blob: 4275476a1ffec6e87ba9d002bae92067ff514bf7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
# frozen_string_literal: true
module ProtectedRefDeployKeyAccess
extend ActiveSupport::Concern
included do
belongs_to :deploy_key
protected_ref_fk = "#{module_parent.model_name.singular}_id"
validates :deploy_key_id, uniqueness: { scope: protected_ref_fk, allow_nil: true }
validate :validate_deploy_key_membership
end
class_methods do
def non_role_types
super << :deploy_key
end
end
def type
return :deploy_key if deploy_key.present?
super
end
def humanize
return deploy_key.title if deploy_key?
super
end
def check_access(current_user)
super do
break enabled_deploy_key_for_user?(current_user) if deploy_key?
yield if block_given?
end
end
private
def deploy_key?
type == :deploy_key
end
def validate_deploy_key_membership
return if deploy_key.nil? || deploy_key_has_write_access_to_project?
errors.add(:deploy_key, 'is not enabled for this project')
end
def enabled_deploy_key_for_user?(current_user)
current_user.can?(:read_project, project) &&
deploy_key.user_id == current_user.id &&
deploy_key_has_write_access_to_project?
end
def deploy_key_has_write_access_to_project?
DeployKey.with_write_access_for_project(project, deploy_key: deploy_key).exists?
end
end
|
