Class: Ci::JobToken::Allowlist

Inherits:

Object

• Object
• Ci::JobToken::Allowlist

Includes:

Gitlab::Utils::StrongMemoize

Defined in:

app/models/ci/job_token/allowlist.rb

Instance Method Summary

• #add!(target_project, user:, default_permissions: true, policies: []) ⇒ Object
• #add_group!(target_group, user:, default_permissions: true, policies: []) ⇒ Object
• #autopopulated_group_global_ids ⇒ Object
• #autopopulated_project_global_ids ⇒ Object
• #bulk_add_groups!(target_groups, user:, policies: []) ⇒ Object
• #bulk_add_projects!(target_projects, user:, policies: []) ⇒ Object
• #group_link_traversal_ids ⇒ Object
• #group_links ⇒ Object
• #groups ⇒ Object
• #includes_group?(target_project) ⇒ Boolean
• #includes_project?(target_project) ⇒ Boolean
• #initialize(source_project, direction: :inbound) ⇒ Allowlist constructor

  A new instance of Allowlist.

• #nearest_scope_for_target_project(target_project) ⇒ Object
• #project_link_traversal_ids ⇒ Object
• #project_links ⇒ Object
• #projects ⇒ Object

Constructor Details

#initialize(source_project, direction: :inbound) ⇒ Allowlist

Returns a new instance of Allowlist.

# File 'app/models/ci/job_token/allowlist.rb', line 8

def initialize(source_project, direction: :inbound)
  @source_project = source_project
  @direction = direction
end

Instance Method Details

#add!(target_project, user:, default_permissions: true, policies: []) ⇒ Object

# File 'app/models/ci/job_token/allowlist.rb', line 36

def add!(target_project, user:, default_permissions: true, policies: [])
  Ci::JobToken::ProjectScopeLink.create!(
    source_project: @source_project,
    direction: @direction,
    target_project: target_project,
    added_by: user,
    default_permissions: default_permissions,
    job_token_policies: policies
  )
end

#add_group!(target_group, user:, default_permissions: true, policies: []) ⇒ Object

# File 'app/models/ci/job_token/allowlist.rb', line 47

def add_group!(target_group, user:, default_permissions: true, policies: [])
  Ci::JobToken::GroupScopeLink.create!(
    source_project: @source_project,
    target_group: target_group,
    added_by: user,
    default_permissions: default_permissions,
    job_token_policies: policies
  )
end

#autopopulated_group_global_ids ⇒ Object

# File 'app/models/ci/job_token/allowlist.rb', line 71

def autopopulated_group_global_ids
  group_links.autopopulated.map { |link| link.target_group.to_global_id }.uniq
end

#autopopulated_project_global_ids ⇒ Object

# File 'app/models/ci/job_token/allowlist.rb', line 67

def autopopulated_project_global_ids
  project_links.autopopulated.map { |link| link.target_project.to_global_id }.uniq
end

#bulk_add_groups!(target_groups, user:, policies: []) ⇒ Object

# File 'app/models/ci/job_token/allowlist.rb', line 103

def bulk_add_groups!(target_groups, user:, policies: [])
  now = Time.zone.now

  groups = target_groups.map do |target_group|
    Ci::JobToken::GroupScopeLink.new(
      source_project_id: @source_project.id,
      target_group: target_group,
      added_by: user,
      job_token_policies: policies,
      created_at: now
    )
  end

  Ci::JobToken::GroupScopeLink.bulk_insert!(groups)
end

#bulk_add_projects!(target_projects, user:, policies: []) ⇒ Object

# File 'app/models/ci/job_token/allowlist.rb', line 86

def bulk_add_projects!(target_projects, user:, policies: [])
  now = Time.zone.now

  projects = target_projects.map do |target_project|
    Ci::JobToken::ProjectScopeLink.new(
      source_project_id: @source_project.id,
      target_project: target_project,
      added_by: user,
      job_token_policies: policies,
      direction: @direction,
      created_at: now
    )
  end

  Ci::JobToken::ProjectScopeLink.bulk_insert!(projects)
end

#group_link_traversal_ids ⇒ Object

# File 'app/models/ci/job_token/allowlist.rb', line 63

def group_link_traversal_ids
  group_links.includes(:target_group).map { |g| g.target_group.traversal_ids }
end

#group_links ⇒ Object

# File 'app/models/ci/job_token/allowlist.rb', line 81

def group_links
  Ci::JobToken::GroupScopeLink
    .with_source(@source_project)
end

#groups ⇒ Object

# File 'app/models/ci/job_token/allowlist.rb', line 32

def groups
  ::Group.id_in(group_links.pluck(:target_group_id))
end

#includes_group?(target_project) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/ci/job_token/allowlist.rb', line 19

def includes_group?(target_project)
  group_links_for_target(target_project).any?
end

#includes_project?(target_project) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/ci/job_token/allowlist.rb', line 13

def includes_project?(target_project)
  project_links
    .with_target(target_project)
    .exists?
end

#nearest_scope_for_target_project(target_project) ⇒ Object

# File 'app/models/ci/job_token/allowlist.rb', line 23

def nearest_scope_for_target_project(target_project)
  project_links.with_target(target_project).first ||
    group_links_for_target(target_project).first
end

#project_link_traversal_ids ⇒ Object

# File 'app/models/ci/job_token/allowlist.rb', line 57

def project_link_traversal_ids
  project_links.includes(target_project: :project_namespace).map do |p|
    p.target_project.project_namespace.traversal_ids
  end
end

#project_links ⇒ Object

# File 'app/models/ci/job_token/allowlist.rb', line 75

def project_links
  Ci::JobToken::ProjectScopeLink
    .with_source(@source_project)
    .where(direction: @direction)
end

#projects ⇒ Object

# File 'app/models/ci/job_token/allowlist.rb', line 28

def projects
  Project.from_union(target_projects, remove_duplicates: false)
end