Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/models/clusters/agent.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/models/clusters/agent.rb')
-rw-r--r--app/models/clusters/agent.rb57
1 files changed, 57 insertions, 0 deletions
diff --git a/app/models/clusters/agent.rb b/app/models/clusters/agent.rb
index 374deabfe33..55fd41d6c0a 100644
--- a/app/models/clusters/agent.rb
+++ b/app/models/clusters/agent.rb
@@ -57,6 +57,63 @@ module Clusters
def to_ability_name
:cluster
end
+
+ def ci_access_authorized_for?(user)
+ return false unless user
+ return false unless ::Feature.enabled?(:expose_authorized_cluster_agents, project)
+
+ ::Project.from_union(
+ all_ci_access_authorized_projects_for(user).limit(1),
+ all_ci_access_authorized_namespaces_for(user).limit(1)
+ ).exists?
+ end
+
+ private
+
+ def all_ci_access_authorized_projects_for(user)
+ ::Project.joins(:ci_access_project_authorizations)
+ .joins(:project_authorizations)
+ .where(agent_project_authorizations: { agent_id: id })
+ .where(project_authorizations: { user_id: user.id, access_level: Gitlab::Access::DEVELOPER.. })
+ end
+
+ def all_ci_access_authorized_namespaces_for(user)
+ ::Project.with(root_namespace_cte.to_arel)
+ .with(all_ci_access_authorized_namespaces_cte.to_arel)
+ .joins('INNER JOIN all_authorized_namespaces ON all_authorized_namespaces.id = projects.namespace_id')
+ .joins(:project_authorizations)
+ .where(project_authorizations: { user_id: user.id, access_level: Gitlab::Access::DEVELOPER.. })
+ end
+
+ def root_namespace_cte
+ Gitlab::SQL::CTE.new(:root_namespace, root_namespace.to_sql)
+ end
+
+ def all_ci_access_authorized_namespaces_cte
+ Gitlab::SQL::CTE.new(:all_authorized_namespaces, all_ci_access_authorized_namespaces.to_sql)
+ end
+
+ def all_ci_access_authorized_namespaces
+ Namespace.select("traversal_ids[array_length(traversal_ids, 1)] AS id")
+ .joins("INNER JOIN root_namespace ON " \
+ "namespaces.traversal_ids @> ARRAY[root_namespace.root_id]")
+ .joins("INNER JOIN agent_group_authorizations ON " \
+ "namespaces.traversal_ids @> ARRAY[agent_group_authorizations.group_id::integer]")
+ .where(agent_group_authorizations: { agent_id: id })
+ end
+
+ def root_namespace
+ Namespace.select("traversal_ids[1] AS root_id")
+ .where("traversal_ids @> ARRAY(?)", project_namespace)
+ .limit(1)
+ end
+
+ def project_namespace
+ ::Project.select('namespace_id')
+ .joins(:cluster_agents)
+ .where(cluster_agents: { id: id })
+ .limit(1)
+ end
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-06 02:04:12 +0300