blob: 23b0e71d83601ef4998f1ee3834bfdf2222d5a41 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
# frozen_string_literal: true
module Packages
class GroupPackagesFinder
include ::Packages::FinderHelper
def initialize(current_user, group, params = { exclude_subgroups: false, exact_name: false, order_by: 'created_at', sort: 'asc' })
@current_user = current_user
@group = group
@params = params
end
def execute
return ::Packages::Package.none unless group
packages_for_group_projects
end
private
attr_reader :current_user, :group, :params
def packages_for_group_projects(installable_only: false)
packages = ::Packages::Package
.preload_pipelines
.including_project_route
.including_tags
.for_projects(group_projects_visible_to_current_user.select(:id))
.sort_by_attribute("#{params[:order_by]}_#{params[:sort]}")
packages = filter_with_version(packages)
packages = filter_by_package_type(packages)
packages = (params[:exact_name] ? filter_by_exact_package_name(packages) : filter_by_package_name(packages))
packages = filter_by_package_version(packages)
installable_only ? packages.installable : filter_by_status(packages)
end
def group_projects_visible_to_current_user
# according to project_policy.rb
# access to packages is ruled by:
# - project is public or the current user has access to it with at least the reporter level
# - the repository feature is available to the current_user
if current_user.is_a?(DeployToken)
current_user.accessible_projects
else
::Project
.in_namespace(groups)
.public_or_visible_to_user(current_user, Gitlab::Access::REPORTER)
.with_feature_available_for_user(:repository, current_user)
end
end
def groups
return [group] if exclude_subgroups?
group.self_and_descendants
end
def exclude_subgroups?
params[:exclude_subgroups]
end
end
end
|
