diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-21 21:08:00 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-21 21:08:00 +0300 |
commit | 6f03d13ddbc2ac2f18517ce2c8b838f89a774c7c (patch) | |
tree | 272a680c85e66c5779c8cb9f3eaeef6921fee171 /app | |
parent | a6389df9f6760652a04933624aff7182bb851739 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app')
-rw-r--r-- | app/graphql/resolvers/ci/job_token_scope_resolver.rb | 21 | ||||
-rw-r--r-- | app/graphql/types/ci/job_token_scope_type.rb | 16 | ||||
-rw-r--r-- | app/graphql/types/project_type.rb | 4 | ||||
-rw-r--r-- | app/models/packages/package.rb | 8 |
4 files changed, 41 insertions, 8 deletions
diff --git a/app/graphql/resolvers/ci/job_token_scope_resolver.rb b/app/graphql/resolvers/ci/job_token_scope_resolver.rb new file mode 100644 index 00000000000..ca76a7b94fc --- /dev/null +++ b/app/graphql/resolvers/ci/job_token_scope_resolver.rb @@ -0,0 +1,21 @@ +# frozen_string_literal: true + +module Resolvers + module Ci + class JobTokenScopeResolver < BaseResolver + include Gitlab::Graphql::Authorize::AuthorizeResource + + authorize :admin_project + description 'Container for resources that can be accessed by a CI job token from the current project. Null if job token scope setting is disabled.' + type ::Types::Ci::JobTokenScopeType, null: true + + def resolve + authorize!(object) + + return unless object.ci_job_token_scope_enabled? + + ::Ci::JobToken::Scope.new(object) + end + end + end +end diff --git a/app/graphql/types/ci/job_token_scope_type.rb b/app/graphql/types/ci/job_token_scope_type.rb new file mode 100644 index 00000000000..9f48298e1d3 --- /dev/null +++ b/app/graphql/types/ci/job_token_scope_type.rb @@ -0,0 +1,16 @@ +# frozen_string_literal: true + +module Types + # rubocop: disable Graphql/AuthorizeTypes + # Authorization is in the resolver based on the parent project + module Ci + class JobTokenScopeType < BaseObject + graphql_name 'CiJobTokenScopeType' + + field :projects, Types::ProjectType.connection_type, null: false, + description: 'Allow list of projects that can be accessed by CI Job tokens created by this project.', + method: :all_projects + end + end + # rubocop: enable Graphql/AuthorizeTypes +end diff --git a/app/graphql/types/project_type.rb b/app/graphql/types/project_type.rb index 55dc73d898d..7e4c0c03dd6 100644 --- a/app/graphql/types/project_type.rb +++ b/app/graphql/types/project_type.rb @@ -346,6 +346,10 @@ module Types description: 'Find a single CI/CD template by name.', resolver: Resolvers::Ci::TemplateResolver + field :ci_job_token_scope, Types::Ci::JobTokenScopeType, null: true, + description: 'The CI Job Tokens scope of access.', + resolver: Resolvers::Ci::JobTokenScopeResolver + def label(title:) BatchLoader::GraphQL.for(title).batch(key: project) do |titles, loader, args| LabelsFinder diff --git a/app/models/packages/package.rb b/app/models/packages/package.rb index b040c98ef09..d2e4f46898c 100644 --- a/app/models/packages/package.rb +++ b/app/models/packages/package.rb @@ -158,8 +158,6 @@ class Packages::Package < ApplicationRecord joins(:project).reorder(keyset_order) end - after_commit :update_composer_cache, on: :destroy, if: -> { composer? && Feature.disabled?(:disable_composer_callback) } - def self.only_maven_packages_with_path(path, use_cte: false) if use_cte # This is an optimization fence which assumes that looking up the Metadatum record by path (globally) @@ -295,12 +293,6 @@ class Packages::Package < ApplicationRecord private - def update_composer_cache - return unless composer? - - ::Packages::Composer::CacheUpdateWorker.perform_async(project_id, name, composer_metadatum.version_cache_sha) # rubocop:disable CodeReuse/Worker - end - def composer_tag_version? composer? && !Gitlab::Regex.composer_dev_version_regex.match(version.to_s) end |