diff options
author | Timothy Andrew <mail@timothyandrew.net> | 2016-07-07 11:36:01 +0530 |
---|---|---|
committer | Timothy Andrew <mail@timothyandrew.net> | 2016-07-13 13:24:56 +0530 |
commit | ea9e8f4609f46f9c5713a8346f91dc19d310c2e1 (patch) | |
tree | 6406dec33726bdd99011c7c24920d8020b32027e /lib/gitlab/checks/change_access.rb | |
parent | 4d00ed21ebbc9fd4a1f1b13cbed9a0a9ad2a2a9e (diff) | |
download | gitlab-ce-ea9e8f4609f46f9c5713a8346f91dc19d310c2e1.tar.gz |
Move all "checks" under `GitLab::Checks`.
- https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4892#note_12892160
- This is more consistent.
Diffstat (limited to 'lib/gitlab/checks/change_access.rb')
-rw-r--r-- | lib/gitlab/checks/change_access.rb | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/lib/gitlab/checks/change_access.rb b/lib/gitlab/checks/change_access.rb new file mode 100644 index 00000000000..cb8f4f2cbdd --- /dev/null +++ b/lib/gitlab/checks/change_access.rb @@ -0,0 +1,94 @@ +module Gitlab + module Checks + class ChangeAccess + attr_reader :user_access, :project + + def initialize(change, user_access:, project:) + @oldrev, @newrev, @ref = change.split(' ') + @branch_name = branch_name(@ref) + @user_access = user_access + @project = project + end + + def exec + error = protected_branch_checks || tag_checks || push_checks + + if error + GitAccessStatus.new(false, error) + else + GitAccessStatus.new(true) + end + end + + protected + + def protected_branch_checks + return unless project.protected_branch?(@branch_name) + + if forced_push? && user_access.cannot_do_action?(:force_push_code_to_protected_branches) + return "You are not allowed to force push code to a protected branch on this project." + elsif Gitlab::Git.blank_ref?(@newrev) && user_access.cannot_do_action?(:remove_protected_branches) + return "You are not allowed to deleted protected branches from this project." + end + + if matching_merge_request? + if user_access.can_merge_to_branch?(@branch_name) || user_access.can_push_to_branch?(@branch_name) + return + else + "You are not allowed to merge code into protected branches on this project." + end + else + if user_access.can_push_to_branch?(@branch_name) + return + else + "You are not allowed to push code to protected branches on this project." + end + end + end + + def tag_checks + if (tag_ref = tag_name(@ref)) && protected_tag?(tag_ref) && user_access.cannot_do_action?(:admin_project) + "You are not allowed to change existing tags on this project." + end + end + + def push_checks + if user_access.cannot_do_action?(:push_code) + "You are not allowed to push code to this project." + end + end + + private + + def protected_tag?(tag_name) + project.repository.tag_exists?(tag_name) + end + + def forced_push? + Gitlab::Checks::ForcePush.force_push?(@project, @oldrev, @newrev) + end + + def matching_merge_request? + Checks::MatchingMergeRequest.new(@newrev, @branch_name, @project).match? + end + + def branch_name(ref) + ref = @ref.to_s + if Gitlab::Git.branch_ref?(ref) + Gitlab::Git.ref_name(ref) + else + nil + end + end + + def tag_name(ref) + ref = @ref.to_s + if Gitlab::Git.tag_ref?(ref) + Gitlab::Git.ref_name(ref) + else + nil + end + end + end + end +end |