diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-12-17 09:07:48 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-12-17 09:07:48 +0000 |
commit | 5bd24a54ef4ce3a38a860eb53b66d062c2382971 (patch) | |
tree | 5f5e65571dfcb2c62c27600ee7655dec4b44c923 /app/models | |
parent | 74673d04d25ffed35cbcf17cd42969bed0a4e705 (diff) | |
download | gitlab-ce-5bd24a54ef4ce3a38a860eb53b66d062c2382971.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/models')
-rw-r--r-- | app/models/ci/build.rb | 2 | ||||
-rw-r--r-- | app/models/issue.rb | 2 | ||||
-rw-r--r-- | app/models/key.rb | 4 | ||||
-rw-r--r-- | app/models/personal_access_token.rb | 3 | ||||
-rw-r--r-- | app/models/project.rb | 1 | ||||
-rw-r--r-- | app/models/project_feature.rb | 2 | ||||
-rw-r--r-- | app/models/user.rb | 4 |
7 files changed, 12 insertions, 6 deletions
diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb index b6c71f81a49..ba87369f30b 100644 --- a/app/models/ci/build.rb +++ b/app/models/ci/build.rb @@ -887,7 +887,7 @@ module Ci def each_report(report_types) job_artifacts_for_types(report_types).each do |report_artifact| report_artifact.each_blob do |blob| - yield report_artifact.file_type, blob + yield report_artifact.file_type, blob, report_artifact end end end diff --git a/app/models/issue.rb b/app/models/issue.rb index f16fd8e63ec..88df3baa809 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -242,7 +242,7 @@ class Issue < ApplicationRecord return false unless readable_by?(user) - user.full_private_access? || + user.can_read_all_resources? || ::Gitlab::ExternalAuthorization.access_allowed?( user, project.external_authorization_classification_label) end diff --git a/app/models/key.rb b/app/models/key.rb index f66aa4fb329..e549c59b58f 100644 --- a/app/models/key.rb +++ b/app/models/key.rb @@ -39,6 +39,10 @@ class Key < ApplicationRecord alias_attribute :fingerprint_md5, :fingerprint + scope :preload_users, -> { preload(:user) } + scope :for_user, -> (user) { where(user: user) } + scope :order_last_used_at_desc, -> { reorder(::Gitlab::Database.nulls_last_order('last_used_at', 'DESC')) } + def self.regular_keys where(type: ['Key', nil]) end diff --git a/app/models/personal_access_token.rb b/app/models/personal_access_token.rb index 9ccc90fb74d..af079f7ebc4 100644 --- a/app/models/personal_access_token.rb +++ b/app/models/personal_access_token.rb @@ -3,6 +3,7 @@ class PersonalAccessToken < ApplicationRecord include Expirable include TokenAuthenticatable + include Sortable add_authentication_token_field :token, digest: true @@ -20,6 +21,8 @@ class PersonalAccessToken < ApplicationRecord scope :inactive, -> { where("revoked = true OR expires_at < NOW()") } scope :with_impersonation, -> { where(impersonation: true) } scope :without_impersonation, -> { where(impersonation: false) } + scope :for_user, -> (user) { where(user: user) } + scope :preload_users, -> { preload(:user) } validates :scopes, presence: true validate :validate_scopes diff --git a/app/models/project.rb b/app/models/project.rb index 5ed47032dab..bc8757ea888 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -408,6 +408,7 @@ class Project < ApplicationRecord scope :for_milestones, ->(ids) { joins(:milestones).where('milestones.id' => ids).distinct } scope :with_push, -> { joins(:events).where('events.action = ?', Event::PUSHED) } scope :with_project_feature, -> { joins('LEFT JOIN project_features ON projects.id = project_features.project_id') } + scope :inc_routes, -> { includes(:route, namespace: :route) } scope :with_statistics, -> { includes(:statistics) } scope :with_service, ->(service) { joins(service).eager_load(service) } scope :with_shared_runners, -> { where(shared_runners_enabled: true) } diff --git a/app/models/project_feature.rb b/app/models/project_feature.rb index caa65d32c86..4973c7761c1 100644 --- a/app/models/project_feature.rb +++ b/app/models/project_feature.rb @@ -186,7 +186,7 @@ class ProjectFeature < ApplicationRecord def team_access?(user, feature) return unless user - return true if user.full_private_access? + return true if user.can_read_all_resources? project.team.member?(user, ProjectFeature.required_minimum_access_level(feature)) end diff --git a/app/models/user.rb b/app/models/user.rb index 441ad1e70be..18bf5ceaa0e 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1473,9 +1473,7 @@ class User < ApplicationRecord self.admin = (new_level == 'admin') end - # Does the user have access to all private groups & projects? - # Overridden in EE to also check auditor? - def full_private_access? + def can_read_all_resources? can?(:read_all_resources) end |