diff options
Diffstat (limited to 'app/finders/clusters/agent_authorizations_finder.rb')
-rw-r--r-- | app/finders/clusters/agent_authorizations_finder.rb | 36 |
1 files changed, 31 insertions, 5 deletions
diff --git a/app/finders/clusters/agent_authorizations_finder.rb b/app/finders/clusters/agent_authorizations_finder.rb index 373cf7fe8b9..8b939f5d646 100644 --- a/app/finders/clusters/agent_authorizations_finder.rb +++ b/app/finders/clusters/agent_authorizations_finder.rb @@ -24,13 +24,21 @@ module Clusters # rubocop: disable CodeReuse/ActiveRecord def project_authorizations - ancestor_ids = project.group ? project.ancestors.select(:id) : project.namespace_id + namespace_ids = if project.group + if include_descendants? + all_namespace_ids + else + ancestor_namespace_ids + end + else + project.namespace_id + end Clusters::Agents::ProjectAuthorization .where(project_id: project.id) .joins(agent: :project) .preload(agent: :project) - .where(cluster_agents: { projects: { namespace_id: ancestor_ids } }) + .where(cluster_agents: { projects: { namespace_id: namespace_ids } }) .with_available_ci_access_fields(project) .to_a end @@ -49,17 +57,35 @@ module Clusters authorizations[:group_id].eq(ordered_ancestors_cte.table[:id]) ).join_sources - Clusters::Agents::GroupAuthorization + authorized_groups = Clusters::Agents::GroupAuthorization .with(ordered_ancestors_cte.to_arel) .joins(cte_join_sources) .joins(agent: :project) - .where('projects.namespace_id IN (SELECT id FROM ordered_ancestors)') .with_available_ci_access_fields(project) .order(Arel.sql('agent_id, array_position(ARRAY(SELECT id FROM ordered_ancestors)::bigint[], agent_group_authorizations.group_id)')) .select('DISTINCT ON (agent_id) agent_group_authorizations.*') .preload(agent: :project) - .to_a + + authorized_groups = if include_descendants? + authorized_groups.where(projects: { namespace_id: all_namespace_ids }) + else + authorized_groups.where('projects.namespace_id IN (SELECT id FROM ordered_ancestors)') + end + + authorized_groups.to_a end # rubocop: enable CodeReuse/ActiveRecord + + def ancestor_namespace_ids + project.ancestors.select(:id) + end + + def all_namespace_ids + project.root_ancestor.self_and_descendants.select(:id) + end + + def include_descendants? + Feature.enabled?(:agent_authorization_include_descendants, project) + end end end |