diff options
| author | Mayra Cabrera <mcabrera@gitlab.com> | 2018-04-05 20:22:34 +0300 |
|---|---|---|
| committer | Mayra Cabrera <mcabrera@gitlab.com> | 2018-04-07 05:20:16 +0300 |
| commit | 8315861c9a50675b4f4f4ca536f0da90f27994f3 (patch) | |
| tree | b5f25e5dbd74621ef77d480ba69f4f21d5c00d7d /app/models/deploy_token.rb | |
| parent | 72220a99d1cdbcf8a914f9e765c43e63eaee2548 (diff) | |
Include ProjectDeployTokens
Also:
- Changes scopes from serializer to use boolean columns
- Fixes broken specs
Diffstat (limited to 'app/models/deploy_token.rb')
| -rw-r--r-- | app/models/deploy_token.rb | 41 |
1 files changed, 28 insertions, 13 deletions
diff --git a/app/models/deploy_token.rb b/app/models/deploy_token.rb index c70d1457afb..6639cb17287 100644 --- a/app/models/deploy_token.rb +++ b/app/models/deploy_token.rb @@ -3,36 +3,51 @@ class DeployToken < ActiveRecord::Base include TokenAuthenticatable add_authentication_token_field :token - AVAILABLE_SCOPES = %w(read_repository read_registry).freeze + AVAILABLE_SCOPES = %i(read_repository read_registry).freeze - serialize :scopes, Array # rubocop:disable Cop/ActiveRecordSerialize - - validates :scopes, presence: true - validates :project, presence: true - - belongs_to :project + has_many :project_deploy_tokens, inverse_of: :deploy_token + has_many :projects, through: :project_deploy_tokens + validate :ensure_at_least_one_scope before_save :ensure_token + accepts_nested_attributes_for :project_deploy_tokens + scope :active, -> { where("revoked = false AND (expires_at >= NOW() OR expires_at IS NULL)") } + scope :read_repository, -> { where(read_repository: true) } + scope :read_registry, -> { where(read_registry: true) } - def revoke! - update!(revoked: true) + def self.redis_shared_state_key(user_id) + "gitlab:deploy_token:user_#{user_id}" end - def redis_shared_state_key(user_id) - "gitlab:deploy_token:#{project_id}:#{user_id}" + def revoke! + update!(revoked: true) end def active? !revoked end + def scopes + AVAILABLE_SCOPES.select { |token_scope| send("#{token_scope}") } # rubocop:disable GitlabSecurity/PublicSend + end + def username "gitlab+deploy-token-#{id}" end - def has_access_to?(project) - self.project == project + def has_access_to?(requested_project) + self.projects.first == requested_project + end + + def project + projects.first + end + + private + + def ensure_at_least_one_scope + errors.add(:base, "Scopes can't be blank") unless read_repository || read_registry end end |