diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-02-09 03:12:09 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-02-09 03:12:09 +0300 |
commit | c46d8e7601c032d954c9f35761ae14dc4bacf6ce (patch) | |
tree | 4c602beeed2f191efdfb16f37fa54385815cf436 /app/models | |
parent | 3d42e098d9658853984534c9dfc2bf76284a8ac0 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/models')
-rw-r--r-- | app/models/ci/job_token/project_scope_link.rb | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/app/models/ci/job_token/project_scope_link.rb b/app/models/ci/job_token/project_scope_link.rb index 774d85e3d3c..96e370bba1e 100644 --- a/app/models/ci/job_token/project_scope_link.rb +++ b/app/models/ci/job_token/project_scope_link.rb @@ -8,6 +8,8 @@ module Ci class ProjectScopeLink < Ci::ApplicationRecord self.table_name = 'ci_job_token_project_scope_links' + PROJECT_LINK_DIRECTIONAL_LIMIT = 100 + belongs_to :source_project, class_name: 'Project' # the project added to the scope's allowlist belongs_to :target_project, class_name: 'Project' @@ -20,6 +22,7 @@ module Ci validates :source_project, presence: true validates :target_project, presence: true validate :not_self_referential_link + validate :source_project_under_link_limit, on: :create # When outbound the target project is allowed to be accessed by the source job token. # When inbound the source project is allowed to be accessed by the target job token. @@ -41,6 +44,16 @@ module Ci self.errors.add(:target_project, _("can't be the same as the source project")) end end + + def source_project_under_link_limit + return unless source_project + + existing_links_count = self.class.with_source(source_project).with_access_direction(direction).count + + if existing_links_count >= PROJECT_LINK_DIRECTIONAL_LIMIT + errors.add(:source_project, "exceeds the allowable number of project links in this direction") + end + end end end end |