Class: ProtectedBranch

Inherits:
ApplicationRecord show all
Includes:
EachBatch, FromUnion, Gitlab::SQL::Pattern, ProtectedRef
Defined in:
app/models/protected_branch.rb

Direct Known Subclasses

ExportedProtectedBranch

Defined Under Namespace

Classes: MergeAccessLevel, PushAccessLevel

Constant Summary

Constants included from Gitlab::SQL::Pattern

Gitlab::SQL::Pattern::MIN_CHARS_FOR_PARTIAL_MATCHING, Gitlab::SQL::Pattern::REGEX_QUOTED_TERM

Constants inherited from ApplicationRecord

ApplicationRecord::MAX_PLUCK

Constants included from ResetOnUnionError

ResetOnUnionError::MAX_RESET_PERIOD

Instance Attribute Summary

Attributes included from Importable

#imported, #importing

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Gitlab::SQL::Pattern

split_query_to_search_terms

Methods included from ProtectedRef

#commit

Methods inherited from ApplicationRecord

cached_column_list, #create_or_load_association, declarative_enum, default_select_columns, id_in, id_not_in, iid_in, pluck_primary_key, primary_key_in, #readable_by?, safe_ensure_unique, safe_find_or_create_by, safe_find_or_create_by!, #to_ability_name, underscore, where_exists, where_not_exists, with_fast_read_statement_timeout, without_order

Methods included from SensitiveSerializableHash

#serializable_hash

Class Method Details

.allow_force_push?(project, ref_name) ⇒ Boolean

Returns:

  • (Boolean)


54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# File 'app/models/protected_branch.rb', line 54

def self.allow_force_push?(project, ref_name)
  if allow_protected_branches_for_group?(project.group)
    protected_branches = project.all_protected_branches.matching(ref_name)

    project_protected_branches, group_protected_branches = protected_branches.partition(&:project_id)

    # Group owner can be able to enforce the settings
    return group_protected_branches.any?(&:allow_force_push) if group_protected_branches.present?
    return project_protected_branches.any?(&:allow_force_push) if project_protected_branches.present?

    false
  else
    project.protected_branches.allowing_force_push.matching(ref_name).any?
  end
end

.allow_protected_branches_for_group?(group) ⇒ Boolean

Returns:

  • (Boolean)


70
71
72
# File 'app/models/protected_branch.rb', line 70

def self.allow_protected_branches_for_group?(group)
  Feature.enabled?(:group_protected_branches, group) || Feature.enabled?(:allow_protected_branches_for_group, group)
end

.any_protected?(project, ref_names) ⇒ Boolean

Returns:

  • (Boolean)


74
75
76
77
78
79
80
# File 'app/models/protected_branch.rb', line 74

def self.any_protected?(project, ref_names)
  protected_refs(project).any? do |protected_ref|
    ref_names.any? do |ref_name|
      protected_ref.matches?(ref_name)
    end
  end
end

.branch_requires_code_owner_approval?(project, branch_name) ⇒ Boolean

overridden in EE

Returns:

  • (Boolean)


87
88
89
# File 'app/models/protected_branch.rb', line 87

def self.branch_requires_code_owner_approval?(project, branch_name)
  false
end

.by_name(query) ⇒ Object



91
92
93
94
95
# File 'app/models/protected_branch.rb', line 91

def self.by_name(query)
  return none if query.blank?

  where(fuzzy_arel_match(:name, query.downcase))
end

.downcase_humanized_nameObject



101
102
103
# File 'app/models/protected_branch.rb', line 101

def self.downcase_humanized_name
  name.underscore.humanize.downcase
end

.get_ids_by_name(name) ⇒ Object



24
25
26
# File 'app/models/protected_branch.rb', line 24

def self.get_ids_by_name(name)
  where(name: name).pluck(:id)
end

.protected?(project, ref_name) ⇒ Boolean

Check if branch name is marked as protected in the system

Returns:

  • (Boolean)


45
46
47
48
49
50
51
52
# File 'app/models/protected_branch.rb', line 45

def self.protected?(project, ref_name)
  return true if project.empty_repo? && project.default_branch_protected?
  return false if ref_name.blank?

  ProtectedBranches::CacheService.new(project).fetch(ref_name) do # rubocop: disable CodeReuse/ServiceClass
    self.matching(ref_name, protected_refs: protected_refs(project)).present?
  end
end

.protected_ref_accessible_to?(ref, user, project:, action:, protected_refs: nil) ⇒ Boolean

Returns:

  • (Boolean)


28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# File 'app/models/protected_branch.rb', line 28

def self.protected_ref_accessible_to?(ref, user, project:, action:, protected_refs: nil)
  if project.empty_repo?
    member_access = project.team.max_member_access(user.id)

    # Admins are always allowed to create the default branch
    return true if user.admin? || user.can?(:admin_project, project)

    # Developers can push if it is allowed by default branch protection settings
    if member_access == Gitlab::Access::DEVELOPER && project.initial_push_to_default_branch_allowed_for_developer?
      return true
    end
  end

  super
end

.protected_refs(project) ⇒ Object



82
83
84
# File 'app/models/protected_branch.rb', line 82

def self.protected_refs(project)
  project.all_protected_branches
end

Instance Method Details

#allow_multiple?(type) ⇒ Boolean

Returns:

  • (Boolean)


97
98
99
# File 'app/models/protected_branch.rb', line 97

def allow_multiple?(type)
  type == :push
end

#default_branch?Boolean

Returns:

  • (Boolean)


105
106
107
# File 'app/models/protected_branch.rb', line 105

def default_branch?
  name == project.default_branch
end

#entityObject



117
118
119
# File 'app/models/protected_branch.rb', line 117

def entity
  group || project
end

#group_level?Boolean

Returns:

  • (Boolean)


109
110
111
# File 'app/models/protected_branch.rb', line 109

def group_level?
  entity.is_a?(Group)
end

#project_level?Boolean

Returns:

  • (Boolean)


113
114
115
# File 'app/models/protected_branch.rb', line 113

def project_level?
  entity.is_a?(Project)
end