diff options
Diffstat (limited to 'app/models/deploy_token.rb')
| -rw-r--r-- | app/models/deploy_token.rb | 33 |
1 files changed, 30 insertions, 3 deletions
diff --git a/app/models/deploy_token.rb b/app/models/deploy_token.rb index 3d098406ab1..31c813edb67 100644 --- a/app/models/deploy_token.rb +++ b/app/models/deploy_token.rb @@ -15,6 +15,11 @@ class DeployToken < ApplicationRecord has_many :project_deploy_tokens, inverse_of: :deploy_token has_many :projects, through: :project_deploy_tokens + has_many :group_deploy_tokens, inverse_of: :deploy_token + has_many :groups, through: :group_deploy_tokens + + validate :no_groups, unless: :group_type? + validate :no_projects, unless: :project_type? validate :ensure_at_least_one_scope validates :username, length: { maximum: 255 }, @@ -24,6 +29,7 @@ class DeployToken < ApplicationRecord message: "can contain only letters, digits, '_', '-', '+', and '.'" } + validates :deploy_token_type, presence: true enum deploy_token_type: { group_type: 1, project_type: 2 @@ -56,18 +62,31 @@ class DeployToken < ApplicationRecord end def has_access_to?(requested_project) - active? && project == requested_project + return false unless active? + return false unless holder + + holder.has_access_to?(requested_project) end # This is temporal. Currently we limit DeployToken - # to a single project, later we're going to extend - # that to be for multiple projects and namespaces. + # to a single project or group, later we're going to + # extend that to be for multiple projects and namespaces. def project strong_memoize(:project) do projects.first end end + def holder + strong_memoize(:holder) do + if project_type? + project_deploy_tokens.first + elsif group_type? + group_deploy_tokens.first + end + end + end + def expires_at expires_at = read_attribute(:expires_at) expires_at != Forever.date ? expires_at : nil @@ -92,4 +111,12 @@ class DeployToken < ApplicationRecord def default_username "gitlab+deploy-token-#{id}" if persisted? end + + def no_groups + errors.add(:deploy_token, 'cannot have groups assigned') if group_deploy_tokens.any? + end + + def no_projects + errors.add(:deploy_token, 'cannot have projects assigned') if project_deploy_tokens.any? + end end |