Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
65f3d506
Commit
65f3d506
authored
Apr 03, 2017
by
James Edwards-Jones
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Extract ProtectedRef Concern
parent
a7c71c7f
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
60 additions
and
78 deletions
+60
-78
app/models/concerns/protected_ref.rb
app/models/concerns/protected_ref.rb
+47
-0
app/models/project.rb
app/models/project.rb
+2
-2
app/models/protected_branch.rb
app/models/protected_branch.rb
+1
-30
app/models/protected_tag.rb
app/models/protected_tag.rb
+1
-30
lib/api/entities.rb
lib/api/entities.rb
+2
-2
lib/gitlab/user_access.rb
lib/gitlab/user_access.rb
+3
-8
spec/models/protected_branch_spec.rb
spec/models/protected_branch_spec.rb
+4
-4
spec/services/protected_tags/create_service_spec.rb
spec/services/protected_tags/create_service_spec.rb
+0
-2
No files found.
app/models/concerns/protected_ref.rb
0 → 100644
View file @
65f3d506
module
ProtectedRef
extend
ActiveSupport
::
Concern
included
do
belongs_to
:project
validates
:name
,
presence:
true
validates
:project
,
presence:
true
def
self
.
matching_refs_accesible_to
(
ref
,
user
,
action: :push
)
access_levels_for_ref
(
ref
,
action
).
any?
do
|
access_level
|
access_level
.
check_access
(
user
)
end
end
def
self
.
access_levels_for_ref
(
ref
,
action: :push
)
self
.
matching
(
ref
).
map
(
&
:"@
#{
action
}
_access_levels"
).
flatten
end
private
def
self
.
matching
(
ref_name
,
protected_refs:
nil
)
ProtectedRefMatcher
.
matching
(
self
,
ref_name
,
protected_refs:
protected_refs
)
end
end
def
commit
project
.
commit
(
self
.
name
)
end
def
matching
(
refs
)
ref_matcher
.
matching
(
refs
)
end
def
matches?
(
refs
)
ref_matcher
.
matches?
(
refs
)
end
def
wildcard?
ref_matcher
.
wildcard?
end
private
def
ref_matcher
@ref_matcher
||=
ProtectedRefMatcher
.
new
(
self
)
end
end
app/models/project.rb
View file @
65f3d506
...
@@ -898,14 +898,14 @@ class Project < ActiveRecord::Base
...
@@ -898,14 +898,14 @@ class Project < ActiveRecord::Base
return
true
if
empty_repo?
&&
default_branch_protected?
return
true
if
empty_repo?
&&
default_branch_protected?
@protected_branches
||=
self
.
protected_branches
.
to_a
@protected_branches
||=
self
.
protected_branches
.
to_a
ProtectedBranch
.
matching
(
branch_name
,
protected_
branche
s:
@protected_branches
).
present?
ProtectedBranch
.
matching
(
branch_name
,
protected_
ref
s:
@protected_branches
).
present?
end
end
#TODO: Move elsewhere
#TODO: Move elsewhere
def
protected_tag?
(
tag_name
)
def
protected_tag?
(
tag_name
)
#TODO: Check if memoization necessary, find way to have it work elsewhere
#TODO: Check if memoization necessary, find way to have it work elsewhere
@protected_tags
||=
self
.
protected_tags
.
to_a
@protected_tags
||=
self
.
protected_tags
.
to_a
ProtectedTag
.
matching
(
tag_name
,
protected_
tag
s:
@protected_tags
).
present?
ProtectedTag
.
matching
(
tag_name
,
protected_
ref
s:
@protected_tags
).
present?
end
end
def
user_can_push_to_empty_repo?
(
user
)
def
user_can_push_to_empty_repo?
(
user
)
...
...
app/models/protected_branch.rb
View file @
65f3d506
class
ProtectedBranch
<
ActiveRecord
::
Base
class
ProtectedBranch
<
ActiveRecord
::
Base
include
Gitlab
::
ShellAdapter
include
Gitlab
::
ShellAdapter
include
ProtectedRef
belongs_to
:project
validates
:name
,
presence:
true
validates
:project
,
presence:
true
has_many
:merge_access_levels
,
dependent: :destroy
has_many
:merge_access_levels
,
dependent: :destroy
has_many
:push_access_levels
,
dependent: :destroy
has_many
:push_access_levels
,
dependent: :destroy
...
@@ -13,30 +10,4 @@ class ProtectedBranch < ActiveRecord::Base
...
@@ -13,30 +10,4 @@ class ProtectedBranch < ActiveRecord::Base
accepts_nested_attributes_for
:push_access_levels
accepts_nested_attributes_for
:push_access_levels
accepts_nested_attributes_for
:merge_access_levels
accepts_nested_attributes_for
:merge_access_levels
def
commit
project
.
commit
(
self
.
name
)
end
def
self
.
matching
(
branch_name
,
protected_branches:
nil
)
ProtectedRefMatcher
.
matching
(
ProtectedBranch
,
branch_name
,
protected_refs:
protected_branches
)
end
def
matching
(
branches
)
ref_matcher
.
matching
(
branches
)
end
def
matches?
