diff options
| author | Tuomo Ala-Vannesluoma <tuomoav@gmail.com> | 2018-10-05 13:41:11 +0000 |
|---|---|---|
| committer | Nick Thomas <nick@gitlab.com> | 2018-10-05 13:41:11 +0000 |
| commit | c84b60b1645950a30fdbc37c9065a200dc750d90 (patch) | |
| tree | 76d523f37481fa1422f63e96e2a1777d48060b9c /app/models/project_feature.rb | |
| parent | c972f2e459a6b45852a3d4e76566cdf772a6764a (diff) | |
| download | gitlab-ce-c84b60b1645950a30fdbc37c9065a200dc750d90.tar.gz | |
Make GitLab pages support access control
Diffstat (limited to 'app/models/project_feature.rb')
| -rw-r--r-- | app/models/project_feature.rb | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/app/models/project_feature.rb b/app/models/project_feature.rb index 754c2461d23..39f2b8fe0de 100644 --- a/app/models/project_feature.rb +++ b/app/models/project_feature.rb @@ -13,14 +13,16 @@ class ProjectFeature < ActiveRecord::Base # Disabled: not enabled for anyone # Private: enabled only for team members # Enabled: enabled for everyone able to access the project + # Public: enabled for everyone (only allowed for pages) # # Permission levels DISABLED = 0 PRIVATE = 10 ENABLED = 20 + PUBLIC = 30 - FEATURES = %i(issues merge_requests wiki snippets builds repository).freeze + FEATURES = %i(issues merge_requests wiki snippets builds repository pages).freeze class << self def access_level_attribute(feature) @@ -46,6 +48,7 @@ class ProjectFeature < ActiveRecord::Base validates :project, presence: true validate :repository_children_level + validate :allowed_access_levels default_value_for :builds_access_level, value: ENABLED, allows_nil: false default_value_for :issues_access_level, value: ENABLED, allows_nil: false @@ -81,6 +84,16 @@ class ProjectFeature < ActiveRecord::Base issues_access_level > DISABLED end + def pages_enabled? + pages_access_level > DISABLED + end + + def public_pages? + return true unless Gitlab.config.pages.access_control + + pages_access_level == PUBLIC || pages_access_level == ENABLED && project.public? + end + private # Validates builds and merge requests access level @@ -95,6 +108,17 @@ class ProjectFeature < ActiveRecord::Base %i(merge_requests_access_level builds_access_level).each(&validator) end + # Validates access level for other than pages cannot be PUBLIC + def allowed_access_levels + validator = lambda do |field| + level = public_send(field) || ProjectFeature::ENABLED # rubocop:disable GitlabSecurity/PublicSend + not_allowed = level > ProjectFeature::ENABLED + self.errors.add(field, "cannot have public visibility level") if not_allowed + end + + (FEATURES - %i(pages)).each {|f| validator.call("#{f}_access_level")} + end + def get_permission(user, level) case level when DISABLED @@ -103,6 +127,8 @@ class ProjectFeature < ActiveRecord::Base user && (project.team.member?(user) || user.full_private_access?) when ENABLED true + when PUBLIC + true else true end |