diff options
author | Mark Chao <mchao@gitlab.com> | 2018-07-11 14:36:08 +0000 |
---|---|---|
committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2018-07-11 14:36:08 +0000 |
commit | a63bce1a4b55bc6cbafb9dec12d33028521489e9 (patch) | |
tree | ee9466e6b06536a65d4e851f4096679c6f968d1e /app | |
parent | 1bf54e092783f7ad388225d32ab79ac1e845559c (diff) | |
download | gitlab-ce-a63bce1a4b55bc6cbafb9dec12d33028521489e9.tar.gz |
Resolve "Rename the `Master` role to `Maintainer`" Backend
Diffstat (limited to 'app')
-rw-r--r-- | app/models/concerns/protected_ref_access.rb | 7 | ||||
-rw-r--r-- | app/models/concerns/select_for_project_authorization.rb | 7 | ||||
-rw-r--r-- | app/models/group.rb | 14 | ||||
-rw-r--r-- | app/models/member.rb | 6 | ||||
-rw-r--r-- | app/models/members/project_member.rb | 6 | ||||
-rw-r--r-- | app/models/project.rb | 7 | ||||
-rw-r--r-- | app/models/project_group_link.rb | 3 | ||||
-rw-r--r-- | app/models/project_team.rb | 21 | ||||
-rw-r--r-- | app/models/user.rb | 22 | ||||
-rw-r--r-- | app/policies/clusters/cluster_policy.rb | 2 | ||||
-rw-r--r-- | app/policies/deploy_token_policy.rb | 4 | ||||
-rw-r--r-- | app/policies/group_policy.rb | 4 | ||||
-rw-r--r-- | app/policies/project_policy.rb | 8 | ||||
-rw-r--r-- | app/services/notification_service.rb | 10 | ||||
-rw-r--r-- | app/services/projects/create_service.rb | 2 | ||||
-rw-r--r-- | app/services/protected_branches/access_level_params.rb | 2 | ||||
-rw-r--r-- | app/services/protected_branches/legacy_api_create_service.rb | 4 | ||||
-rw-r--r-- | app/services/protected_branches/legacy_api_update_service.rb | 4 |
18 files changed, 80 insertions, 53 deletions
diff --git a/app/models/concerns/protected_ref_access.rb b/app/models/concerns/protected_ref_access.rb index e3a7f2d5498..71b0c3468b9 100644 --- a/app/models/concerns/protected_ref_access.rb +++ b/app/models/concerns/protected_ref_access.rb @@ -2,19 +2,20 @@ module ProtectedRefAccess extend ActiveSupport::Concern ALLOWED_ACCESS_LEVELS = [ - Gitlab::Access::MASTER, + Gitlab::Access::MAINTAINER, Gitlab::Access::DEVELOPER, Gitlab::Access::NO_ACCESS ].freeze HUMAN_ACCESS_LEVELS = { - Gitlab::Access::MASTER => "Maintainers".freeze, + Gitlab::Access::MAINTAINER => "Maintainers".freeze, Gitlab::Access::DEVELOPER => "Developers + Maintainers".freeze, Gitlab::Access::NO_ACCESS => "No one".freeze }.freeze included do - scope :master, -> { where(access_level: Gitlab::Access::MASTER) } + scope :master, -> { maintainer } # @deprecated + scope :maintainer, -> { where(access_level: Gitlab::Access::MAINTAINER) } scope :developer, -> { where(access_level: Gitlab::Access::DEVELOPER) } validates :access_level, presence: true, if: :role?, inclusion: { diff --git a/app/models/concerns/select_for_project_authorization.rb b/app/models/concerns/select_for_project_authorization.rb index 58194b0ea13..7af0fdbd618 100644 --- a/app/models/concerns/select_for_project_authorization.rb +++ b/app/models/concerns/select_for_project_authorization.rb @@ -6,8 +6,11 @@ module SelectForProjectAuthorization select("projects.id AS project_id, members.access_level") end - def select_as_master_for_project_authorization - select(["projects.id AS project_id", "#{Gitlab::Access::MASTER} AS access_level"]) + def select_as_maintainer_for_project_authorization + select(["projects.id AS project_id", "#{Gitlab::Access::MAINTAINER} AS access_level"]) end + + # @deprecated + alias_method :select_as_master_for_project_authorization, :select_as_maintainer_for_project_authorization end end diff --git a/app/models/group.rb b/app/models/group.rb index b0392774379..28677320e28 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -186,10 +186,13 @@ class Group < Namespace add_user(user, :developer, current_user: current_user) end - def add_master(user, current_user = nil) - add_user(user, :master, current_user: current_user) + def add_maintainer(user, current_user = nil) + add_user(user, :maintainer, current_user: current_user) end + # @deprecated + alias_method :add_master, :add_maintainer + def add_owner(user, current_user = nil) add_user(user, :owner, current_user: current_user) end @@ -206,12 +209,15 @@ class Group < Namespace members_with_parents.owners.where(user_id: user).any? end - def has_master?