(
branch_name
)
ref_matcher
.
matches?
(
branch_name
)
end
def
wildcard?
ref_matcher
.
wildcard?
end
private
def
ref_matcher
@ref_matcher
||=
ProtectedRefMatcher
.
new
(
self
)
end
end
end
app/models/protected_tag.rb
View file @
65f3d506
class
ProtectedTag
<
ActiveRecord
::
Base
class
ProtectedTag
<
ActiveRecord
::
Base
include
Gitlab
::
ShellAdapter
include
Gitlab
::
ShellAdapter
include
ProtectedRef
belongs_to
:project
validates
:name
,
presence:
true
validates
:project
,
presence:
true
has_many
:push_access_levels
,
dependent: :destroy
has_many
:push_access_levels
,
dependent: :destroy
validates
:push_access_levels
,
length:
{
is:
1
,
message:
"are restricted to a single instance per protected tag."
}
validates
:push_access_levels
,
length:
{
is:
1
,
message:
"are restricted to a single instance per protected tag."
}
accepts_nested_attributes_for
:push_access_levels
accepts_nested_attributes_for
:push_access_levels
def
commit
project
.
commit
(
self
.
name
)
end
def
self
.
matching
(
tag_name
,
protected_tags:
nil
)
ProtectedRefMatcher
.
matching
(
ProtectedTag
,
tag_name
,
protected_refs:
protected_tags
)
end
def
matching
(
branches
)
ref_matcher
.
matching
(
branches
)
end
def
matches?
(
tag_name
)
ref_matcher
.
matches?
(
tag_name
)
end
def
wildcard?
ref_matcher
.
wildcard?
end
private
def
ref_matcher
@ref_matcher
||=
ProtectedRefMatcher
.
new
(
self
)
end
end
end
lib/api/entities.rb
View file @
65f3d506
...
@@ -189,13 +189,13 @@ module API
...
@@ -189,13 +189,13 @@ module API
expose
:developers_can_push
do
|
repo_branch
,
options
|
expose
:developers_can_push
do
|
repo_branch
,
options
|
project
=
options
[
:project
]
project
=
options
[
:project
]
access_levels
=
project
.
protected_branches
.
matching
(
repo_branch
.
name
).
map
(
&
:push_access_levels
).
flatten
access_levels
=
project
.
protected_branches
.
access_levels_for_ref
(
repo_branch
.
name
,
:push
)
access_levels
.
any?
{
|
access_level
|
access_level
.
access_level
==
Gitlab
::
Access
::
DEVELOPER
}
access_levels
.
any?
{
|
access_level
|
access_level
.
access_level
==
Gitlab
::
Access
::
DEVELOPER
}
end
end
expose
:developers_can_merge
do
|
repo_branch
,
options
|
expose
:developers_can_merge
do
|
repo_branch
,
options
|
project
=
options
[
:project
]
project
=
options
[
:project
]
access_levels
=
project
.
protected_branches
.
matching
(
repo_branch
.
name
).
map
(
&
:merge_access_levels
).
flatten
access_levels
=
project
.
protected_branches
.
access_levels_for_ref
(
repo_branch
.
name
,
:merge
)
access_levels
.
any?
{
|
access_level
|
access_level
.
access_level
==
Gitlab
::
Access
::
DEVELOPER
}
access_levels
.
any?
{
|
access_level
|
access_level
.
access_level
==
Gitlab
::
Access
::
DEVELOPER
}
end
end
end
end
...
...
lib/gitlab/user_access.rb
View file @
65f3d506
...
@@ -35,10 +35,7 @@ module Gitlab
...
@@ -35,10 +35,7 @@ module Gitlab
return
false
unless
can_access_git?
return
false
unless
can_access_git?
if
project
.
protected_tag?
(
ref
)
if
project
.
protected_tag?
(
ref
)
access_levels
=
project
.
protected_tags
.
matching
(
ref
).
map
(
&
:push_access_levels
).
flatten
project
.
protected_tags
.
matching_refs_accesible_to
(
ref
,
user
)
has_access
=
access_levels
.
any?
{
|
access_level
|
access_level
.
check_access
(
user
)
}
has_access
else
else
user
.
can?
(
:push_code
,
project
)
user
.
can?
(
:push_code
,
project
)
end
end
...
@@ -50,8 +47,7 @@ module Gitlab
...
@@ -50,8 +47,7 @@ module Gitlab
if
project
.
protected_branch?
(
ref
)
if
project
.
protected_branch?
(
ref
)
return
true
if
project
.
empty_repo?
&&
project
.
user_can_push_to_empty_repo?
(
user
)
return
true
if
project
.
empty_repo?
&&
project
.
user_can_push_to_empty_repo?
(
user
)
access_levels
=
project
.
protected_branches
.
matching
(
ref
).
map
(
&
:push_access_levels
).
flatten
has_access
=
project
.
protected_branches
.
matching_refs_accesible_to
(
ref
,
user
,
action: :push
)
has_access
=
access_levels
.
any?
{
|
access_level
|
access_level
.
check_access
(
user
)
}
has_access
||
!
project
.
repository
.
branch_exists?
