Module: ApplicationSettingImplementation

Extended by:
ActiveSupport::Concern
Includes:
Gitlab::Utils::StrongMemoize
Included in:
ApplicationSetting, Gitlab::FakeApplicationSettings
Defined in:
app/models/application_setting_implementation.rb

Constant Summary collapse

STRING_LIST_SEPARATOR = 
%r{\s*[,;]\s*     # comma or semicolon, optionally surrounded by whitespace
  |               # or
  \s              # any whitespace character
  |               # or
  [\r\n]          # any number of newline characters
}x
FORBIDDEN_KEY_VALUE =

Setting a key restriction to -1 means that all keys of this type are forbidden.

KeyRestrictionValidator::FORBIDDEN
VALID_RUNNER_REGISTRAR_TYPES = 
%w[project group].freeze
DEFAULT_PROTECTED_PATHS = 
[
  '/users/password',
  '/users/sign_in',
  '/api/v3/session.json',
  '/api/v3/session',
  '/api/v4/session.json',
  '/api/v4/session',
  '/users',
  '/users/confirmation',
  '/unsubscribes/',
  '/import/github/personal_access_token',
  '/admin/session'
].freeze
DEFAULT_MINIMUM_PASSWORD_LENGTH = 
8
DEFAULT_NUMBER_OF_DAYS_BEFORE_REMOVAL = 
30

Instance Method Summary collapse

Instance Method Details

#add_to_outbound_local_requests_whitelist(values_array) ⇒ Object 



453
454
455
456
457
458
459
460
 
# File 'app/models/application_setting_implementation.rb', line 453

def add_to_outbound_local_requests_whitelist(values_array)
  clear_memoization(:outbound_local_requests_allowlist_arrays)

  self.outbound_local_requests_whitelist ||= []
  self.outbound_local_requests_whitelist += values_array

  self.outbound_local_requests_whitelist.uniq!
end

#allow_immediate_namespaces_deletion_for_user?(user) ⇒ Boolean

Returns:

  • (Boolean) 


710
711
712
713
714
715
 
# File 'app/models/application_setting_implementation.rb', line 710

def allow_immediate_namespaces_deletion_for_user?(user)
  # Keep the previous behavior when the feature flag is disabled
  return true unless Feature.enabled?(:allow_immediate_namespaces_deletion, user)

  allow_immediate_namespaces_deletion? || user&.can_admin_all_resources?
end

#allow_signup?Boolean

Returns:

  • (Boolean) 


657
658
659
 
# File 'app/models/application_setting_implementation.rb', line 657

def allow_signup?
   && password_authentication_enabled_for_web?
end

#allowed_key_typesObject 



645
646
647
648
649
 
# File 'app/models/application_setting_implementation.rb', line 645

def allowed_key_types
  Gitlab::SSHPublicKey.supported_types.select do |type|
    key_restriction_for(type) != FORBIDDEN_KEY_VALUE
  end
end

#archive_builds_older_thanObject 



683
684
685
 
# File 'app/models/application_setting_implementation.rb', line 683

def archive_builds_older_than
  archive_builds_in_seconds.seconds.ago if archive_builds_in_seconds
end

#asset_proxy_allowlistObject 



544
545
546
 
# File 'app/models/application_setting_implementation.rb', line 544

def asset_proxy_allowlist
  read_attribute(:asset_proxy_whitelist)
end

#asset_proxy_whitelist=(values) ⇒ Object Also known as: asset_proxy_allowlist= 



534
535
536
537
538
539
540
541
 
# File 'app/models/application_setting_implementation.rb', line 534

def asset_proxy_whitelist=(values)
  values = strings_to_array(values) if values.is_a?(String)

  # make sure we always allow the running host
  values << Gitlab.config.gitlab.host unless values.include?(Gitlab.config.gitlab.host)

  self[:asset_proxy_whitelist] = values
end

#coerce_iframe_rendering_allowlistObject 



516
517
518
519
520
521
522
523
524
 
# File 'app/models/application_setting_implementation.rb', line 516

def coerce_iframe_rendering_allowlist
  self.iframe_rendering_allowlist = iframe_rendering_allowlist.map do |entry|
    # We mandate https://, and always add a trailing slash; we expect the configured
    # list has neither present, so we remove them if present.
    entry
      .sub(%r{\Ahttps?://}i, '')
      .sub(%r{/+\z}, '')
  end.sort
end

#commit_email_hostnameObject 



548
549
550
 
# File 'app/models/application_setting_implementation.rb', line 548

def commit_email_hostname
  super.presence || self.class.default_commit_email_hostname
end

