Class: ApplicationSetting

Inherits:
ApplicationRecord show all
Includes:
ApplicationSettingImplementation, CacheMarkdownField, CacheableAttributes, ChronicDurationAttribute, Sanitizable, TokenAuthenticatable
Defined in:
app/models/application_setting.rb,
app/models/application_setting/term.rb,
app/policies/application_setting/term_policy.rb

Defined Under Namespace

Classes: Term, TermPolicy

Constant Summary collapse

INSTANCE_REVIEW_MIN_USERS =
50
GRAFANA_URL_ERROR_MESSAGE =
'Please check your Grafana URL setting in ' \
'Admin area > Settings > Metrics and profiling > Metrics - Grafana'
KROKI_URL_ERROR_MESSAGE =
'Please check your Kroki URL setting in ' \
'Admin area > Settings > General > Kroki'
ADDRESSABLE_URL_VALIDATION_OPTIONS =

Validate URIs in this model according to the current value of the ‘deny_all_requests_except_allowed` property, rather than the persisted value.

{
  deny_all_requests_except_allowed: ->(settings) do
    settings.deny_all_requests_except_allowed
  end
}.freeze
HUMANIZED_ATTRIBUTES =
{
  archive_builds_in_seconds: 'Archive job value'
}.freeze
DEFAULT_BRANCH_PROTECTIONS_DEFAULT_MAX_SIZE =

matches the size set in the database constraint

1.kilobyte
PACKAGE_REGISTRY_SETTINGS =
[:nuget_skip_metadata_url_validation].freeze
USERS_UNCONFIRMED_SECONDARY_EMAILS_DELETE_AFTER_DAYS =
3
INACTIVE_RESOURCE_ACCESS_TOKENS_DELETE_AFTER_DAYS =
30
Recursion =
Class.new(RuntimeError)

Constants included from ApplicationSettingImplementation

ApplicationSettingImplementation::DEFAULT_MINIMUM_PASSWORD_LENGTH, ApplicationSettingImplementation::DEFAULT_PROTECTED_PATHS, ApplicationSettingImplementation::FORBIDDEN_KEY_VALUE, ApplicationSettingImplementation::STRING_LIST_SEPARATOR, ApplicationSettingImplementation::VALID_RUNNER_REGISTRAR_TYPES

Constants included from CacheMarkdownField

CacheMarkdownField::INVALIDATED_BY

Constants inherited from ApplicationRecord

ApplicationRecord::MAX_PLUCK

Constants included from HasCheckConstraints

HasCheckConstraints::NOT_NULL_CHECK_PATTERN

Constants included from ResetOnColumnErrors

ResetOnColumnErrors::MAX_RESET_PERIOD

Instance Attribute Summary

Attributes included from CacheMarkdownField

#skip_markdown_cache_validation

Class Method Summary collapse

Instance Method Summary collapse

Methods included from ApplicationSettingImplementation

#add_to_outbound_local_requests_whitelist, #allow_signup?, #allowed_key_types, #archive_builds_older_than, #asset_proxy_allowlist, #asset_proxy_whitelist=, #commit_email_hostname, #default_group_visibility=, #default_project_visibility=, #default_snippet_visibility=, #disabled_oauth_sign_in_sources=, #domain_allowlist_raw, #domain_allowlist_raw=, #domain_denylist_file=, #domain_denylist_raw, #domain_denylist_raw=, #ensure_key_restrictions!, #error_tracking_access_token, #health_check_access_token, #help_page_support_url_column_exists?, #home_page_url_column_exists?, #key_restriction_for, #latest_terms, #normalized_repository_storage_weights, #notes_create_limit_allowlist_raw, #notes_create_limit_allowlist_raw=, #outbound_local_requests_allowlist_arrays, #outbound_local_requests_allowlist_raw, #outbound_local_requests_allowlist_raw=, #password_authentication_enabled?, #performance_bar_allowed_group, #performance_bar_enabled, #pick_repository_storage, #protected_paths_for_get_request_raw, #protected_paths_for_get_request_raw=, #protected_paths_raw, #protected_paths_raw=, #repository_storages_with_default_weight, #reset_memoized_terms, #restricted_visibility_levels=, #runners_registration_token, #search_rate_limit_allowlist_raw, #search_rate_limit_allowlist_raw=, #static_objects_external_storage_auth_token=, #static_objects_external_storage_enabled?, #usage_ping_can_be_configured?, #usage_ping_enabled, #usage_ping_features_enabled, #user_default_internal_regex_enabled?, #user_default_internal_regex_instance, #users_get_by_id_limit_allowlist_raw, #users_get_by_id_limit_allowlist_raw=

