diff options
author | Mayra Cabrera <mcabrera@gitlab.com> | 2018-04-06 09:30:21 -0500 |
---|---|---|
committer | Mayra Cabrera <mcabrera@gitlab.com> | 2018-04-06 21:20:17 -0500 |
commit | 29913816309c6f6387b20c8702bcc8e90ef3a984 (patch) | |
tree | 6dbd8f3367d423a72c0d058d5e1a29296873c1f6 /app | |
parent | ca35c65b026e57307a13f25ebc11f11c978ed697 (diff) | |
download | gitlab-ce-29913816309c6f6387b20c8702bcc8e90ef3a984.tar.gz |
Addresses database comments
- Adds a default on expires_at datetime
- Modifies deploy tokens views to handle default expires at value
- Use datetime_with_timezone where possible
- Remove unused scopes
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/projects/settings/repository_controller.rb | 2 | ||||
-rw-r--r-- | app/helpers/deploy_tokens_helper.rb | 12 | ||||
-rw-r--r-- | app/models/deploy_token.rb | 10 | ||||
-rw-r--r-- | app/services/auth/container_registry_authentication_service.rb | 6 | ||||
-rw-r--r-- | app/services/deploy_tokens/create_service.rb | 17 | ||||
-rw-r--r-- | app/views/projects/deploy_tokens/_form.html.haml | 6 | ||||
-rw-r--r-- | app/views/projects/deploy_tokens/_table.html.haml | 2 |
7 files changed, 40 insertions, 15 deletions
diff --git a/app/controllers/projects/settings/repository_controller.rb b/app/controllers/projects/settings/repository_controller.rb index 5dfd3af1d55..d8592233302 100644 --- a/app/controllers/projects/settings/repository_controller.rb +++ b/app/controllers/projects/settings/repository_controller.rb @@ -11,7 +11,7 @@ module Projects @new_deploy_token = DeployTokens::CreateService.new(@project, current_user, deploy_token_params).execute if @new_deploy_token.persisted? - flash.now[:notice] = 'Your new project deploy token has been created.' + flash.now[:notice] = s_('DeployTokens|Your new project deploy token has been created.') end render_show diff --git a/app/helpers/deploy_tokens_helper.rb b/app/helpers/deploy_tokens_helper.rb index c791b4e68b3..8496cc2e4b2 100644 --- a/app/helpers/deploy_tokens_helper.rb +++ b/app/helpers/deploy_tokens_helper.rb @@ -5,8 +5,16 @@ module DeployTokensHelper Rails.env.test? end - def container_registry_enabled? + def container_registry_enabled?(project) Gitlab.config.registry.enabled && - can?(current_user, :read_container_image, @project) + can?(current_user, :read_container_image, project) + end + + def expires_at_value(expires_at) + expires_at unless expires_at >= DeployToken::FUTURE_DATE + end + + def show_expire_at?(token) + token.expires? && token.expires_at != DeployToken::FUTURE_DATE end end diff --git a/app/models/deploy_token.rb b/app/models/deploy_token.rb index 11add42b2c5..688540dd67f 100644 --- a/app/models/deploy_token.rb +++ b/app/models/deploy_token.rb @@ -4,6 +4,7 @@ class DeployToken < ActiveRecord::Base add_authentication_token_field :token AVAILABLE_SCOPES = %i(read_repository read_registry).freeze + FUTURE_DATE = Date.new(3000 - 01 - 01) has_many :project_deploy_tokens, inverse_of: :deploy_token has_many :projects, through: :project_deploy_tokens @@ -13,9 +14,7 @@ class DeployToken < ActiveRecord::Base accepts_nested_attributes_for :project_deploy_tokens - scope :active, -> { where("revoked = false AND (expires_at >= NOW() OR expires_at IS NULL)") } - scope :read_repository, -> { where(read_repository: true) } - scope :read_registry, -> { where(read_registry: true) } + scope :active, -> { where("revoked = false AND expires_at >= NOW()") } def revoke! update!(revoked: true) @@ -26,7 +25,7 @@ class DeployToken < ActiveRecord::Base end def scopes - AVAILABLE_SCOPES.select { |token_scope| send("#{token_scope}") } # rubocop:disable GitlabSecurity/PublicSend + AVAILABLE_SCOPES.select { |token_scope| read_attribute(token_scope) } end def username @@ -37,6 +36,9 @@ class DeployToken < ActiveRecord::Base project == requested_project end + # This is temporal. Currently we limit DeployToken + # to a single project, later we're going to extend + # that to be for multiple projects and namespaces. def project projects.first end diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb index 425ceb9c1a8..8f050072f74 100644 --- a/app/services/auth/container_registry_authentication_service.rb +++ b/app/services/auth/container_registry_authentication_service.rb @@ -124,8 +124,8 @@ module Auth end def can_user?(ability, project) - current_user.is_a?(User) && - can?(current_user, ability, project) + user = current_user.is_a?(User) ? current_user : nil + can?(user, ability, project) end def build_can_pull?(requested_project) @@ -143,7 +143,7 @@ module Auth def user_can_pull?(requested_project) has_authentication_ability?(:read_container_image) && - can?(current_user, :read_container_image, requested_project) + can_user?(:read_container_image, requested_project) end def deploy_token_can_pull?(requested_project) diff --git a/app/services/deploy_tokens/create_service.rb b/app/services/deploy_tokens/create_service.rb index a5d31dd9fa5..e623d94b444 100644 --- a/app/services/deploy_tokens/create_service.rb +++ b/app/services/deploy_tokens/create_service.rb @@ -1,7 +1,22 @@ module DeployTokens class CreateService < BaseService def execute - @project.deploy_tokens.build(params).tap(&:save) + @project.deploy_tokens.create(deploy_token_params) + end + + private + + def deploy_token_params + params[:expires_at] = expires_at_date + params + end + + def expires_at_date + params[:expires_at].present? ? default_expires_at : params[:expires_at] + end + + def default_expires_at + DeployToken::FUTURE_DATE end end end diff --git a/app/views/projects/deploy_tokens/_form.html.haml b/app/views/projects/deploy_tokens/_form.html.haml index a947013370d..4e1a796ade0 100644 --- a/app/views/projects/deploy_tokens/_form.html.haml +++ b/app/views/projects/deploy_tokens/_form.html.haml @@ -10,7 +10,7 @@ .form-group = f.label :expires_at, class: 'label-light' - = f.text_field :expires_at, class: 'datepicker form-control' + = f.text_field :expires_at, class: 'datepicker form-control', value: expires_at_value(token.expires_at) .form-group = f.label :scopes, class: 'label-light' @@ -18,8 +18,8 @@ = f.check_box :read_repository = label_tag ("deploy_token_read_repository"), 'read_repository' %span= s_('DeployTokens|Allows read-only access to the repository') - - - if container_registry_enabled? + + - if container_registry_enabled?(project) %fieldset = f.check_box :read_registry = label_tag ("deploy_token_read_registry"), 'read_registry' diff --git a/app/views/projects/deploy_tokens/_table.html.haml b/app/views/projects/deploy_tokens/_table.html.haml index 5013a9b250d..fe9bb1e724a 100644 --- a/app/views/projects/deploy_tokens/_table.html.haml +++ b/app/views/projects/deploy_tokens/_table.html.haml @@ -18,7 +18,7 @@ %td= token.username %td= token.created_at.to_date.to_s(:medium) %td - - if token.expires? + - if show_expire_at?(token) %span{ class: ('text-warning' if token.expires_soon?) } In #{distance_of_time_in_words_to_now(token.expires_at)} - else |