#default_group_visibility=(level) ⇒ Object 



560
561
562
 
# File 'app/models/application_setting_implementation.rb', line 560

def default_group_visibility=(level)
  super(Gitlab::VisibilityLevel.level_value(level))
end

#default_project_visibility=(level) ⇒ Object 



552
553
554
 
# File 'app/models/application_setting_implementation.rb', line 552

def default_project_visibility=(level)
  super(Gitlab::VisibilityLevel.level_value(level))
end

#default_snippet_visibility=(level) ⇒ Object 



556
557
558
 
# File 'app/models/application_setting_implementation.rb', line 556

def default_snippet_visibility=(level)
  super(Gitlab::VisibilityLevel.level_value(level))
end

#disabled_oauth_sign_in_sources=(sources) ⇒ Object 



418
419
420
421
 
# File 'app/models/application_setting_implementation.rb', line 418

def (sources)
  sources = (sources || []).map(&:to_s) & Devise.omniauth_providers.map(&:to_s)
  super(sources)
end

#domain_allowlist_rawObject 



423
424
425
 
# File 'app/models/application_setting_implementation.rb', line 423

def domain_allowlist_raw
  array_to_string(domain_allowlist)
end

#domain_allowlist_raw=(values) ⇒ Object 



431
432
433
 
# File 'app/models/application_setting_implementation.rb', line 431

def domain_allowlist_raw=(values)
  self.domain_allowlist = strings_to_array(values)
end

#domain_denylist_file=(file) ⇒ Object 



439
440
441
 
# File 'app/models/application_setting_implementation.rb', line 439

def domain_denylist_file=(file)
  self.domain_denylist_raw = file.read
end

#domain_denylist_rawObject 



427
428
429
 
# File 'app/models/application_setting_implementation.rb', line 427

def domain_denylist_raw
  array_to_string(domain_denylist)
end

#domain_denylist_raw=(values) ⇒ Object 



435
436
437
 
# File 'app/models/application_setting_implementation.rb', line 435

def domain_denylist_raw=(values)
  self.domain_denylist = strings_to_array(values)
end

#ensure_key_restrictions!Object 



691
692
693
694
695
696
697
698
 
# File 'app/models/application_setting_implementation.rb', line 691

def ensure_key_restrictions!
  return if Gitlab::Database.read_only?
  return unless Gitlab::FIPS.enabled?

  Gitlab::SSHPublicKey.supported_types.each do |key_type|
    set_max_key_restriction!(key_type)
  end
end

#error_tracking_access_tokenObject 



613
614
615
 
# File 'app/models/application_setting_implementation.rb', line 613

def error_tracking_access_token
  ensure_error_tracking_access_token!
end

#health_check_access_tokenObject 



609
610
611
 
# File 'app/models/application_setting_implementation.rb', line 609

def health_check_access_token
  ensure_health_check_access_token!
end

#help_page_support_url_column_exists?Boolean

Returns:

  • (Boolean) 


414
415
416
 
# File 'app/models/application_setting_implementation.rb', line 414

def help_page_support_url_column_exists?
  ApplicationSetting.database.cached_column_exists?(:help_page_support_url)
end

#home_page_url_column_exists?Boolean

Returns:

  • (Boolean) 


410
411
412
 
# File 'app/models/application_setting_implementation.rb', line 410

def home_page_url_column_exists?
  ApplicationSetting.database.cached_column_exists?(:home_page_url)
end

#iframe_rendering_allowlist_rawObject 



526
527
528
 
# File 'app/models/application_setting_implementation.rb', line 526

def iframe_rendering_allowlist_raw
  array_to_string(iframe_rendering_allowlist)
end

#iframe_rendering_allowlist_raw=(values) ⇒ Object 



530
531
532
 
# File 'app/models/application_setting_implementation.rb', line 530

def iframe_rendering_allowlist_raw=(values)
  self.iframe_rendering_allowlist = strings_to_array(values)
end

#key_restriction_for(type) ⇒ Object 



651
652
653
654
655
 
# File 'app/models/application_setting_implementation.rb', line 651

def key_restriction_for(type)
  attr_name = "#{type}_key_restriction"

  has_attribute?(attr_name) ? public_send(attr_name) : FORBIDDEN_KEY_VALUE # rubocop:disable GitlabSecurity/PublicSend
end