(user) + def has_maintainer?(user) return false unless user - members_with_parents.masters.where(user_id: user).any? + members_with_parents.maintainers.where(user_id: user).any? end + # @deprecated + alias_method :has_master?, :has_maintainer? + # Check if user is a last owner of the group. # Parent owners are ignored for nested groups. def last_owner?(user) diff --git a/app/models/member.rb b/app/models/member.rb index 68572f2e33a..00a13a279a9 100644 --- a/app/models/member.rb +++ b/app/models/member.rb @@ -69,9 +69,11 @@ class Member < ActiveRecord::Base scope :guests, -> { active.where(access_level: GUEST) } scope :reporters, -> { active.where(access_level: REPORTER) } scope :developers, -> { active.where(access_level: DEVELOPER) } - scope :masters, -> { active.where(access_level: MASTER) } + scope :maintainers, -> { active.where(access_level: MAINTAINER) } + scope :masters, -> { maintainers } # @deprecated scope :owners, -> { active.where(access_level: OWNER) } - scope :owners_and_masters, -> { active.where(access_level: [OWNER, MASTER]) } + scope :owners_and_maintainers, -> { active.where(access_level: [OWNER, MAINTAINER]) } + scope :owners_and_masters, -> { owners_and_maintainers } # @deprecated scope :order_name_asc, -> { left_join_users.reorder(Gitlab::Database.nulls_last_order('users.name', 'ASC')) } scope :order_name_desc, -> { left_join_users.reorder(Gitlab::Database.nulls_last_order('users.name', 'DESC')) } diff --git a/app/models/members/project_member.rb b/app/models/members/project_member.rb index 024106056b4..4f27d0aeaf8 100644 --- a/app/models/members/project_member.rb +++ b/app/models/members/project_member.rb @@ -17,19 +17,19 @@ class ProjectMember < Member # Add users to projects with passed access option # # access can be an integer representing a access code - # or symbol like :master representing role + # or symbol like :maintainer representing role # # Ex. # add_users_to_projects( # project_ids, # user_ids, - # ProjectMember::MASTER + # ProjectMember::MAINTAINER # ) # # add_users_to_projects( # project_ids, # user_ids, - # :master + # :maintainer # ) # def add_users_to_projects(project_ids, users, access_level, current_user: nil, expires_at: nil) diff --git a/app/models/project.rb b/app/models/project.rb index 770262f6193..1894de6ceed 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -269,7 +269,8 @@ class Project < ActiveRecord::Base delegate :name, to: :owner, allow_nil: true, prefix: true delegate :members, to: :team, prefix: true delegate :add_user, :add_users, to: :team - delegate :add_guest, :add_reporter, :add_developer, :add_master, :add_role, to: :team + delegate :add_guest, :add_reporter, :add_developer, :add_maintainer, :add_role, to: :team + delegate :add_master, to: :team # @deprecated delegate :group_runners_enabled, :group_runners_enabled=, :group_runners_enabled?, to: :ci_cd_settings # Validations @@ -1647,10 +1648,10 @@ class Project < ActiveRecord::Base params = { name: default_branch, push_access_levels_attributes: [{ - access_level: Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_PUSH ? Gitlab::Access::DEVELOPER : Gitlab::Access::MASTER + access_level: Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_PUSH ? Gitlab::Access::DEVELOPER : Gitlab::Access::MAINTAINER }], merge_access_levels_attributes: [{ - access_level: Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_MERGE ? Gitlab::Access::DEVELOPER : Gitlab::Access::MASTER + access_level: Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_MERGE ? Gitlab::Access::DEVELOPER : Gitlab::Access::MAINTAINER }] } diff --git a/app/models/project_group_link.rb b/app/models/project_group_link.rb index ac1e9ab2b0b..cf8fc41e870 100644 --- a/app/models/project_group_link.rb +++ b/app/models/project_group_link.rb @@ -4,7 +4,8 @@ class ProjectGroupLink < ActiveRecord::Base GUEST = 10 REPORTER = 20 DEVELOPER = 30 - MASTER = 40 + MAINTAINER = 40 + MASTER = MAINTAINER # @deprecated belongs_to :project belongs_to :group diff --git a/app/models/project_team.rb b/app/models/project_team.rb index 9a38806baab..c7d0f49d837 100644 --- a/app/models/project_team.rb +++ b/app/models/project_team.rb @@ -19,10 +19,13 @@ class ProjectTeam add_user(user, :developer, current_user: current_user) end - def add_master(user, current_user: nil) - add_user(user, :master, current_user: current_user) + def add_maintainer(user, current_user: nil) + add_user(user, :maintainer, current_user: current_user) end + # @deprecated + alias_method :add_master, :add_maintainer + def add_role(user, role, current_user: nil) public_send(:"add_#{role}", user, current_user: current_user) # rubocop:disable GitlabSecurity/PublicSend end @@ -81,10 +84,13 @@ class ProjectTeam @developers ||= fetch_members(Gitlab::Access::DEVELOPER) end - def masters - @masters ||= fetch_members(Gitlab::Access::MASTER) + def maintainers + @maintainers ||= fetch_members(Gitlab::Access::MAINTAINER) end + # @deprecated + alias_method :masters, :maintainers + def owners @owners ||= if group @@ -136,10 +142,13 @@ class ProjectTeam max_member_access(user.id) == Gitlab::Access::DEVELOPER end - def master?(user) - max_member_access(user.id) == Gitlab::Access::MASTER + def maintainer?(user) + max_member_access(user.id) == Gitlab::Access::MAINTAINER end + # @deprecated + alias_method :master?, :maintainer? + # Checks if `user` is authorized for this project, with at least the # `min_access_level` (if given). def member?(user, min_access_level = Gitlab::Access::GUEST) diff --git a/app/models/user.rb b/app/models/user.rb index 1c5d39db118..4987d01aac6 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -99,7 +99,8 @@ class User < ActiveRecord::Base has_many :group_members, -> { where(requested_at: nil) }, source: 'GroupMember' has_many :groups, through: :group_members has_many :owned_groups, -> { where(members: { access_level: Gitlab::Access::OWNER }) }, through: :group_members, source: :group - has_many :masters_groups, -> { where(members: { access_level: Gitlab::Access::MASTER }) }, through: :group_members, source: :group + has_many :maintainers_groups, -> { where(members: { access_level: Gitlab::Access::MAINTAINER }) }, through: :group_members, source: :group + alias_attribute :masters_groups, :maintainers_groups # Projects has_many :groups_projects, through: :groups, source: :projects @@ -728,7 +729,7 @@ class User < ActiveRecord::Base end def several_namespaces? - owned_groups.any? || masters_groups.any? + owned_groups.any? || maintainers_groups.any? end def namespace_id @@ -974,15 +975,15 @@ class User < ActiveRecord::Base end def manageable_groups - union_sql = Gitlab::SQL::Union.new([owned_groups.select(:id), masters_groups.select(:id)]).to_sql + union_sql = Gitlab::SQL::Union.new([owned_groups.select(:id), maintainers_groups.select(:id)]).to_sql # Update this line to not use raw SQL when migrated to Rails 5.2. # Either ActiveRecord or Arel constructions are fine. # This was replaced with the raw SQL construction because of bugs in the arel gem. # Bugs were fixed in arel 9.0.0 (Rails 5.2). - owned_and_master_groups = Group.where("namespaces.id IN (#{union_sql})") # rubocop:disable GitlabSecurity/SqlInjection + owned_and_maintainer_groups = Group.where("namespaces.id IN (#{union_sql})") # rubocop:disable GitlabSecurity/SqlInjection - Gitlab::GroupHierarchy.new(owned_and_master_groups).base_and_descendants + Gitlab::GroupHierarchy.new(owned_and_maintainer_groups).base_and_descendants end def namespaces @@ -1023,11 +1024,11 @@ class User < ActiveRecord::Base def ci_owned_runners @ci_owned_runners ||= begin project_runner_ids = Ci::RunnerProject - .where(project: authorized_projects(Gitlab::Access::MASTER)) + .where(project: authorized_projects(Gitlab::Access::MAINTAINER)) .select(:runner_id) group_runner_ids = Ci::RunnerNamespace - .where(namespace_id: owned_or_masters_groups.select(:id)) + .where(namespace_id: owned_or_maintainers_groups.select(:id)) .select(:runner_id) union = Gitlab::SQL::Union.new([project_runner_ids, group_runner_ids]) @@ -1236,11 +1237,14 @@ class User < ActiveRecord::Base !terms_accepted? end - def owned_or_masters_groups - union = Gitlab::SQL::Union.new([owned_groups, masters_groups]) + def owned_or_maintainers_groups + union = Gitlab::SQL::Union.new([owned_groups, maintainers_groups]) Group.from("(#{union.to_sql}) namespaces") end + # @deprecated + alias_method :owned_or_masters_groups, :owned_or_maintainers_groups + protected # override, from Devise::Validatable diff --git a/app/policies/clusters/cluster_policy.rb b/app/policies/clusters/cluster_policy.rb index 1f7c13072b9..b5b24491655 100644 --- a/app/policies/clusters/cluster_policy.rb +++ b/app/policies/clusters/cluster_policy.rb @@ -4,7 +4,7 @@ module Clusters delegate { cluster.project } - rule { can?(:master_access) }.policy do + rule { can?(:maintainer_access) }.policy do enable :update_cluster enable :admin_cluster end diff --git a/app/policies/deploy_token_policy.rb b/app/policies/deploy_token_policy.rb index 7aa9106e8b1..d1b459cfc90 100644 --- a/app/policies/deploy_token_policy.rb +++ b/app/policies/deploy_token_policy.rb @@ -1,10 +1,10 @@ class DeployTokenPolicy < BasePolicy with_options scope: :subject, score: 0 - condition(:master) { @subject.project.team.master?(@user) } + condition(:maintainer) { @subject.project.team.maintainer?(@user) } rule { anonymous }.prevent_all - rule { master }.policy do + rule { maintainer }.policy do enable :create_deploy_token enable :update_deploy_token end diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index ded9fe30eff..dc339b71ec7 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -11,7 +11,7 @@ class GroupPolicy < BasePolicy condition(:guest) { access_level >= GroupMember::GUEST } condition(:developer) { access_level >= GroupMember::DEVELOPER } condition(:owner) { access_level >= GroupMember::OWNER } - condition(:master) { access_level >= GroupMember::MASTER } + condition(:maintainer) { access_level >= GroupMember::MAINTAINER } condition(:reporter) { access_level >= GroupMember::REPORTER } condition(:nested_groups_supported, scope: :global) { Group.supports_nested_groups? } @@ -59,7 +59,7 @@ class GroupPolicy < BasePolicy enable :admin_issue end - rule { master }.policy do + rule { maintainer }.policy do enable :create_projects enable :admin_pipeline enable :admin_build diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index 199bcf92b21..bc49092633f 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -46,7 +46,7 @@ class ProjectPolicy < BasePolicy condition(:developer) { team_access_level >= Gitlab::Access::DEVELOPER } desc "User has maintainer access" - condition(:master) { team_access_level >= Gitlab::Access::MASTER } + condition(:maintainer) { team_access_level >= Gitlab::Access::MAINTAINER } desc "Project is public" condition(:public_project, scope: :subject, score: 0) { project.public? } @@ -123,14 +123,14 @@ class ProjectPolicy < BasePolicy rule { guest }.enable :guest_access rule { reporter }.enable :reporter_access rule { developer }.enable :developer_access - rule { master }.enable :master_access + rule { maintainer }.enable :maintainer_access rule { owner | admin }.enable :owner_access rule { can?(:owner_access) }.policy do enable :guest_access enable :reporter_access enable :developer_access - enable :master_access + enable :maintainer_access enable :change_namespace enable :change_visibility_level @@ -228,7 +228,7 @@ class ProjectPolicy < BasePolicy enable :create_deployment end - rule { can?(:master_access) }.policy do + rule { can?(:maintainer_access) }.policy do enable :push_to_delete_protected_branch enable :update_project_snippet enable :update_environment diff --git a/app/services/notification_service.rb b/app/services/notification_service.rb index 8c6221af788..d7be9a925b5 100644 --- a/app/services/notification_service.rb +++ b/app/services/notification_service.rb @@ -274,9 +274,9 @@ class NotificationService def new_access_request(member) return true unless member.notifiable?