diff options
Diffstat (limited to 'app/models/project_feature.rb')
-rw-r--r-- | app/models/project_feature.rb | 51 |
1 files changed, 27 insertions, 24 deletions
diff --git a/app/models/project_feature.rb b/app/models/project_feature.rb index d74cb2506ba..39f2b8fe0de 100644 --- a/app/models/project_feature.rb +++ b/app/models/project_feature.rb @@ -13,15 +13,16 @@ class ProjectFeature < ActiveRecord::Base # Disabled: not enabled for anyone # Private: enabled only for team members # Enabled: enabled for everyone able to access the project + # Public: enabled for everyone (only allowed for pages) # # Permission levels DISABLED = 0 PRIVATE = 10 ENABLED = 20 + PUBLIC = 30 - FEATURES = %i(issues merge_requests wiki snippets builds repository).freeze - STATISTICS_ATTRIBUTE = 'wikis_count'.freeze + FEATURES = %i(issues merge_requests wiki snippets builds repository pages).freeze class << self def access_level_attribute(feature) @@ -47,6 +48,7 @@ class ProjectFeature < ActiveRecord::Base validates :project, presence: true validate :repository_children_level + validate :allowed_access_levels default_value_for :builds_access_level, value: ENABLED, allows_nil: false default_value_for :issues_access_level, value: ENABLED, allows_nil: false @@ -55,10 +57,10 @@ class ProjectFeature < ActiveRecord::Base default_value_for :wiki_access_level, value: ENABLED, allows_nil: false default_value_for :repository_access_level, value: ENABLED, allows_nil: false - after_create ->(model) { SiteStatistic.track(STATISTICS_ATTRIBUTE) if model.wiki_enabled? } - after_update :update_site_statistics - def feature_available?(feature, user) + # This feature might not be behind a feature flag at all, so default to true + return false unless ::Feature.enabled?(feature, user, default_enabled: true) + get_permission(user, access_level(feature)) end @@ -82,30 +84,18 @@ class ProjectFeature < ActiveRecord::Base issues_access_level > DISABLED end - # This is a workaround for the removal hooks not been triggered when removing a Project. - # - # ProjectFeature is removed using database cascade index rule. - # This method is called by Project model when deletion starts. - def untrack_statistics_for_deletion! - return unless wiki_enabled? - - SiteStatistic.untrack(STATISTICS_ATTRIBUTE) + def pages_enabled? + pages_access_level > DISABLED end - private - - def update_site_statistics - return unless wiki_access_level_changed? + def public_pages? + return true unless Gitlab.config.pages.access_control - if self.wiki_access_level_was == DISABLED - # possible new states are PRIVATE / ENABLED, both should be tracked - SiteStatistic.track(STATISTICS_ATTRIBUTE) - elsif self.wiki_access_level == DISABLED - # old state was either PRIVATE / ENABLED, only untrack if new state is DISABLED - SiteStatistic.untrack(STATISTICS_ATTRIBUTE) - end + pages_access_level == PUBLIC || pages_access_level == ENABLED && project.public? end + private + # Validates builds and merge requests access level # which cannot be higher than repository access level def repository_children_level @@ -118,6 +108,17 @@ class ProjectFeature < ActiveRecord::Base %i(merge_requests_access_level builds_access_level).each(&validator) end + # Validates access level for other than pages cannot be PUBLIC + def allowed_access_levels + validator = lambda do |field| + level = public_send(field) || ProjectFeature::ENABLED # rubocop:disable GitlabSecurity/PublicSend + not_allowed = level > ProjectFeature::ENABLED + self.errors.add(field, "cannot have public visibility level") if not_allowed + end + + (FEATURES - %i(pages)).each {|f| validator.call("#{f}_access_level")} + end + def get_permission(user, level) case level when DISABLED @@ -126,6 +127,8 @@ class ProjectFeature < ActiveRecord::Base user && (project.team.member?(user) || user.full_private_access?) when ENABLED true + when PUBLIC + true else true end |