summaryrefslogtreecommitdiff
path: root/app/serializers/deploy_key_entity.rb
blob: 486189b84cab285920d7004733884158a6719d20 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# frozen_string_literal: true

class DeployKeyEntity < Grape::Entity
  expose :id
  expose :user_id
  expose :title
  expose :fingerprint
  expose :fingerprint_sha256
  expose :destroyed_when_orphaned?, as: :destroyed_when_orphaned
  expose :almost_orphaned?, as: :almost_orphaned
  expose :created_at
  expose :updated_at
  expose :deploy_keys_projects, using: DeployKeysProjectEntity do |deploy_key|
    deploy_key.deploy_keys_projects.select do |deploy_key_project|
      !deploy_key_project.project&.pending_delete? && (allowed_to_read_project?(deploy_key_project.project) || options[:user].admin?)
    end
  end
  expose :can_edit
  expose :user, as: :owner, using: ::API::Entities::UserBasic, if: -> (_, opts) { can_read_owner?(opts) }

  private

  def can_edit
    Ability.allowed?(options[:user], :update_deploy_key, object) ||
      Ability.allowed?(options[:user], :update_deploy_keys_project, object.deploy_keys_project_for(options[:project]))
  end

  def can_read_owner?(opts)
    opts[:with_owner] && Ability.allowed?(options[:user], :read_user, object.user)
  end

  def allowed_to_read_project?(project)
    if options[:readable_project_ids]
      options[:readable_project_ids].include?(project.id)
    else
      Ability.allowed?(options[:user], :read_project, project)
    end
  end
end