(:subscription) - recipients = member.source.members.active_without_invites_and_requests.owners_and_masters - if fallback_to_group_owners_masters?(recipients, member) - recipients = member.source.group.members.active_without_invites_and_requests.owners_and_masters + recipients = member.source.members.active_without_invites_and_requests.owners_and_maintainers + if fallback_to_group_owners_maintainers?(recipients, member) + recipients = member.source.group.members.active_without_invites_and_requests.owners_and_maintainers end recipients.each { |recipient| deliver_access_request_email(recipient, member) } @@ -519,7 +519,7 @@ class NotificationService return [] unless project - notifiable_users(project.team.masters, :watch, target: project) + notifiable_users(project.team.maintainers, :watch, target: project) end def notifiable?(*args) @@ -534,7 +534,7 @@ class NotificationService mailer.member_access_requested_email(member.real_source_type, member.id, recipient.user.notification_email).deliver_later end - def fallback_to_group_owners_masters?(recipients, member) + def fallback_to_group_owners_maintainers?(recipients, member) return false if recipients.present? member.source.respond_to?(:group) && member.source.group diff --git a/app/services/projects/create_service.rb b/app/services/projects/create_service.rb index 172497b8e67..85491089d8e 100644 --- a/app/services/projects/create_service.rb +++ b/app/services/projects/create_service.rb @@ -115,7 +115,7 @@ module Projects @project.group.refresh_members_authorized_projects(blocking: false) current_user.refresh_authorized_projects else - @project.add_master(@project.namespace.owner, current_user: current_user) + @project.add_maintainer(@project.namespace.owner, current_user: current_user) end end diff --git a/app/services/protected_branches/access_level_params.rb b/app/services/protected_branches/access_level_params.rb index 253ae8b0124..4658b0e850d 100644 --- a/app/services/protected_branches/access_level_params.rb +++ b/app/services/protected_branches/access_level_params.rb @@ -14,7 +14,7 @@ module ProtectedBranches private def params_with_default(params) - params[:"#{type}_access_level"] ||= Gitlab::Access::MASTER if use_default_access_level?(params) + params[:"#{type}_access_level"] ||= Gitlab::Access::MAINTAINER if use_default_access_level?(params) params end diff --git a/app/services/protected_branches/legacy_api_create_service.rb b/app/services/protected_branches/legacy_api_create_service.rb index e358fd0374e..bb7656489c5 100644 --- a/app/services/protected_branches/legacy_api_create_service.rb +++ b/app/services/protected_branches/legacy_api_create_service.rb @@ -9,14 +9,14 @@ module ProtectedBranches if params.delete(:developers_can_push) Gitlab::Access::DEVELOPER else - Gitlab::Access::MASTER + Gitlab::Access::MAINTAINER end merge_access_level = if params.delete(:developers_can_merge) Gitlab::Access::DEVELOPER else - Gitlab::Access::MASTER + Gitlab::Access::MAINTAINER end @params.merge!(push_access_levels_attributes: [{ access_level: push_access_level }], diff --git a/app/services/protected_branches/legacy_api_update_service.rb b/app/services/protected_branches/legacy_api_update_service.rb index 33176253ca2..1df38de0e4a 100644 --- a/app/services/protected_branches/legacy_api_update_service.rb +++ b/app/services/protected_branches/legacy_api_update_service.rb @@ -17,14 +17,14 @@ module ProtectedBranches when true params[:push_access_levels_attributes] = [{ access_level: Gitlab::Access::DEVELOPER }] when false - params[:push_access_levels_attributes] = [{ access_level: Gitlab::Access::MASTER }] + params[:push_access_levels_attributes] = [{ access_level: Gitlab::Access::MAINTAINER }] end case @developers_can_merge when true params[:merge_access_levels_attributes] = [{ access_level: Gitlab::Access::DEVELOPER }] when false - params[:merge_access_levels_attributes] = [{ access_level: Gitlab::Access::MASTER }] + params[:merge_access_levels_attributes] = [{ access_level: Gitlab::Access::MAINTAINER }] end service = ProtectedBranches::UpdateService.new(@project, @current_user, @params) |