diff options
| -rw-r--r-- | app/controllers/projects/settings/repository_controller.rb | 10 | ||||
| -rw-r--r-- | app/models/concerns/protected_branch_access.rb | 18 | ||||
| -rw-r--r-- | app/models/concerns/protected_ref_access.rb | 24 | ||||
| -rw-r--r-- | app/models/protected_tag/create_access_level.rb | 12 | ||||
| -rw-r--r-- | doc/api/protected_branches.md | 2 | ||||
| -rw-r--r-- | lib/api/protected_branches.rb | 4 | ||||
| -rw-r--r-- | spec/support/protected_tags/access_control_ce_shared_examples.rb | 2 | ||||
| -rw-r--r-- | spec/support/shared_examples/features/protected_branches_access_control_ce.rb | 4 |
8 files changed, 34 insertions, 42 deletions
diff --git a/app/controllers/projects/settings/repository_controller.rb b/app/controllers/projects/settings/repository_controller.rb index 44de8a49593..d06d18c498b 100644 --- a/app/controllers/projects/settings/repository_controller.rb +++ b/app/controllers/projects/settings/repository_controller.rb @@ -21,14 +21,14 @@ module Projects def access_levels_options { - create_access_levels: levels_for_dropdown(ProtectedTag::CreateAccessLevel), - push_access_levels: levels_for_dropdown(ProtectedBranch::PushAccessLevel), - merge_access_levels: levels_for_dropdown(ProtectedBranch::MergeAccessLevel) + create_access_levels: levels_for_dropdown, + push_access_levels: levels_for_dropdown, + merge_access_levels: levels_for_dropdown } end - def levels_for_dropdown(access_level_type) - roles = access_level_type.human_access_levels.map do |id, text| + def levels_for_dropdown + roles = ProtectedRefAccess::HUMAN_ACCESS_LEVELS.map do |id, text| { id: id, text: text, before_divider: true } end { roles: roles } diff --git a/app/models/concerns/protected_branch_access.rb b/app/models/concerns/protected_branch_access.rb index fde1cc44afa..e62f42e8e70 100644 --- a/app/models/concerns/protected_branch_access.rb +++ b/app/models/concerns/protected_branch_access.rb @@ -1,12 +1,6 @@ module ProtectedBranchAccess extend ActiveSupport::Concern - ALLOWED_ACCESS_LEVELS ||= [ - Gitlab::Access::MASTER, - Gitlab::Access::DEVELOPER, - Gitlab::Access::NO_ACCESS - ].freeze - included do include ProtectedRefAccess @@ -14,18 +8,6 @@ module ProtectedBranchAccess delegate :project, to: :protected_branch - validates :access_level, presence: true, inclusion: { - in: ALLOWED_ACCESS_LEVELS - } - - def self.human_access_levels - { - Gitlab::Access::MASTER => "Masters", - Gitlab::Access::DEVELOPER => "Developers + Masters", - Gitlab::Access::NO_ACCESS => "No one" - }.with_indifferent_access - end - def check_access(user) return false if access_level == Gitlab::Access::NO_ACCESS diff --git a/app/models/concerns/protected_ref_access.rb b/app/models/concerns/protected_ref_access.rb index c4f158e569a..80c9f7d4eb4 100644 --- a/app/models/concerns/protected_ref_access.rb +++ b/app/models/concerns/protected_ref_access.rb @@ -1,13 +1,35 @@ module ProtectedRefAccess extend ActiveSupport::Concern + ALLOWED_ACCESS_LEVELS = [ + Gitlab::Access::MASTER, + Gitlab::Access::DEVELOPER, + Gitlab::Access::NO_ACCESS + ].freeze + + HUMAN_ACCESS_LEVELS = { + Gitlab::Access::MASTER => "Masters".freeze, + Gitlab::Access::DEVELOPER => "Developers + Masters".freeze, + Gitlab::Access::NO_ACCESS => "No one".freeze + }.freeze + included do scope :master, -> { where(access_level: Gitlab::Access::MASTER) } scope :developer, -> { where(access_level: Gitlab::Access::DEVELOPER) } + + validates :access_level, presence: true, if: :role?, inclusion: { + in: ALLOWED_ACCESS_LEVELS + } end def humanize - self.class.human_access_levels[self.access_level] + HUMAN_ACCESS_LEVELS[self.access_level] + end + + # CE access levels are always role-based, + # where as EE allows groups and users too + def role? + true end def check_access(user) diff --git a/app/models/protected_tag/create_access_level.rb b/app/models/protected_tag/create_access_level.rb index c7e1319719d..6b6ab3d8279 100644 --- a/app/models/protected_tag/create_access_level.rb +++ b/app/models/protected_tag/create_access_level.rb @@ -1,18 +1,6 @@ class ProtectedTag::CreateAccessLevel < ActiveRecord::Base include ProtectedTagAccess - validates :access_level, presence: true, inclusion: { in: [Gitlab::Access::MASTER, - Gitlab::Access::DEVELOPER, - Gitlab::Access::NO_ACCESS] } - - def self.human_access_levels - { - Gitlab::Access::MASTER => "Masters", - Gitlab::Access::DEVELOPER => "Developers + Masters", - Gitlab::Access::NO_ACCESS => "No one" - }.with_indifferent_access - end - def check_access(user) return false if access_level == Gitlab::Access::NO_ACCESS diff --git a/doc/api/protected_branches.md b/doc/api/protected_branches.md index 10faa95d7e8..81fe854060a 100644 --- a/doc/api/protected_branches.md +++ b/doc/api/protected_branches.md @@ -4,7 +4,7 @@ **Valid access levels** -The access levels are defined in the `ProtectedBranchAccess::ALLOWED_ACCESS_LEVELS` constant. Currently, these levels are recognized: +The access levels are defined in the `ProtectedRefAccess::ALLOWED_ACCESS_LEVELS` constant. Currently, these levels are recognized: ``` 0 => No access 30 => Developer access diff --git a/lib/api/protected_branches.rb b/lib/api/protected_branches.rb index 15fcb9e8e27..b5021e8a712 100644 --- a/lib/api/protected_branches.rb +++ b/lib/api/protected_branches.rb @@ -40,10 +40,10 @@ module API params do requires :name, type: String, desc: 'The name of the protected branch' optional :push_access_level, type: Integer, default: Gitlab::Access::MASTER, - values: ProtectedBranchAccess::ALLOWED_ACCESS_LEVELS, + values: ProtectedRefAccess::ALLOWED_ACCESS_LEVELS, desc: 'Access levels allowed to push (defaults: `40`, master access level)' optional :merge_access_level, type: Integer, default: Gitlab::Access::MASTER, - values: ProtectedBranchAccess::ALLOWED_ACCESS_LEVELS, + values: ProtectedRefAccess::ALLOWED_ACCESS_LEVELS, desc: 'Access levels allowed to merge (defaults: `40`, master access level)' end post ':id/protected_branches' do diff --git a/spec/support/protected_tags/access_control_ce_shared_examples.rb b/spec/support/protected_tags/access_control_ce_shared_examples.rb index 2770cdcbefc..71eec9f3217 100644 --- a/spec/support/protected_tags/access_control_ce_shared_examples.rb +++ b/spec/support/protected_tags/access_control_ce_shared_examples.rb @@ -1,5 +1,5 @@ RSpec.shared_examples "protected tags > access control > CE" do - ProtectedTag::CreateAccessLevel.human_access_levels.each do |(access_type_id, access_type_name)| + ProtectedRefAccess::HUMAN_ACCESS_LEVELS.each do |(access_type_id, access_type_name)| it "allows creating protected tags that #{access_type_name} can create" do visit project_protected_tags_path(project) diff --git a/spec/support/shared_examples/features/protected_branches_access_control_ce.rb b/spec/support/shared_examples/features/protected_branches_access_control_ce.rb index 5fde91512da..17f319f49e9 100644 --- a/spec/support/shared_examples/features/protected_branches_access_control_ce.rb +++ b/spec/support/shared_examples/features/protected_branches_access_control_ce.rb @@ -1,5 +1,5 @@ shared_examples "protected branches > access control > CE" do - ProtectedBranch::PushAccessLevel.human_access_levels.each do |(access_type_id, access_type_name)| + ProtectedRefAccess::HUMAN_ACCESS_LEVELS.each do |(access_type_id, access_type_name)| it "allows creating protected branches that #{access_type_name} can push to" do visit project_protected_branches_path(project) @@ -44,7 +44,7 @@ shared_examples "protected branches > access control > CE" do end end - ProtectedBranch::MergeAccessLevel.human_access_levels.each do |(access_type_id, access_type_name)| + ProtectedRefAccess::HUMAN_ACCESS_LEVELS.each do |(access_type_id, access_type_name)| it "allows creating protected branches that #{access_type_name} can merge to" do visit project_protected_branches_path(project) |