protected_ref_access.rb 971 Bytes
Newer Older
1 2
module ProtectedRefAccess
  extend ActiveSupport::Concern
3

4 5 6 7 8 9
  ALLOWED_ACCESS_LEVELS = [
    Gitlab::Access::MASTER,
    Gitlab::Access::DEVELOPER,
    Gitlab::Access::NO_ACCESS
  ].freeze

10 11 12 13 14 15
  HUMAN_ACCESS_LEVELS = {
    Gitlab::Access::MASTER => "Masters".freeze,
    Gitlab::Access::DEVELOPER => "Developers + Masters".freeze,
    Gitlab::Access::NO_ACCESS => "No one".freeze
  }.freeze

16 17 18
  included do
    scope :master, -> { where(access_level: Gitlab::Access::MASTER) }
    scope :developer, -> { where(access_level: Gitlab::Access::DEVELOPER) }
19 20 21 22

    validates :access_level, presence: true, if: :role?, inclusion: {
      in: ALLOWED_ACCESS_LEVELS
    }
23
  end
24

25
  def humanize
26
    HUMAN_ACCESS_LEVELS[self.access_level]
27
  end
28

29 30 31 32 33 34
  # CE access levels are always role-based,
  # where as EE allows groups and users too
  def role?
    true
  end

35
  def check_access(user)
36
    return true if user.admin?
37

38 39 40
    project.team.max_member_access(user.id) >= access_level
  end
end