BigW Consortium Gitlab

user_access.rb 1.72 KB
Newer Older
1
module Gitlab
2 3 4 5 6 7 8 9 10
  class UserAccess
    attr_reader :user, :project

    def initialize(user, project: nil)
      @user = user
      @project = project
    end

    def can_do_action?(action)
11 12
      return false if no_user_or_blocked?

13 14 15 16 17 18 19 20 21
      @permission_cache ||= {}
      @permission_cache[action] ||= user.can?(action, project)
    end

    def cannot_do_action?(action)
      !can_do_action?(action)
    end

    def allowed?
22
      return false if no_user_or_blocked?
23

Jacob Vosmaer committed
24 25
      if user.requires_ldap_check? && user.try_obtain_ldap_lease
        return false unless Gitlab::LDAP::Access.allowed?(user)
26 27 28 29
      end

      true
    end
30 31

    def can_push_to_branch?(ref)
32
      return false if no_user_or_blocked?
33

34
      if project.protected_branch?(ref)
35 36
        return true if project.empty_repo? && project.user_can_push_to_empty_repo?(user)

37
        access_levels = project.protected_branches.matching(ref).map(&:push_access_levels).flatten
38 39 40
        has_access = access_levels.any? { |access_level| access_level.check_access(user) }

        has_access || !project.repository.branch_exists?(ref) && can_merge_to_branch?(ref)
41 42 43 44 45 46
      else
        user.can?(:push_code, project)
      end
    end

    def can_merge_to_branch?(ref)
47
      return false if no_user_or_blocked?
48

49
      if project.protected_branch?(ref)
50
        access_levels = project.protected_branches.matching(ref).map(&:merge_access_levels).flatten
51
        access_levels.any? { |access_level| access_level.check_access(user) }
52 53 54 55 56 57
      else
        user.can?(:push_code, project)
      end
    end

    def can_read_project?
58
      return false if no_user_or_blocked?
59 60 61

      user.can?(:read_project, project)
    end
62 63 64 65 66 67

    private

    def no_user_or_blocked?
      user.nil? || user.blocked?
    end
68 69
  end
end