#latest_termsObject 



674
675
676
 
# File 'app/models/application_setting_implementation.rb', line 674

def latest_terms
  @latest_terms ||= ApplicationSetting::Term.latest
end

#normalized_repository_storage_weightsObject 



585
586
587
588
589
590
591
592
593
594
595
596
 
# File 'app/models/application_setting_implementation.rb', line 585

def normalized_repository_storage_weights
  strong_memoize(:normalized_repository_storage_weights) do
    repository_storages_weights = repository_storages_weighted.slice(*Gitlab.config.repositories.storages.keys)
    weights_total = repository_storages_weights.values.sum

    repository_storages_weights.transform_values do |w|
      next w if weights_total == 0

      w.to_f / weights_total
    end
  end
end

#notes_create_limit_allowlist_rawObject 



492
493
494
 
# File 'app/models/application_setting_implementation.rb', line 492

def notes_create_limit_allowlist_raw
  array_to_string(notes_create_limit_allowlist)
end

#notes_create_limit_allowlist_raw=(values) ⇒ Object 



496
497
498
 
# File 'app/models/application_setting_implementation.rb', line 496

def notes_create_limit_allowlist_raw=(values)
  self.notes_create_limit_allowlist = strings_to_array(values).map(&:downcase)
end

#outbound_local_requests_allowlist_arraysObject

This method separates out the strings stored in the application_setting.outbound_local_requests_whitelist array into 2 arrays; an array of IPAddr objects (‘[IPAddr.new(’127.0.0.1’)]‘), and an array of domain strings (`[’www.example.com’]‘).



466
467
468
469
470
471
472
473
474
 
# File 'app/models/application_setting_implementation.rb', line 466

def outbound_local_requests_allowlist_arrays
  strong_memoize(:outbound_local_requests_allowlist_arrays) do
    next [[], []] unless self.outbound_local_requests_whitelist

    ip_allowlist, domain_allowlist = separate_allowlists(self.outbound_local_requests_whitelist)

    [ip_allowlist, domain_allowlist]
  end
end

#outbound_local_requests_allowlist_rawObject 



443
444
445
 
# File 'app/models/application_setting_implementation.rb', line 443

def outbound_local_requests_allowlist_raw
  array_to_string(outbound_local_requests_whitelist)
end

#outbound_local_requests_allowlist_raw=(values) ⇒ Object 



447
448
449
450
451
 
# File 'app/models/application_setting_implementation.rb', line 447

def outbound_local_requests_allowlist_raw=(values)
  clear_memoization(:outbound_local_requests_allowlist_arrays)

  self.outbound_local_requests_whitelist = strings_to_array(values)
end

#password_authentication_enabled?Boolean

Returns:

  • (Boolean) 


661
662
663
 
# File 'app/models/application_setting_implementation.rb', line 661

def password_authentication_enabled?
  password_authentication_enabled_for_web? || password_authentication_enabled_for_git?
end

#performance_bar_allowed_groupObject 



576
577
578
 
# File 'app/models/application_setting_implementation.rb', line 576

def performance_bar_allowed_group
  Group.find_by_id(performance_bar_allowed_group_id)
end

#performance_bar_enabledObject

Return true if the Performance Bar is enabled for a given group



581
582
583
 
# File 'app/models/application_setting_implementation.rb', line 581

def performance_bar_enabled
  performance_bar_allowed_group_id.present?
end

#pick_repository_storageObject

Choose one of the available repository storage options based on a normalized weighted probability.



599
600
601
 
# File 'app/models/application_setting_implementation.rb', line 599

def pick_repository_storage
  normalized_repository_storage_weights.max_by { |_, weight| rand**(1.0 / weight) }.first
end

#protected_paths_for_get_request_rawObject 



484
485
486
 
# File 'app/models/application_setting_implementation.rb', line 484

def protected_paths_for_get_request_raw
  array_to_string(protected_paths_for_get_request)
end

#protected_paths_for_get_request_raw=(values) ⇒ Object 



488
489
490
 
# File 'app/models/application_setting_implementation.rb', line 488

def protected_paths_for_get_request_raw=(values)
  self.protected_paths_for_get_request = strings_to_array(values)
end

#protected_paths_rawObject 



476
477
478
 
# File 'app/models/application_setting_implementation.rb', line 476

def protected_paths_raw
  array_to_string(protected_paths)
end

#protected_paths_raw=(values) ⇒ Object 



480
481
482
 
# File 'app/models/application_setting_implementation.rb', line 480

def protected_paths_raw=(values)
  self.protected_paths = strings_to_array(values)
end

#repository_storages_with_default_weightObject 



700
701
702
703
704
705
706
707
708
 
# File 'app/models/application_setting_implementation.rb', line 700

def repository_storages_with_default_weight
  # config file config/gitlab.yml becomes SSOT for this API
  # see https://gitlab.com/gitlab-org/gitlab/-/issues/426091#note_1675160909
  storages_map = Gitlab.config.repositories.storages.keys.map do |storage|
    [storage, repository_storages_weighted[storage] || 0]
  end

