Class: DeployToken

Inherits:
ApplicationRecord show all
Includes:
Expirable, Gitlab::Utils::StrongMemoize, PolicyActor, TokenAuthenticatable
Defined in:
app/models/deploy_token.rb

Constant Summary collapse

AVAILABLE_SCOPES =
%i(read_repository read_registry write_registry
read_package_registry write_package_registry).freeze
GITLAB_DEPLOY_TOKEN_NAME =
'gitlab-deploy-token'

Constants included from Expirable

Expirable::DAYS_TO_EXPIRE

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Gitlab::Utils::StrongMemoize

#clear_memoization, #strong_memoize, #strong_memoized?

Methods included from PolicyActor

#access_locked?, #admin?, #alert_bot?, #blocked?, #can?, #can_create_group, #confirmation_required_on_sign_in?, #deactivated?, #external?, #internal?, #preferred_language, #required_terms_not_accepted?, #requires_ldap_check?, #support_bot?, #try_obtain_ldap_lease

Methods included from Expirable

#expires?, #expires_soon?

Methods inherited from ApplicationRecord

at_most, id_in, id_not_in, iid_in, pluck_primary_key, primary_key_in, safe_ensure_unique, safe_find_or_create_by, safe_find_or_create_by!, underscore, without_order

Class Method Details

.gitlab_deploy_tokenObject


45
46
47
# File 'app/models/deploy_token.rb', line 45

def self.gitlab_deploy_token
  active.find_by(name: GITLAB_DEPLOY_TOKEN_NAME)
end

Instance Method Details

#active?Boolean

Returns:

  • (Boolean)

53
54
55
# File 'app/models/deploy_token.rb', line 53

def active?
  !revoked && !expired?
end

#expires_atObject


91
92
93
94
# File 'app/models/deploy_token.rb', line 91

def expires_at
  expires_at = read_attribute(:expires_at)
  expires_at != Forever.date ? expires_at : nil
end

#expires_at=(value) ⇒ Object


96
97
98
# File 'app/models/deploy_token.rb', line 96

def expires_at=(value)
  write_attribute(:expires_at, value.presence || Forever.date)
end

#has_access_to?(requested_project) ⇒ Boolean

Returns:

  • (Boolean)

65
66
67
68
69
70
# File 'app/models/deploy_token.rb', line 65

def has_access_to?(requested_project)
  return false unless active?
  return false unless holder

  holder.has_access_to?(requested_project)
end

#holderObject


81
82
83
84
85
86
87
88
89
# File 'app/models/deploy_token.rb', line 81

def holder
  strong_memoize(:holder) do
    if project_type?
      project_deploy_tokens.first
    elsif group_type?
      group_deploy_tokens.first
    end
  end
end

#projectObject

This is temporal. Currently we limit DeployToken to a single project or group, later we're going to extend that to be for multiple projects and namespaces.


75
76
77
78
79
# File 'app/models/deploy_token.rb', line 75

def project
  strong_memoize(:project) do
    projects.first
  end
end

#revoke!Object


49
50
51
# File 'app/models/deploy_token.rb', line 49

def revoke!
  update!(revoked: true)
end

#scopesObject


57
58
59
# File 'app/models/deploy_token.rb', line 57

def scopes
  AVAILABLE_SCOPES.select { |token_scope| read_attribute(token_scope) }
end

#usernameObject


61
62
63
# File 'app/models/deploy_token.rb', line 61

def username
  super || default_username
end