Methods included from ChronicDurationAttribute

#chronic_duration_attributes, #output_chronic_duration_attribute

Methods included from CacheMarkdownField

#attribute_invalidated?, #banzai_render_context, #cached_html_for, #cached_html_up_to_date?, #can_cache_field?, #invalidated_markdown_cache?, #latest_cached_markdown_version, #mentionable_attributes_changed?, #mentioned_filtered_user_ids_for, #parent_user, #refresh_markdown_cache, #refresh_markdown_cache!, #rendered_field_content, #skip_project_check?, #store_mentions!, #store_mentions_after_commit?, #updated_cached_html_for

Methods included from CacheableAttributes

#cache!

Methods inherited from ApplicationRecord

===, cached_column_list, #create_or_load_association, declarative_enum, default_select_columns, id_in, id_not_in, iid_in, nullable_column?, pluck_primary_key, primary_key_in, #readable_by?, safe_ensure_unique, safe_find_or_create_by, safe_find_or_create_by!, #to_ability_name, underscore, where_exists, where_not_exists, with_fast_read_statement_timeout, without_order

Methods included from ResetOnColumnErrors

#reset_on_union_error, #reset_on_unknown_attribute_error

Methods included from Gitlab::SensitiveSerializableHash

#serializable_hash

Class Method Details

.cache_backendObject

By default, the backend is Rails.cache, which uses ActiveSupport::Cache::RedisStore. Since loading ApplicationSetting can cause a significant amount of load on Redis, let’s cache it in memory.



984
985
986
# File 'app/models/application_setting.rb', line 984

def self.cache_backend
  Gitlab::ProcessMemoryCache.cache_backend
end

.check_schema!Object

Due to the frequency with which settings are accessed, it is likely that during a backup restore a running GitLab process will insert a new ‘application_settings` row before the constraints have been added to the table. This would add an extra row with ID 1 and prevent the primary key constraint from being added, which made ActiveRecord throw a IrreversibleOrderError anytime the settings were accessed (gitlab.com/gitlab-org/gitlab/-/issues/36405). To prevent this from happening, we do a sanity check that the primary key constraint is present before inserting a new entry.



974
975
976
977
978
# File 'app/models/application_setting.rb', line 974

def self.check_schema!
  return if connection.primary_key(table_name).present?

  raise "The `#{table_name}` table is missing a primary key constraint in the database schema"
end

.create_from_defaultsObject



939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
# File 'app/models/application_setting.rb', line 939

def self.create_from_defaults
  # this is possible if calls to create the record depend on application
  # settings themselves. This was seen in the case of a feature flag called by
  # `transaction` that ended up requiring application settings to determine metrics behavior.
  # If something like that happens, we break the loop here, and let the caller decide how to manage it.
  raise Recursion if Thread.current[:application_setting_create_from_defaults]

  Thread.current[:application_setting_create_from_defaults] = true

  check_schema!

  transaction(requires_new: true) do # rubocop:disable Performance/ActiveRecordSubtransactions
    super
  end
rescue ActiveRecord::RecordNotUnique
  # We already have an ApplicationSetting record, so just return it.
  current_without_cache
ensure
  Thread.current[:application_setting_create_from_defaults] = nil
end

.find_or_create_without_cacheObject



960
961
962
# File 'app/models/application_setting.rb', line 960

def self.find_or_create_without_cache
  current_without_cache || create_from_defaults
end

.human_attribute_name(attribute, *options) ⇒ Object



988
989
990
# File 'app/models/application_setting.rb', line 988

def self.human_attribute_name(attribute, *options)
  HUMANIZED_ATTRIBUTES[attribute.to_sym] || super
end

