summaryrefslogtreecommitdiff
path: root/app/models
diff options
context:
space:
mode:
authorMark Chao <mchao@gitlab.com>2019-11-14 10:50:19 +0800
committerMark Chao <mchao@gitlab.com>2019-11-22 18:14:04 +0800
commit443db2868d899b9a41e85766d78d1c4203c4cb1f (patch)
tree2f981b48fe96fb9372da2f006ca3221d48f05a28 /app/models
parent0de1bfeac34a2f26f481e871210fe74d17f75375 (diff)
downloadgitlab-ce-443db2868d899b9a41e85766d78d1c4203c4cb1f.tar.gz
Internalize private project minimum access level
Some feature allows GUEST to access only if project is not private. This method returns access level when targeting private projects.
Diffstat (limited to 'app/models')
-rw-r--r--app/models/project.rb12
-rw-r--r--app/models/project_feature.rb13
2 files changed, 13 insertions, 12 deletions
diff --git a/app/models/project.rb b/app/models/project.rb
index f319c5b1d9f..7ae4e2a4cd7 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -517,13 +517,11 @@ class Project < ApplicationRecord
# This scope returns projects where user has access to both the project and the feature.
def self.filter_by_feature_visibility(feature, user)
- scope = with_feature_available_for_user(feature, user)
-
- if ProjectFeature.guest_allowed_on_private_project?(feature)
- scope.public_or_visible_to_user(user)
- else
- scope.public_or_visible_to_user(user, Gitlab::Access::REPORTER)
- end
+ with_feature_available_for_user(feature, user)
+ .public_or_visible_to_user(
+ user,
+ ProjectFeature.required_minimum_access_level_for_private_project(feature)
+ )
end
scope :active, -> { joins(:issues, :notes, :merge_requests).order('issues.created_at, notes.created_at, merge_requests.created_at DESC') }
diff --git a/app/models/project_feature.rb b/app/models/project_feature.rb
index 564e531c320..caa65d32c86 100644
--- a/app/models/project_feature.rb
+++ b/app/models/project_feature.rb
@@ -24,7 +24,7 @@ class ProjectFeature < ApplicationRecord
FEATURES = %i(issues merge_requests wiki snippets builds repository pages).freeze
PRIVATE_FEATURES_MIN_ACCESS_LEVEL = { merge_requests: Gitlab::Access::REPORTER }.freeze
- FEATURES_ALLOWED_BY_GUEST_ON_PRIVATE_PROJECT = %i(issues wiki).freeze
+ PRIVATE_FEATURES_MIN_ACCESS_LEVEL_FOR_PRIVATE_PROJECT = { repository: Gitlab::Access::REPORTER }.freeze
STRING_OPTIONS = HashWithIndifferentAccess.new({
'disabled' => DISABLED,
'private' => PRIVATE,
@@ -46,16 +46,19 @@ class ProjectFeature < ApplicationRecord
"#{table}.#{attribute}"
end
- def guest_allowed_on_private_project?(feature)
+ def required_minimum_access_level(feature)
feature = ensure_feature!(feature)
- FEATURES_ALLOWED_BY_GUEST_ON_PRIVATE_PROJECT.include?(feature)
+ PRIVATE_FEATURES_MIN_ACCESS_LEVEL.fetch(feature, Gitlab::Access::GUEST)
end
- def required_minimum_access_level(feature)
+ # Guest users can perform certain features on public and internal projects, but not private projects.
+ def required_minimum_access_level_for_private_project(feature)
feature = ensure_feature!(feature)
- PRIVATE_FEATURES_MIN_ACCESS_LEVEL.fetch(feature, Gitlab::Access::GUEST)
+ PRIVATE_FEATURES_MIN_ACCESS_LEVEL_FOR_PRIVATE_PROJECT.fetch(feature) do
+ required_minimum_access_level(feature)
+ end
end
def access_level_from_str(level)