diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-11-16 09:07:09 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-11-16 09:07:09 +0300 |
commit | 4b74e7efc0f9976cc0ecbab72a09fea8e3810608 (patch) | |
tree | a2da9c9f9097589bba3680ecafb995b128eb8e1c /app | |
parent | a746dae4f77974a515690ccb8b9d0c6508adfa90 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app')
-rw-r--r-- | app/graphql/mutations/packages/protection/rule/update.rb | 62 | ||||
-rw-r--r-- | app/graphql/types/mutation_type.rb | 1 | ||||
-rw-r--r-- | app/models/concerns/transitionable.rb | 4 | ||||
-rw-r--r-- | app/services/packages/protection/update_rule_service.rb | 54 |
4 files changed, 118 insertions, 3 deletions
diff --git a/app/graphql/mutations/packages/protection/rule/update.rb b/app/graphql/mutations/packages/protection/rule/update.rb new file mode 100644 index 00000000000..dc1f78e6822 --- /dev/null +++ b/app/graphql/mutations/packages/protection/rule/update.rb @@ -0,0 +1,62 @@ +# frozen_string_literal: true + +module Mutations + module Packages + module Protection + module Rule + class Update < ::Mutations::BaseMutation + graphql_name 'UpdatePackagesProtectionRule' + description 'Updates a package protection rule to restrict access to project packages. ' \ + 'You can prevent users without certain permissions from altering packages. ' \ + 'Available only when feature flag `packages_protected_packages` is enabled.' + + authorize :admin_package + + argument :id, + ::Types::GlobalIDType[::Packages::Protection::Rule], + required: true, + description: 'Global ID of the package protection rule to be updated.' + + argument :package_name_pattern, + GraphQL::Types::String, + required: false, + validates: { allow_blank: false }, + description: + 'Package name protected by the protection rule. For example, `@my-scope/my-package-*`. ' \ + 'Wildcard character `*` allowed.' + + argument :package_type, + Types::Packages::Protection::RulePackageTypeEnum, + required: false, + validates: { allow_blank: false }, + description: 'Package type protected by the protection rule. For example, `NPM`.' + + argument :push_protected_up_to_access_level, + Types::Packages::Protection::RuleAccessLevelEnum, + required: false, + validates: { allow_blank: false }, + description: + 'Maximum GitLab access level unable to push a package. For example, `DEVELOPER`, `MAINTAINER`, `OWNER`.' + + field :package_protection_rule, + Types::Packages::Protection::RuleType, + null: true, + description: 'Packages protection rule after mutation.' + + def resolve(id:, **kwargs) + package_protection_rule = authorized_find!(id: id) + + if Feature.disabled?(:packages_protected_packages, package_protection_rule.project) + raise_resource_not_available_error!("'packages_protected_packages' feature flag is disabled") + end + + response = ::Packages::Protection::UpdateRuleService.new(package_protection_rule, + current_user: current_user, params: kwargs).execute + + { package_protection_rule: response.payload[:package_protection_rule], errors: response.errors } + end + end + end + end + end +end diff --git a/app/graphql/types/mutation_type.rb b/app/graphql/types/mutation_type.rb index 8055247fb8a..d0a9ea11a27 100644 --- a/app/graphql/types/mutation_type.rb +++ b/app/graphql/types/mutation_type.rb @@ -177,6 +177,7 @@ module Types mount_mutation Mutations::Packages::DestroyFile mount_mutation Mutations::Packages::Protection::Rule::Create, alpha: { milestone: '16.5' } mount_mutation Mutations::Packages::Protection::Rule::Delete, alpha: { milestone: '16.6' } + mount_mutation Mutations::Packages::Protection::Rule::Update, alpha: { milestone: '16.6' } mount_mutation Mutations::Packages::DestroyFiles mount_mutation Mutations::Packages::Cleanup::Policy::Update mount_mutation Mutations::Echo diff --git a/app/models/concerns/transitionable.rb b/app/models/concerns/transitionable.rb index 70e1fc8b78a..b64b09336bb 100644 --- a/app/models/concerns/transitionable.rb +++ b/app/models/concerns/transitionable.rb @@ -6,9 +6,7 @@ module Transitionable attr_accessor :transitioning def transitioning? - return false unless transitioning && Feature.enabled?(:skip_validations_during_transitions, project) - - true + transitioning end def enable_transitioning diff --git a/app/services/packages/protection/update_rule_service.rb b/app/services/packages/protection/update_rule_service.rb new file mode 100644 index 00000000000..0dc7eb6a7b9 --- /dev/null +++ b/app/services/packages/protection/update_rule_service.rb @@ -0,0 +1,54 @@ +# frozen_string_literal: true + +module Packages + module Protection + class UpdateRuleService + include Gitlab::Allowable + + ALLOWED_ATTRIBUTES = %i[ + package_name_pattern + package_type + push_protected_up_to_access_level + ].freeze + + def initialize(package_protection_rule, current_user:, params:) + if package_protection_rule.blank? || current_user.blank? + raise ArgumentError, + 'package_protection_rule and current_user must be set' + end + + @package_protection_rule = package_protection_rule + @current_user = current_user + @params = params || {} + end + + def execute + unless can?(current_user, :admin_package, package_protection_rule.project) + error_message = _('Unauthorized to update a package protection rule') + return service_response_error(message: error_message) + end + + package_protection_rule.update(params.slice(*ALLOWED_ATTRIBUTES)) + + if package_protection_rule.errors.present? + return service_response_error(message: package_protection_rule.errors.full_messages) + end + + ServiceResponse.success(payload: { package_protection_rule: package_protection_rule }) + rescue StandardError => e + service_response_error(message: e.message) + end + + private + + attr_reader :package_protection_rule, :current_user, :params + + def service_response_error(message:) + ServiceResponse.error( + message: message, + payload: { package_protection_rule: nil } + ) + end + end + end +end |