diff options
Diffstat (limited to 'app/models/project_feature.rb')
| -rw-r--r-- | app/models/project_feature.rb | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/app/models/project_feature.rb b/app/models/project_feature.rb index 676c28d5e1b..0d3e50837ab 100644 --- a/app/models/project_feature.rb +++ b/app/models/project_feature.rb @@ -83,6 +83,52 @@ class ProjectFeature < ApplicationRecord end end + # "enabled" here means "not disabled". It includes private features! + scope :with_feature_enabled, ->(feature) { + feature_access_level_attribute = arel_table[access_level_attribute(feature)] + enabled_feature = feature_access_level_attribute.gt(DISABLED).or(feature_access_level_attribute.eq(nil)) + + where(enabled_feature) + } + + # Picks a feature where the level is exactly that given. + scope :with_feature_access_level, ->(feature, level) { + feature_access_level_attribute = access_level_attribute(feature) + where(project_features: { feature_access_level_attribute => level }) + } + + # project features may be "disabled", "internal", "enabled" or "public". If "internal", + # they are only available to team members. This scope returns features where + # the feature is either public, enabled, or internal with permission for the user. + # Note: this scope doesn't enforce that the user has access to the projects, it just checks + # that the user has access to the feature. It's important to use this scope with others + # that checks project authorizations first (e.g. `filter_by_feature_visibility`). + # + # This method uses an optimised version of `with_feature_access_level` for + # logged in users to more efficiently get private projects with the given + # feature. + def self.with_feature_available_for_user(feature, user) + visible = [ENABLED, PUBLIC] + + if user&.can_read_all_resources? + with_feature_enabled(feature) + elsif user + min_access_level = required_minimum_access_level(feature) + column = quoted_access_level_column(feature) + + where("#{column} IS NULL OR #{column} IN (:public_visible) OR (#{column} = :private_visible AND EXISTS (:authorizations))", + { + public_visible: visible, + private_visible: PRIVATE, + authorizations: user.authorizations_for_projects(min_access_level: min_access_level, related_project_column: 'project_features.project_id') + }) + else + # This has to be added to include features whose value is nil in the db + visible << nil + with_feature_access_level(feature, visible) + end + end + def public_pages? return true unless Gitlab.config.pages.access_control |