diff options
Diffstat (limited to 'app/services/concerns/ci')
-rw-r--r-- | app/services/concerns/ci/job_token_scope/edit_scope_validations.rb | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/app/services/concerns/ci/job_token_scope/edit_scope_validations.rb b/app/services/concerns/ci/job_token_scope/edit_scope_validations.rb new file mode 100644 index 00000000000..23053975313 --- /dev/null +++ b/app/services/concerns/ci/job_token_scope/edit_scope_validations.rb @@ -0,0 +1,26 @@ +# frozen_string_literal: true + +module Ci + module JobTokenScope + module EditScopeValidations + ValidationError = Class.new(StandardError) + + TARGET_PROJECT_UNAUTHORIZED_OR_UNFOUND = "The target_project that you are attempting to access does " \ + "not exist or you don't have permission to perform this action" + + def validate_edit!(source_project, target_project, current_user) + unless source_project.ci_job_token_scope_enabled? + raise ValidationError, "Job token scope is disabled for this project" + end + + unless can?(current_user, :admin_project, source_project) + raise ValidationError, "Insufficient permissions to modify the job token scope" + end + + unless can?(current_user, :read_project, target_project) + raise ValidationError, TARGET_PROJECT_UNAUTHORIZED_OR_UNFOUND + end + end + end + end +end |