  Hash[storages_map]
end

#reset_memoized_termsObject 



678
679
680
681
 
# File 'app/models/application_setting_implementation.rb', line 678

def reset_memoized_terms
  @latest_terms = nil # rubocop:disable Gitlab/ModuleWithInstanceVariables
  latest_terms
end

#restricted_visibility_levels=(levels) ⇒ Object 



564
565
566
 
# File 'app/models/application_setting_implementation.rb', line 564

def restricted_visibility_levels=(levels)
  super(levels&.map { |level| Gitlab::VisibilityLevel.level_value(level) })
end

#runners_registration_tokenObject 



603
604
605
606
607
 
# File 'app/models/application_setting_implementation.rb', line 603

def runners_registration_token
  return unless Gitlab::CurrentSettings.allow_runner_registration_token

  ensure_runners_registration_token!
end

#search_rate_limit_allowlist_rawObject 



508
509
510
 
# File 'app/models/application_setting_implementation.rb', line 508

def search_rate_limit_allowlist_raw
  array_to_string(search_rate_limit_allowlist)
end

#search_rate_limit_allowlist_raw=(values) ⇒ Object 



512
513
514
 
# File 'app/models/application_setting_implementation.rb', line 512

def search_rate_limit_allowlist_raw=(values)
  self.search_rate_limit_allowlist = strings_to_array(values).map(&:downcase)
end

#static_objects_external_storage_auth_token=(token) ⇒ Object 



568
569
570
571
572
573
574
 
# File 'app/models/application_setting_implementation.rb', line 568

def static_objects_external_storage_auth_token=(token)
  if token.present?
    set_static_objects_external_storage_auth_token(token)
  else
    self.static_objects_external_storage_auth_token_encrypted = nil
  end
end

#static_objects_external_storage_enabled?Boolean

Returns:

  • (Boolean) 


687
688
689
 
# File 'app/models/application_setting_implementation.rb', line 687

def static_objects_external_storage_enabled?
  static_objects_external_storage_url.present?
end

#usage_ping_can_be_configured?Boolean

Returns:

  • (Boolean) 


617
618
619
 
# File 'app/models/application_setting_implementation.rb', line 617

def usage_ping_can_be_configured?
  Settings.gitlab.usage_ping_enabled
end

#usage_ping_enabledObject Also known as: usage_ping_enabled? 



633
634
635
 
# File 'app/models/application_setting_implementation.rb', line 633

def usage_ping_enabled
  usage_ping_can_be_configured? && super
end

#usage_ping_features_enabledObject Also known as: usage_ping_features_enabled? 



621
622
623
624
625
626
627
628
629
 
# File 'app/models/application_setting_implementation.rb', line 621

def usage_ping_features_enabled
  return false unless usage_ping_enabled? && super

  if Gitlab.ee? && respond_to?(:include_optional_metrics_in_service_ping)
    return include_optional_metrics_in_service_ping
  end

  true
end

#usage_ping_generation_enabledObject Also known as: usage_ping_generation_enabled? 



639
640
641
 
# File 'app/models/application_setting_implementation.rb', line 639

def usage_ping_generation_enabled
  Gitlab::Utils.to_boolean(usage_ping_enabled?) || Gitlab::Utils.to_boolean(super)
end

#user_default_internal_regex_enabled?Boolean

Returns:

  • (Boolean) 


665
666
667
 
# File 'app/models/application_setting_implementation.rb', line 665

def user_default_internal_regex_enabled?
  user_default_external? && user_default_internal_regex.present?
end

#user_default_internal_regex_instanceObject 



669
670
671
 
# File 'app/models/application_setting_implementation.rb', line 669

def user_default_internal_regex_instance
  Regexp.new(user_default_internal_regex, Regexp::IGNORECASE)
end

#users_get_by_id_limit_allowlist_rawObject 



500
501
502
 
# File 'app/models/application_setting_implementation.rb', line 500

def users_get_by_id_limit_allowlist_raw
  array_to_string(users_get_by_id_limit_allowlist)
end

#users_get_by_id_limit_allowlist_raw=(values) ⇒ Object 



504
505
506
 
# File 'app/models/application_setting_implementation.rb', line 504

def users_get_by_id_limit_allowlist_raw=(values)
  self.users_get_by_id_limit_allowlist = strings_to_array(values).map(&:downcase)
end