diff options
| author | Imre Farkas <ifarkas@gitlab.com> | 2019-04-09 18:38:58 +0300 |
|---|---|---|
| committer | Andreas Brandl <abrandl@gitlab.com> | 2019-04-09 18:38:58 +0300 |
| commit | 9bc5ed14fe97fe63cd5be30c013c6af978715621 (patch) | |
| tree | 74e1548a29b4683e94720b346a4fc41a068b2583 /lib/gitlab/external_authorization.rb | |
| parent | a6218f1bcd78f656d57330e764d3f98e1fb1f3f3 (diff) | |
Move Contribution Analytics related spec in spec/features/groups/group_page_with_external_authorization_service_spec to EE
Diffstat (limited to 'lib/gitlab/external_authorization.rb')
| -rw-r--r-- | lib/gitlab/external_authorization.rb | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/lib/gitlab/external_authorization.rb b/lib/gitlab/external_authorization.rb new file mode 100644 index 00000000000..25f8b7b3628 --- /dev/null +++ b/lib/gitlab/external_authorization.rb @@ -0,0 +1,40 @@ +# frozen_string_literal: true + +module Gitlab + module ExternalAuthorization + extend ExternalAuthorization::Config + + RequestFailed = Class.new(StandardError) + + def self.access_allowed?(user, label, project_path = nil) + return true unless perform_check? + return false unless user + + access_for_user_to_label(user, label, project_path).has_access? + end + + def self.rejection_reason(user, label) + return unless enabled? + return unless user + + access_for_user_to_label(user, label, nil).reason + end + + def self.access_for_user_to_label(user, label, project_path) + if RequestStore.active? + RequestStore.fetch("external_authorisation:user-#{user.id}:label-#{label}") do + load_access(user, label, project_path) + end + else + load_access(user, label, project_path) + end + end + + def self.load_access(user, label, project_path) + access = ::Gitlab::ExternalAuthorization::Access.new(user, label).load! + ::Gitlab::ExternalAuthorization::Logger.log_access(access, project_path) + + access + end + end +end |