diff options
Diffstat (limited to 'app/models/deploy_token.rb')
-rw-r--r-- | app/models/deploy_token.rb | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/app/models/deploy_token.rb b/app/models/deploy_token.rb index 5fa9f2ef9f9..326d3fb8470 100644 --- a/app/models/deploy_token.rb +++ b/app/models/deploy_token.rb @@ -10,6 +10,7 @@ class DeployToken < ApplicationRecord AVAILABLE_SCOPES = %i(read_repository read_registry write_registry read_package_registry write_package_registry).freeze GITLAB_DEPLOY_TOKEN_NAME = 'gitlab-deploy-token' + REQUIRED_DEPENDENCY_PROXY_SCOPES = %i[read_registry write_registry].freeze default_value_for(:expires_at) { Forever.date } @@ -46,6 +47,12 @@ class DeployToken < ApplicationRecord active.find_by(name: GITLAB_DEPLOY_TOKEN_NAME) end + def valid_for_dependency_proxy? + group_type? && + active? && + REQUIRED_DEPENDENCY_PROXY_SCOPES.all? { |scope| scope.in?(scopes) } + end + def revoke! update!(revoked: true) end @@ -73,6 +80,14 @@ class DeployToken < ApplicationRecord holder.has_access_to?(requested_project) end + def has_access_to_group?(requested_group) + return false unless active? + return false unless group_type? + return false unless holder + + holder.has_access_to_group?(requested_group) + end + # This is temporal. Currently we limit DeployToken # to a single project or group, later we're going to # extend that to be for multiple projects and namespaces. |