diff options
| author | Imre Farkas <ifarkas@gitlab.com> | 2019-04-05 14:45:47 +0300 |
|---|---|---|
| committer | Andreas Brandl <abrandl@gitlab.com> | 2019-04-05 14:45:47 +0300 |
| commit | d9d7237d2ebf101ca35ed8ba2740e7c7093437ea (patch) | |
| tree | 419b0af4bc8de6de5888feec4f502bcc468df400 /app/models | |
| parent | 30fa3cbdb74df2dfeebb2929a10dd301a0dde55e (diff) | |
Move Contribution Analytics related spec in spec/features/groups/group_page_with_external_authorization_service_spec to EE
Diffstat (limited to 'app/models')
| -rw-r--r-- | app/models/application_setting.rb | 34 | ||||
| -rw-r--r-- | app/models/issue.rb | 10 | ||||
| -rw-r--r-- | app/models/project.rb | 5 |
3 files changed, 47 insertions, 2 deletions
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb index 7ec8505b33a..d28a12413bf 100644 --- a/app/models/application_setting.rb +++ b/app/models/application_setting.rb @@ -213,6 +213,40 @@ class ApplicationSetting < ApplicationRecord validate :terms_exist, if: :enforce_terms? + validates :external_authorization_service_default_label, + presence: true, + if: :external_authorization_service_enabled + + validates :external_authorization_service_url, + url: true, allow_blank: true, + if: :external_authorization_service_enabled + + validates :external_authorization_service_timeout, + numericality: { greater_than: 0, less_than_or_equal_to: 10 }, + if: :external_authorization_service_enabled + + validates :external_auth_client_key, + presence: true, + if: -> (setting) { setting.external_auth_client_cert.present? } + + validates_with X509CertificateCredentialsValidator, + certificate: :external_auth_client_cert, + pkey: :external_auth_client_key, + pass: :external_auth_client_key_pass, + if: -> (setting) { setting.external_auth_client_cert.present? } + + attr_encrypted :external_auth_client_key, + mode: :per_attribute_iv, + key: Settings.attr_encrypted_db_key_base_truncated, + algorithm: 'aes-256-gcm', + encode: true + + attr_encrypted :external_auth_client_key_pass, + mode: :per_attribute_iv, + key: Settings.attr_encrypted_db_key_base_truncated, + algorithm: 'aes-256-gcm', + encode: true + before_validation :ensure_uuid! before_validation :strip_sentry_values diff --git a/app/models/issue.rb b/app/models/issue.rb index 97c6dcc4745..eb4c87e05d5 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -230,7 +230,13 @@ class Issue < ApplicationRecord def visible_to_user?(user = nil) return false unless project && project.feature_available?(:issues, user) - user ? readable_by?(user) : publicly_visible? + return publicly_visible? unless user + + return false unless readable_by?(user) + + user.full_private_access? || + ::Gitlab::ExternalAuthorization.access_allowed?( + user, project.external_authorization_classification_label) end def check_for_spam? @@ -298,7 +304,7 @@ class Issue < ApplicationRecord # Returns `true` if this Issue is visible to everybody. def publicly_visible? - project.public? && !confidential? + project.public? && !confidential? && !::Gitlab::ExternalAuthorization.enabled? end def expire_etag_cache diff --git a/app/models/project.rb b/app/models/project.rb index e2869fc2ad5..97e287d3fa2 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -2062,6 +2062,11 @@ class Project < ApplicationRecord fetch_branch_allows_collaboration(user, branch_name) end + def external_authorization_classification_label + super || ::Gitlab::CurrentSettings.current_application_settings + .external_authorization_service_default_label + end + def licensed_features [] end |