.kroki_formats_attributesObject



67
68
69
70
71
72
73
74
75
76
77
78
79
# File 'app/models/application_setting.rb', line 67

def self.kroki_formats_attributes
  {
    blockdiag: {
      label: 'BlockDiag (includes BlockDiag, SeqDiag, ActDiag, NwDiag, PacketDiag, and RackDiag)'
    },
    bpmn: {
      label: 'BPMN'
    },
    excalidraw: {
      label: 'Excalidraw'
    }
  }
end

Instance Method Details

#default_branch_protected?Boolean

Returns:

  • (Boolean)


925
926
927
# File 'app/models/application_setting.rb', line 925

def default_branch_protected?
  Gitlab::Access::DefaultBranchProtection.new(default_branch_protection_defaults).any?
end

#failed_login_attempts_unlock_period_in_minutes_column_exists?Boolean

Returns:

  • (Boolean)


1023
1024
1025
# File 'app/models/application_setting.rb', line 1023

def 
  self.class.database.cached_column_exists?(:failed_login_attempts_unlock_period_in_minutes)
end

#grafana_url_absolute?Boolean

Returns:

  • (Boolean)


905
906
907
# File 'app/models/application_setting.rb', line 905

def grafana_url_absolute?
  parsed_grafana_url&.absolute?
end

#instance_review_permitted?Boolean

Returns:

  • (Boolean)


929
930
931
932
933
934
935
# File 'app/models/application_setting.rb', line 929

def instance_review_permitted?
  users_count = Rails.cache.fetch('limited_users_count', expires_in: 1.day) do
    ::User.limit(INSTANCE_REVIEW_MIN_USERS + 1).count(:all)
  end

  users_count >= INSTANCE_REVIEW_MIN_USERS
end

#kroki_format_supported?(diagram_type) ⇒ Boolean

Returns:

  • (Boolean)


1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
# File 'app/models/application_setting.rb', line 1002

def kroki_format_supported?(diagram_type)
  case diagram_type
  when 'excalidraw'
    return kroki_formats_excalidraw
  when 'bpmn'
    return kroki_formats_bpmn
  end

  return kroki_formats_blockdiag if ::Gitlab::Kroki::BLOCKDIAG_FORMATS.include?(diagram_type)

  ::AsciidoctorExtensions::Kroki::SUPPORTED_DIAGRAM_NAMES.include?(diagram_type)
end

#kroki_url_absolute?Boolean

Returns:

  • (Boolean)


913
914
915
# File 'app/models/application_setting.rb', line 913

def kroki_url_absolute?
  parsed_kroki_url&.absolute?
end

#max_login_attempts_column_exists?Boolean

Returns:

  • (Boolean)


1019
1020
1021
# File 'app/models/application_setting.rb', line 1019

def 
  self.class.database.cached_column_exists?(:max_login_attempts)
end

#normalize_default_branch_nameObject



921
922
923
# File 'app/models/application_setting.rb', line 921

def normalize_default_branch_name
  self.default_branch_name = default_branch_name.presence
end

#personal_access_tokens_disabled?Boolean

Returns:

  • (Boolean)


1015
1016
1017
# File 'app/models/application_setting.rb', line 1015

def personal_access_tokens_disabled?
  false
end

#recaptcha_or_login_protection_enabledObject



992
993
994
# File 'app/models/application_setting.rb', line 992

def 
  recaptcha_enabled || 
end

#sourcegraph_url_is_com?Boolean

Returns:

  • (Boolean)


917
918
919
# File 'app/models/application_setting.rb', line 917

def sourcegraph_url_is_com?
  !!(sourcegraph_url =~ %r{\Ahttps://(www\.)?sourcegraph\.com})
end

#validate_grafana_urlObject



901
902
903
# File 'app/models/application_setting.rb', line 901

def validate_grafana_url
  validate_url(parsed_grafana_url, :grafana_url, GRAFANA_URL_ERROR_MESSAGE)
end

#validate_kroki_urlObject



909
910
911
# File 'app/models/application_setting.rb', line 909

def validate_kroki_url
  validate_url(parsed_kroki_url, :kroki_url, KROKI_URL_ERROR_MESSAGE)
end