blob: 23053975313a36b1a4f25676a07d28291e4e1281 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
# frozen_string_literal: true
module Ci
module JobTokenScope
module EditScopeValidations
ValidationError = Class.new(StandardError)
TARGET_PROJECT_UNAUTHORIZED_OR_UNFOUND = "The target_project that you are attempting to access does " \
"not exist or you don't have permission to perform this action"
def validate_edit!(source_project, target_project, current_user)
unless source_project.ci_job_token_scope_enabled?
raise ValidationError, "Job token scope is disabled for this project"
end
unless can?(current_user, :admin_project, source_project)
raise ValidationError, "Insufficient permissions to modify the job token scope"
end
unless can?(current_user, :read_project, target_project)
raise ValidationError, TARGET_PROJECT_UNAUTHORIZED_OR_UNFOUND
end
end
end
end
end
|