Revert "Merge branch 'if-57131-external_auth_to_ce' into 'master'"

This reverts merge request !26823

4 files changed, 0 insertions, 42 deletions

diff --git a/app/services/application_settings/update_service.rb b/app/services/application_settings/update_service.rb
index 7eeaf8aade1..9146eb96533 100644
--- a/app/services/application_settings/update_service.rb
+++ b/app/services/application_settings/update_service.rb
@@ -2,17 +2,9 @@
 
 module ApplicationSettings
   class UpdateService < ApplicationSettings::BaseService
-    include ValidatesClassificationLabel
-
     attr_reader :params, :application_setting
 
     def execute
-      validate_classification_label(application_setting, :external_authorization_service_default_label)
-
-      if application_setting.errors.any?
-        return false
-      end
-
       update_terms(@params.delete(:terms))
 
       if params.key?(:performance_bar_allowed_group_path)
diff --git a/app/services/concerns/validates_classification_label.rb b/app/services/concerns/validates_classification_label.rb
deleted file mode 100644
index ebcf5c24ff8..00000000000
--- a/app/services/concerns/validates_classification_label.rb
+++ /dev/null
@@ -1,27 +0,0 @@
-# frozen_string_literal: true
-
-module ValidatesClassificationLabel
-  def validate_classification_label(record, attribute_name)
-    return unless ::Gitlab::ExternalAuthorization.enabled?
-    return unless classification_label_change?(record, attribute_name)
-
-    new_label = params[attribute_name].presence
-    new_label ||= ::Gitlab::CurrentSettings.current_application_settings
-                    .external_authorization_service_default_label
-
-    unless ::Gitlab::ExternalAuthorization.access_allowed?(current_user, new_label)
-      reason = rejection_reason_for_label(new_label)
-      message = s_('ClassificationLabelUnavailable|is unavailable: %{reason}') % { reason: reason }
-      record.errors.add(attribute_name, message)
-    end
-  end
-
-  def rejection_reason_for_label(label)
-    reason_from_service = ::Gitlab::ExternalAuthorization.rejection_reason(current_user, label).presence
-    reason_from_service || _("Access to '%{classification_label}' not allowed") % { classification_label: label }
-  end
-
-  def classification_label_change?(record, attribute_name)
-    params.key?(attribute_name) || record.new_record?
-  end
-end
diff --git a/app/services/projects/create_service.rb b/app/services/projects/create_service.rb
index 3723c5ef7d7..d03137b63b2 100644
--- a/app/services/projects/create_service.rb
+++ b/app/services/projects/create_service.rb
@@ -2,8 +2,6 @@
 
 module Projects
   class CreateService < BaseService
-    include ValidatesClassificationLabel
-
     def initialize(user, params)
       @current_user, @params = user, params.dup
       @skip_wiki = @params.delete(:skip_wiki)
@@ -47,8 +45,6 @@ module Projects
       relations_block&.call(@project)
       yield(@project) if block_given?
 
-      validate_classification_label(@project, :external_authorization_classification_label)
-
       # If the block added errors, don't try to save the project
       return @project if @project.errors.any?
 
diff --git a/app/services/projects/update_service.rb b/app/services/projects/update_service.rb
index bc36bb8659d..6856009b395 100644
--- a/app/services/projects/update_service.rb
+++ b/app/services/projects/update_service.rb
@@ -3,7 +3,6 @@
 module Projects
   class UpdateService < BaseService
     include UpdateVisibilityLevel
-    include ValidatesClassificationLabel
 
     ValidationError = Class.new(StandardError)
 
@@ -15,8 +14,6 @@ module Projects
 
       yield if block_given?
 
-      validate_classification_label(project, :external_authorization_classification_label)
-
       # If the block added errors, don't try to save the project
       return update_failed! if project.errors.any?