Add visibility level to project repository

author: Felipe Artur <felipefac@gmail.com> 2016-09-16 22:15:39 +0300
committer: Felipe Artur <felipefac@gmail.com> 2016-10-17 23:12:18 +0300
commit: da07c2e4d3d382c05ec287ee60f639b870074fe7 (patch)
tree: f6ffa7fd29fe177d4d78c0e043a1fdcff5b6eba4 /app/models/project_feature.rb
parent: c49e152605ad1fe77bea6414c383cf70669ca110 (diff)
1 files changed, 17 insertions, 2 deletions
diff --git a/app/models/project_feature.rb b/app/models/project_feature.rb
index 530f7d5a30e..b37ce1d3cf6 100644
--- a/app/models/project_feature.rb
+++ b/app/models/project_feature.rb
@@ -13,23 +13,26 @@ class ProjectFeature < ActiveRecord::Base
   # Enabled:  enabled for everyone able to access the project
   #
 
-  # Permision levels
+  # Permission levels
   DISABLED = 0
   PRIVATE  = 10
   ENABLED  = 20
 
-  FEATURES = %i(issues merge_requests wiki snippets builds)
+  FEATURES = %i(issues merge_requests wiki snippets builds repository)
 
   # Default scopes force us to unscope here since a service may need to check
   # permissions for a project in pending_delete
   # http://stackoverflow.com/questions/1540645/how-to-disable-default-scope-for-a-belongs-to
   belongs_to :project, -> { unscope(where: :pending_delete) }
 
+  validate :repository_children_level
+
   default_value_for :builds_access_level,         value: ENABLED, allows_nil: false
   default_value_for :issues_access_level,         value: ENABLED, allows_nil: false
   default_value_for :merge_requests_access_level, value: ENABLED, allows_nil: false
   default_value_for :snippets_access_level,       value: ENABLED, allows_nil: false
   default_value_for :wiki_access_level,           value: ENABLED, allows_nil: false
+  default_value_for :repository_access_level,     value: ENABLED, allows_nil: false
 
   def feature_available?(feature, user)
     raise ArgumentError, 'invalid project feature' unless FEATURES.include?(feature)
@@ -57,6 +60,18 @@ class ProjectFeature < ActiveRecord::Base
 
   private
 
+  # Validates builds and merge requests access level
+  # which cannot be higher than repository access level
+  def repository_children_level
+    validator = lambda do |field|
+      level = public_send(field) || ProjectFeature::ENABLED
+      not_allowed = level > repository_access_level
+      self.errors.add(field, "cannot have higher visibility level than repository access level") if not_allowed
+    end
+
+    %i(merge_requests_access_level builds_access_level).each(&validator)
+  end
+
   def get_permission(user, level)
     case level
     when DISABLED
author	Felipe Artur <felipefac@gmail.com>	2016-09-16 22:15:39 +0300
committer	Felipe Artur <felipefac@gmail.com>	2016-10-17 23:12:18 +0300
commit	da07c2e4d3d382c05ec287ee60f639b870074fe7 (patch)
tree	f6ffa7fd29fe177d4d78c0e043a1fdcff5b6eba4 /app/models/project_feature.rb
parent	c49e152605ad1fe77bea6414c383cf70669ca110 (diff)