blob: 665c41c825ebdf46f51d7f7631dbf7e42aaf7c98 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
module ProtectedRefAccess
extend ActiveSupport::Concern
ALLOWED_ACCESS_LEVELS = [
Gitlab::Access::MASTER,
Gitlab::Access::DEVELOPER,
Gitlab::Access::NO_ACCESS
].freeze
included do
scope :master, -> { where(access_level: Gitlab::Access::MASTER) }
scope :developer, -> { where(access_level: Gitlab::Access::DEVELOPER) }
validates :access_level, presence: true, if: :role?, inclusion: {
in: ALLOWED_ACCESS_LEVELS
}
end
def humanize
self.class.human_access_levels[self.access_level]
end
# CE access levels are always role-based,
# where as EE allows groups and users too
def role?
true
end
def check_access(user)
return true if user.admin?
project.team.max_member_access(user.id) >= access_level
end
end
|