(
ref
)
&&
can_merge_to_branch?
(
ref
)
has_access
||
!
project
.
repository
.
branch_exists?
(
ref
)
&&
can_merge_to_branch?
(
ref
)
else
else
...
@@ -63,8 +59,7 @@ module Gitlab
...
@@ -63,8 +59,7 @@ module Gitlab
return
false
unless
can_access_git?
return
false
unless
can_access_git?
if
project
.
protected_branch?
(
ref
)
if
project
.
protected_branch?
(
ref
)
access_levels
=
project
.
protected_branches
.
matching
(
ref
).
map
(
&
:merge_access_levels
).
flatten
project
.
protected_branches
.
matching_refs_accesible_to
(
ref
,
user
,
action: :merge
)
access_levels
.
any?
{
|
access_level
|
access_level
.
check_access
(
user
)
}
else
else
user
.
can?
(
:push_code
,
project
)
user
.
can?
(
:push_code
,
project
)
end
end
...
...
spec/models/protected_branch_spec.rb
View file @
65f3d506
...
@@ -113,8 +113,8 @@ describe ProtectedBranch, models: true do
...
@@ -113,8 +113,8 @@ describe ProtectedBranch, models: true do
staging
=
build
(
:protected_branch
,
name:
"staging"
)
staging
=
build
(
:protected_branch
,
name:
"staging"
)
expect
(
ProtectedBranch
.
matching
(
"production"
)).
to
be_empty
expect
(
ProtectedBranch
.
matching
(
"production"
)).
to
be_empty
expect
(
ProtectedBranch
.
matching
(
"production"
,
protected_
branche
s:
[
production
,
staging
])).
to
include
(
production
)
expect
(
ProtectedBranch
.
matching
(
"production"
,
protected_
ref
s:
[
production
,
staging
])).
to
include
(
production
)
expect
(
ProtectedBranch
.
matching
(
"production"
,
protected_
branche
s:
[
production
,
staging
])).
not_to
include
(
staging
)
expect
(
ProtectedBranch
.
matching
(
"production"
,
protected_
ref
s:
[
production
,
staging
])).
not_to
include
(
staging
)
end
end
end
end
...
@@ -132,8 +132,8 @@ describe ProtectedBranch, models: true do
...
@@ -132,8 +132,8 @@ describe ProtectedBranch, models: true do
staging
=
build
(
:protected_branch
,
name:
"staging/*"
)
staging
=
build
(
:protected_branch
,
name:
"staging/*"
)
expect
(
ProtectedBranch
.
matching
(
"production/some-branch"
)).
to
be_empty
expect
(
ProtectedBranch
.
matching
(
"production/some-branch"
)).
to
be_empty
expect
(
ProtectedBranch
.
matching
(
"production/some-branch"
,
protected_
branche
s:
[
production
,
staging
])).
to
include
(
production
)
expect
(
ProtectedBranch
.
matching
(
"production/some-branch"
,
protected_
ref
s:
[
production
,
staging
])).
to
include
(
production
)
expect
(
ProtectedBranch
.
matching
(
"production/some-branch"
,
protected_
branche
s:
[
production
,
staging
])).
not_to
include
(
staging
)
expect
(
ProtectedBranch
.
matching
(
"production/some-branch"
,
protected_
ref
s:
[
production
,
staging
])).
not_to
include
(
staging
)
end
end
end
end
end
end
...
...
spec/services/protected_tags/create_service_spec.rb
View file @
65f3d506
...
@@ -6,7 +6,6 @@ describe ProtectedTags::CreateService, services: true do
...
@@ -6,7 +6,6 @@ describe ProtectedTags::CreateService, services: true do
let
(
:params
)
do
let
(
:params
)
do
{
{
name:
'master'
,
name:
'master'
,
merge_access_levels_attributes:
[{
access_level:
Gitlab
::
Access
::
MASTER
}],
push_access_levels_attributes:
[{
access_level:
Gitlab
::
Access
::
MASTER
}]
push_access_levels_attributes:
[{
access_level:
Gitlab
::
Access
::
MASTER
}]
}
}
end
end
...
@@ -17,7 +16,6 @@ describe ProtectedTags::CreateService, services: true do
...
@@ -17,7 +16,6 @@ describe ProtectedTags::CreateService, services: true do
it
'creates a new protected tag'
do
it
'creates a new protected tag'
do
expect
{
service
.
execute
}.
to
change
(
ProtectedTag
,
:count
).
by
(
1
)
expect
{
service
.
execute
}.
to
change
(
ProtectedTag
,
:count
).
by
(
1
)
expect
(
project
.
protected_tags
.
last
.
push_access_levels
.
map
(
&
:access_level
)).
to
eq
([
Gitlab
::
Access
::
MASTER
])
expect
(
project
.
protected_tags
.
last
.
push_access_levels
.
map
(
&
:access_level
)).
to
eq
([
Gitlab
::
Access
::
MASTER
])
expect
(
project
.
protected_tags
.
last
.
merge_access_levels
.
map
(
&
:access_level
)).
to
eq
([
Gitlab
::
Access
::
MASTER
])
end
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment