::MAINTAINER) }
@@ -27,7 +32,7 @@ module ProtectedRefAccess
    scope :for_group, -> { where.not(group_id: nil) }

    validates :access_level, presence: true, if: :role?, inclusion: {
-      in: ALLOWED_ACCESS_LEVELS
+      in: self.allowed_access_levels
    }
  end


--- a/app/models/concerns/protected_tag_access.rb
+++ b/app/models/concerns/protected_tag_access.rb
@@ -4,8 +4,6 @@ module ProtectedTagAccess
  extend ActiveSupport::Concern
  include ProtectedRefAccess

-  include EE::ProtectedRefAccess # Can't use prepend. It'll override wrongly
-
  included do
    belongs_to :protected_tag


--- a/doc/api/protected_branches.md
+++ b/doc/api/protected_branches.md
@@ -4,7 +4,7 @@

 **Valid access levels**

-The access levels are defined in the `ProtectedRefAccess::ALLOWED_ACCESS_LEVELS` constant. Currently, these levels are recognized:
+The access levels are defined in the `ProtectedRefAccess.allowed_access_levels` method. Currently, these levels are recognized:
 ```
 0  => No access
 30 => Developer access

--- a/ee/app/models/concerns/ee/protected_ref_access.rb
+++ b/ee/app/models/concerns/ee/protected_ref_access.rb
@@ -10,18 +10,33 @@ module EE
    extend ActiveSupport::Concern
    extend ::Gitlab::Utils::Override

-    prepended do
-      belongs_to :user
-      belongs_to :group
+    module Scopes
+      extend ActiveSupport::Concern

-      protected_type = self.parent.model_name.singular
-      validates :group_id, uniqueness: { scope: protected_type, allow_nil: true }
-      validates :user_id, uniqueness: { scope: protected_type, allow_nil: true }
-      validates :access_level, uniqueness: { scope: protected_type, if: :role?,
-                                             conditions: -> { where(user_id: nil, group_id: nil) } }
-      validates :group, :user,
-               absence: true,
-               unless: :protected_refs_for_users_required_and_available
+      included do
+        belongs_to :user
+        belongs_to :group
+
+        protected_type = self.parent.model_name.singular
+        validates :group_id, uniqueness: { scope: protected_type, allow_nil: true }
+        validates :user_id, uniqueness: { scope: protected_type, allow_nil: true }
+        validates :access_level, uniqueness: { scope: protected_type, if: :role?,
+                                               conditions: -> { where(user_id: nil, group_id: nil) } }
+        validates :group, :user,
+                  absence: true,
+                  unless: :protected_refs_for_users_required_and_available
+      end
+    end
+
+    class_methods do
+      # We can't specify `override` here:
+      #   https://gitlab.com/gitlab-org/gitlab-ce/issues/50911
+      def allowed_access_levels
+        [
+          *super,
+          ::Gitlab::Access::ADMIN
+        ]
+      end
    end

    def type

--- a/lib/api/protected_branches.rb
+++ b/lib/api/protected_branches.rb
@@ -44,26 +44,26 @@ module API
      params do
        requires :name, type: String, desc: 'The name of the protected branch'
        optional :push_access_level, type: Integer,
-                                     values: ProtectedRefAccess::ALLOWED_ACCESS_LEVELS,
+                                     values: ProtectedBranch::PushAccessLevel.allowed_access_levels,
                                     desc: 'Access levels allowed to push (defaults: `40`, maintainer access level)'
        optional :merge_access_level, type: Integer,
-                                      values: ProtectedRefAccess::ALLOWED_ACCESS_LEVELS,
+                                      values: ProtectedBranch::MergeAccessLevel.allowed_access_levels,
                                      desc: 'Access levels allowed to merge (defaults: `40`, maintainer access level)'
        optional :unprotect_access_level, type: Integer,
-                                          values: ProtectedRefAccess::ALLOWED_ACCESS_LEVELS,
+                                          values: ProtectedBranch::UnprotectAccessLevel.allowed_access_levels,
                                          desc: 'Access levels allowed to unprotect (defaults: `40`, maintainer access level)'
        optional :allowed_to_push, type: Array, desc: 'An array of users/groups allowed to push' do
-          optional :access_level, type: Integer, values: ProtectedRefAccess::ALLOWED_ACCESS_LEVELS
+          optional :access_level, type: Integer, values: ProtectedBranch::PushAccessLevel.allowed_access_levels
          optional :user_id, type: Integer
          optional :group_id, type: Integer
        end
        optional :allowed_to_merge, type: Array, desc: 'An array of users/groups allowed to merge' do
-          optional :access_level, type: Integer, values: ProtectedRefAccess::ALLOWED_ACCESS_LEVELS
+          optional :access_level, type: Integer, values: ProtectedBranch::MergeAccessLevel.allowed_access_levels
          optional :user_id, type: Integer
          optional :group_id, type: Integer
        end
        optional :allowed_to_unprotect, type: Array, desc: 'An array of users/groups allowed to unprotect' do
-          optional :access_level, type: Integer, values: ProtectedRefAccess::ALLOWED_ACCESS_LEVELS
+          optional :access_level, type: Integer, values: ProtectedBranch::UnprotectAccessLevel.allowed_access_levels
          optional :user_id, type: Integer
          optional :group_id, type: Integer
        end

--- a/lib/api/protected_tags.rb
+++ b/lib/api/protected_tags.rb
@@ -47,7 +47,7 @@ module API
      params do
        requires :name, type: String, desc: 'The name of the protected tag'
        optional :create_access_level, type: Integer, default: Gitlab::Access::MAINTAINER,
-                                       values: ProtectedRefAccess::ALLOWED_ACCESS_LEVELS,
+                                       values: ProtectedTag::CreateAccessLevel.allowed_access_levels,
                                       desc: 'Access levels allowed to create (defaults: `40`, maintainer access level)'
      end
      post ':id/protected_tags' do