diff options
| author | Imre Farkas <ifarkas@gitlab.com> | 2019-04-05 14:45:47 +0300 |
|---|---|---|
| committer | Andreas Brandl <abrandl@gitlab.com> | 2019-04-05 14:45:47 +0300 |
| commit | d9d7237d2ebf101ca35ed8ba2740e7c7093437ea (patch) | |
| tree | 419b0af4bc8de6de5888feec4f502bcc468df400 /lib/gitlab/external_authorization.rb | |
| parent | 30fa3cbdb74df2dfeebb2929a10dd301a0dde55e (diff) | |
Move Contribution Analytics related spec in spec/features/groups/group_page_with_external_authorization_service_spec to EE
Diffstat (limited to 'lib/gitlab/external_authorization.rb')
| -rw-r--r-- | lib/gitlab/external_authorization.rb | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/lib/gitlab/external_authorization.rb b/lib/gitlab/external_authorization.rb new file mode 100644 index 00000000000..25f8b7b3628 --- /dev/null +++ b/lib/gitlab/external_authorization.rb @@ -0,0 +1,40 @@ +# frozen_string_literal: true + +module Gitlab + module ExternalAuthorization + extend ExternalAuthorization::Config + + RequestFailed = Class.new(StandardError) + + def self.access_allowed?(user, label, project_path = nil) + return true unless perform_check? + return false unless user + + access_for_user_to_label(user, label, project_path).has_access? + end + + def self.rejection_reason(user, label) + return unless enabled? + return unless user + + access_for_user_to_label(user, label, nil).reason + end + + def self.access_for_user_to_label(user, label, project_path) + if RequestStore.active? + RequestStore.fetch("external_authorisation:user-#{user.id}:label-#{label}") do + load_access(user, label, project_path) + end + else + load_access(user, label, project_path) + end + end + + def self.load_access(user, label, project_path) + access = ::Gitlab::ExternalAuthorization::Access.new(user, label).load! + ::Gitlab::ExternalAuthorization::Logger.log_access(access, project_path) + + access + end + end +end |