diff options
| author | Mayra Cabrera <mcabrera@gitlab.com> | 2018-04-05 20:22:34 +0300 |
|---|---|---|
| committer | Mayra Cabrera <mcabrera@gitlab.com> | 2018-04-07 05:20:16 +0300 |
| commit | 8315861c9a50675b4f4f4ca536f0da90f27994f3 (patch) | |
| tree | b5f25e5dbd74621ef77d480ba69f4f21d5c00d7d /app/models | |
| parent | 72220a99d1cdbcf8a914f9e765c43e63eaee2548 (diff) | |
Include ProjectDeployTokens
Also:
- Changes scopes from serializer to use boolean columns
- Fixes broken specs
Diffstat (limited to 'app/models')
| -rw-r--r-- | app/models/deploy_token.rb | 41 | ||||
| -rw-r--r-- | app/models/project.rb | 3 | ||||
| -rw-r--r-- | app/models/project_deploy_token.rb | 14 |
3 files changed, 44 insertions, 14 deletions
diff --git a/app/models/deploy_token.rb b/app/models/deploy_token.rb index c70d1457afb..6639cb17287 100644 --- a/app/models/deploy_token.rb +++ b/app/models/deploy_token.rb @@ -3,36 +3,51 @@ class DeployToken < ActiveRecord::Base include TokenAuthenticatable add_authentication_token_field :token - AVAILABLE_SCOPES = %w(read_repository read_registry).freeze + AVAILABLE_SCOPES = %i(read_repository read_registry).freeze - serialize :scopes, Array # rubocop:disable Cop/ActiveRecordSerialize - - validates :scopes, presence: true - validates :project, presence: true - - belongs_to :project + has_many :project_deploy_tokens, inverse_of: :deploy_token + has_many :projects, through: :project_deploy_tokens + validate :ensure_at_least_one_scope before_save :ensure_token + accepts_nested_attributes_for :project_deploy_tokens + scope :active, -> { where("revoked = false AND (expires_at >= NOW() OR expires_at IS NULL)") } + scope :read_repository, -> { where(read_repository: true) } + scope :read_registry, -> { where(read_registry: true) } - def revoke! - update!(revoked: true) + def self.redis_shared_state_key(user_id) + "gitlab:deploy_token:user_#{user_id}" end - def redis_shared_state_key(user_id) - "gitlab:deploy_token:#{project_id}:#{user_id}" + def revoke! + update!(revoked: true) end def active? !revoked end + def scopes + AVAILABLE_SCOPES.select { |token_scope| send("#{token_scope}") } # rubocop:disable GitlabSecurity/PublicSend + end + def username "gitlab+deploy-token-#{id}" end - def has_access_to?(project) - self.project == project + def has_access_to?(requested_project) + self.projects.first == requested_project + end + + def project + projects.first + end + + private + + def ensure_at_least_one_scope + errors.add(:base, "Scopes can't be blank") unless read_repository || read_registry end end diff --git a/app/models/project.rb b/app/models/project.rb index 3cfb163abf4..3f805dd1fc9 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -222,7 +222,8 @@ class Project < ActiveRecord::Base has_many :environments has_many :deployments has_many :pipeline_schedules, class_name: 'Ci::PipelineSchedule' - has_many :deploy_tokens + has_many :project_deploy_tokens + has_many :deploy_tokens, through: :project_deploy_tokens has_many :active_runners, -> { active }, through: :runner_projects, source: :runner, class_name: 'Ci::Runner' diff --git a/app/models/project_deploy_token.rb b/app/models/project_deploy_token.rb new file mode 100644 index 00000000000..2831b01e378 --- /dev/null +++ b/app/models/project_deploy_token.rb @@ -0,0 +1,14 @@ +class ProjectDeployToken < ActiveRecord::Base + belongs_to :project + belongs_to :deploy_token, inverse_of: :project_deploy_tokens + + validates :deploy_token, presence: true + validates :project, presence: true + validates :deploy_token_id, uniqueness: { scope: [:project_id] } + + accepts_nested_attributes_for :deploy_token + + def redis_shared_state_key(user_id) + "gitlab:deploy_token:#{project_id}:#{user_id}" + end +end |