Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
Diffstat (limited to 'app')
-rw-r--r--app/controllers/admin/application_settings_controller.rb1
-rw-r--r--app/models/application_setting.rb6
-rw-r--r--app/models/application_setting_implementation.rb1
-rw-r--r--app/models/key.rb18
-rw-r--r--app/policies/base_policy.rb6
-rw-r--r--app/validators/ssh_key_validator.rb31
-rw-r--r--app/views/admin/application_settings/_user_restrictions.html.haml2
7 files changed, 43 insertions, 22 deletions
diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb
index b5edecbd6a5..cd099173718 100644
--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -179,6 +179,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
*::ApplicationSettingsHelper.visible_attributes,
*::ApplicationSettingsHelper.external_authorization_service_attributes,
*ApplicationSetting.kroki_formats_attributes.keys.map { |key| "kroki_formats_#{key}".to_sym },
+ :can_create_organization,
:lets_encrypt_notification_email,
:lets_encrypt_terms_of_service_accepted,
:domain_denylist_file,
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index 96ea7064c6f..f389b857354 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -468,7 +468,11 @@ class ApplicationSetting < MainClusterwide::ApplicationRecord
validates :invisible_captcha_enabled,
inclusion: { in: [true, false], message: N_('must be a boolean value') }
- validates :invitation_flow_enforcement, :can_create_group, :allow_project_creation_for_guest_and_below, :user_defaults_to_private_profile,
+ validates :invitation_flow_enforcement,
+ :can_create_group,
+ :can_create_organization,
+ :allow_project_creation_for_guest_and_below,
+ :user_defaults_to_private_profile,
allow_nil: false,
inclusion: { in: [true, false], message: N_('must be a boolean value') }
diff --git a/app/models/application_setting_implementation.rb b/app/models/application_setting_implementation.rb
index 00b093c8ac3..16991937e2f 100644
--- a/app/models/application_setting_implementation.rb
+++ b/app/models/application_setting_implementation.rb
@@ -263,6 +263,7 @@ module ApplicationSettingImplementation
users_get_by_id_limit: 300,
users_get_by_id_limit_allowlist: [],
can_create_group: true,
+ can_create_organization: true,
bulk_import_enabled: false,
bulk_import_max_download_file_size: 5120,
allow_runner_registration_token: true,
diff --git a/app/models/key.rb b/app/models/key.rb
index fdc54c9f56e..4ff5f7a8e6a 100644
--- a/app/models/key.rb
+++ b/app/models/key.rb
@@ -21,6 +21,7 @@ class Key < ApplicationRecord
validates :key,
presence: true,
+ ssh_key: true,
length: { maximum: 5000 },
format: { with: /\A(#{Gitlab::SSHPublicKey.supported_algorithms.join('|')})/ }
@@ -28,7 +29,6 @@ class Key < ApplicationRecord
uniqueness: true,
presence: { message: 'cannot be generated' }
- validate :key_meets_restrictions
validate :expiration, on: :create
validate :banned_key, if: :key_changed?
@@ -154,16 +154,6 @@ class Key < ApplicationRecord
self.fingerprint_sha256 = public_key.fingerprint_sha256.gsub("SHA256:", "")
end
- def key_meets_restrictions
- restriction = Gitlab::CurrentSettings.key_restriction_for(public_key.type)
-
- if restriction == ApplicationSetting::FORBIDDEN_KEY_VALUE
- errors.add(:key, forbidden_key_type_message)
- elsif public_key.bits < restriction
- errors.add(:key, "must be at least #{restriction} bits")
- end
- end
-
def banned_key
return unless public_key.banned?
@@ -179,12 +169,6 @@ class Key < ApplicationRecord
)
end
- def forbidden_key_type_message
- allowed_types = Gitlab::CurrentSettings.allowed_key_types.map(&:upcase)
-
- "type is forbidden. Must be #{Gitlab::Sentence.to_exclusive_sentence(allowed_types)}"
- end
-
def expiration
errors.add(:key, message: 'has expired') if expired?
end
diff --git a/app/policies/base_policy.rb b/app/policies/base_policy.rb
index 462afbaa475..53b0073eccc 100644
--- a/app/policies/base_policy.rb
+++ b/app/policies/base_policy.rb
@@ -57,11 +57,9 @@ class BasePolicy < DeclarativePolicy::Base
with_options scope: :user, score: 0
condition(:can_create_group) { @user&.can_create_group }
- # TODO: update to check application setting
- # https://gitlab.com/gitlab-org/gitlab/-/issues/423302
desc 'User can create an organization'
- with_options scope: :user, score: 0
- condition(:can_create_organization) { true }
+ with_options scope: :global, score: 0
+ condition(:can_create_organization) { Gitlab::CurrentSettings.can_create_organization }
desc "The application is restricted from public visibility"
condition(:restricted_public_level, scope: :global) do
diff --git a/app/validators/ssh_key_validator.rb b/app/validators/ssh_key_validator.rb
new file mode 100644
index 00000000000..74e86fc6644
--- /dev/null
+++ b/app/validators/ssh_key_validator.rb
@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+# SshKeyValidator
+#
+# Custom validator for SSH keys.
+#
+# class Project < ActiveRecord::Base
+# validates :key, ssh_key: true
+# end
+#
+class SshKeyValidator < ActiveModel::EachValidator # rubocop:disable Gitlab/NamespacedClass -- Allow setting ssh_key by convention
+ def validate_each(record, attribute, value)
+ public_key = Gitlab::SSHPublicKey.new(value)
+
+ restriction = Gitlab::CurrentSettings.key_restriction_for(public_key.type)
+
+ if restriction == ApplicationSetting::FORBIDDEN_KEY_VALUE
+ record.errors.add(attribute, forbidden_key_type_message)
+ elsif public_key.bits < restriction
+ record.errors.add(attribute, "must be at least #{restriction} bits")
+ end
+ end
+
+ private
+
+ def forbidden_key_type_message
+ allowed_types = Gitlab::CurrentSettings.allowed_key_types.map(&:upcase)
+
+ "type is forbidden. Must be #{Gitlab::Sentence.to_exclusive_sentence(allowed_types)}"
+ end
+end
diff --git a/app/views/admin/application_settings/_user_restrictions.html.haml b/app/views/admin/application_settings/_user_restrictions.html.haml
index c21d1ec47e6..4fb65c20daf 100644
--- a/app/views/admin/application_settings/_user_restrictions.html.haml
+++ b/app/views/admin/application_settings/_user_restrictions.html.haml
@@ -3,6 +3,8 @@
.form-group
= label_tag _('User restrictions')
= render_if_exists 'admin/application_settings/updating_name_disabled_for_users', form: form
+ - if Feature.enabled?(:ui_for_organizations, current_user)
+ = form.gitlab_ui_checkbox_component :can_create_organization, _("Allow users to create organizations")
= form.gitlab_ui_checkbox_component :can_create_group, _("Allow new users to create top-level groups")
= form.gitlab_ui_checkbox_component :user_defaults_to_private_profile, _("Make new users' profiles private by default")
= render_if_exists 'admin/application_settings/allow_account_deletion', form: form
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-11 00:56:14 +0300