-
Notifications
You must be signed in to change notification settings - Fork 5.7k
/
access.rb
208 lines (176 loc) · 5.75 KB
/
access.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
# frozen_string_literal: true
# Gitlab::Access module
#
# Define allowed roles that can be used
# in GitLab code to determine authorization level
#
module Gitlab
module Access
AccessDeniedError = Class.new(StandardError)
NO_ACCESS = 0
MINIMAL_ACCESS = 5
GUEST = 10
REPORTER = 20
DEVELOPER = 30
MAINTAINER = 40
OWNER = 50
ADMIN = 60
# Branch protection settings
PROTECTION_NONE = 0
PROTECTION_DEV_CAN_PUSH = 1
PROTECTION_FULL = 2
PROTECTION_DEV_CAN_MERGE = 3
PROTECTION_DEV_CAN_INITIAL_PUSH = 4
# Default project creation level
NO_ONE_PROJECT_ACCESS = 0
MAINTAINER_PROJECT_ACCESS = 1
DEVELOPER_MAINTAINER_PROJECT_ACCESS = 2
# Default subgroup creation level
OWNER_SUBGROUP_ACCESS = 0
MAINTAINER_SUBGROUP_ACCESS = 1
class << self
delegate :values, to: :options
def all_values
options_with_owner.values
end
def options
{
"Guest" => GUEST,
"Reporter" => REPORTER,
"Developer" => DEVELOPER,
"Maintainer" => MAINTAINER
}
end
def options_with_owner
options.merge(
"Owner" => OWNER
)
end
def options_with_none
options_with_owner.merge(
"None" => NO_ACCESS
)
end
def sym_options
{
guest: GUEST,
reporter: REPORTER,
developer: DEVELOPER,
maintainer: MAINTAINER
}
end
def sym_options_with_owner
sym_options.merge(owner: OWNER)
end
def sym_options_with_admin
sym_options_with_owner.merge(admin: ADMIN)
end
def protection_options
[
{
label: s_('DefaultBranchProtection|Not protected'),
help_text: s_('DefaultBranchProtection|Both developers and maintainers can push new commits, force push, or delete the branch.'),
value: PROTECTION_NONE
},
{
label: s_('DefaultBranchProtection|Protected against pushes'),
help_text: s_('DefaultBranchProtection|Developers cannot push new commits, but are allowed to accept merge requests to the branch. Maintainers can push to the branch.'),
value: PROTECTION_DEV_CAN_MERGE
},
{
label: s_('DefaultBranchProtection|Partially protected'),
help_text: s_('DefaultBranchProtection|Both developers and maintainers can push new commits, but cannot force push.'),
value: PROTECTION_DEV_CAN_PUSH
},
{
label: s_('DefaultBranchProtection|Fully protected'),
help_text: s_('DefaultBranchProtection|Developers cannot push new commits, but maintainers can. No one can force push.'),
value: PROTECTION_FULL
},
{
label: s_('DefaultBranchProtection|Fully protected after initial push'),
help_text: s_('DefaultBranchProtection|Developers can push the initial commit to a repository, but none afterward. Maintainers can always push. No one can force push.'),
value: PROTECTION_DEV_CAN_INITIAL_PUSH
}
]
end
def global_protection_levels
[
{
label: s_('DefaultBranchProtection|Not protected'),
help_text: s_('DefaultBranchProtection|Both developers and maintainers can push new commits, force push, or delete the branch.'),
value: false
},
{
label: s_('DefaultBranchProtection|Protected'),
help_text: s_('DefaultBranchProtection|Once a repository is created this branch will be protected.'),
value: true
}
]
end
def protection_values
protection_options.map { |option| option[:value] }
end
def human_access(access, _member_role = nil)
options_with_owner.key(access)
end
def human_access_with_none(access)
options_with_none.key(access)
end
def project_creation_options
{
s_('ProjectCreationLevel|No one') => NO_ONE_PROJECT_ACCESS,
s_('ProjectCreationLevel|Maintainers') => MAINTAINER_PROJECT_ACCESS,
s_('ProjectCreationLevel|Developers + Maintainers') => DEVELOPER_MAINTAINER_PROJECT_ACCESS
}
end
def project_creation_string_options
{
'noone' => NO_ONE_PROJECT_ACCESS,
'maintainer' => MAINTAINER_PROJECT_ACCESS,
'developer' => DEVELOPER_MAINTAINER_PROJECT_ACCESS
}
end
def project_creation_values
project_creation_options.values
end
def project_creation_string_values
project_creation_string_options.keys
end
def project_creation_level_name(name)
project_creation_options.key(name)
end
def subgroup_creation_options
{
s_('SubgroupCreationlevel|Owners') => OWNER_SUBGROUP_ACCESS,
s_('SubgroupCreationlevel|Maintainers') => MAINTAINER_SUBGROUP_ACCESS
}
end
def subgroup_creation_string_options
{
'owner' => OWNER_SUBGROUP_ACCESS,
'maintainer' => MAINTAINER_SUBGROUP_ACCESS
}
end
def subgroup_creation_values
subgroup_creation_options.values
end
def subgroup_creation_string_values
subgroup_creation_string_options.keys
end
end
def human_access
Gitlab::Access.human_access(access_field)
end
def human_access_with_none
Gitlab::Access.human_access_with_none(access_field)
end
def human_access_labeled
"#{s_('Default role')}: #{human_access}"
end
def owner?
access_field == OWNER
end
end
end
Gitlab::Access.prepend_mod_with('Gitlab::Access')