Class: ContainerRegistry::Protection::TagRule

Inherits:
ApplicationRecord show all
Defined in:
app/models/container_registry/protection/tag_rule.rb

Constant Summary collapse

ACCESS_LEVELS = 
Gitlab::Access.sym_options_with_admin.slice(:maintainer, :owner, :admin).freeze
MAX_TAG_RULES_PER_PROJECT = 
5
DELETE_ACTIONS = 
['delete'].freeze

Constants inherited from ApplicationRecord

ApplicationRecord::MAX_PLUCK

Constants included from HasCheckConstraints

HasCheckConstraints::NOT_NULL_CHECK_PATTERN

Constants included from ResetOnColumnErrors

ResetOnColumnErrors::MAX_RESET_PERIOD

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from ApplicationRecord

===, cached_column_list, #create_or_load_association, current_transaction, declarative_enum, default_select_columns, delete_all_returning, #deleted_from_database?, id_in, id_not_in, iid_in, nullable_column?, primary_key_in, #readable_by?, safe_ensure_unique, safe_find_or_create_by, safe_find_or_create_by!, #to_ability_name, underscore, where_exists, where_not_exists, with_fast_read_statement_timeout, without_order

Methods included from Organizations::Sharding

#sharding_organization

Methods included from ResetOnColumnErrors

#reset_on_union_error, #reset_on_unknown_attribute_error

Methods included from Gitlab::SensitiveSerializableHash

#serializable_hash

Class Method Details

.base_conditions_for_actions_and_access(actions, access_level) ⇒ Object 



44
45
46
47
48
49
 
# File 'app/models/container_registry/protection/tag_rule.rb', line 44

def self.base_conditions_for_actions_and_access(actions, access_level)
  conditions = []
  conditions << arel_table[:minimum_access_level_for_push].gt(access_level) if actions.include?('push')
  conditions << arel_table[:minimum_access_level_for_delete].gt(access_level) if actions.include?('delete')
  conditions
end

Instance Method Details

#can_be_deleted?(user) ⇒ Boolean 



63
64
65
66
67
68
 
# File 'app/models/container_registry/protection/tag_rule.rb', line 63

def can_be_deleted?(user)
  return false if user.nil?
  return true if user.can_admin_all_resources?

  minimum_level_to_delete_rule <= project.team.max_member_access(user.id)
end

#delete_restricted?(access_level) ⇒ Boolean 



55
56
57
 
# File 'app/models/container_registry/protection/tag_rule.rb', line 55

def delete_restricted?(access_level)
  Gitlab::Access.sym_options_with_admin[minimum_access_level_for_delete.to_sym] > access_level
end

#matches_tag_name?(name) ⇒ Boolean 



70
71
72
 
# File 'app/models/container_registry/protection/tag_rule.rb', line 70

def matches_tag_name?(name)
  ::Gitlab::UntrustedRegexp.new(tag_name_pattern).match?(name)
end

#mutable?Boolean 



59
60
61
 
# File 'app/models/container_registry/protection/tag_rule.rb', line 59

def mutable?
  [minimum_access_level_for_push, minimum_access_level_for_delete].all?(&:present?)
end

#push_restricted?(access_level) ⇒ Boolean 



51
52
53
 
# File 'app/models/container_registry/protection/tag_rule.rb', line 51

def push_restricted?(access_level)
  Gitlab::Access.sym_options_with_admin[minimum_access_level_for_push.to_sym] > access_level
end

#typeObject 



74
75
76
 
# File 'app/models/container_registry/protection/tag_rule.rb', line 74

def type
  'mutable'
end

#uniqueness_scopeObject 



78
79
80
 
# File 'app/models/container_registry/protection/tag_rule.rb', line 78

def uniqueness_scope
  self.class.mutable
end