Module: Gitlab::ExternalAuthorization

Extended by:
Config
Defined in:
lib/gitlab/external_authorization.rb,
lib/gitlab/external_authorization/cache.rb,
lib/gitlab/external_authorization/access.rb,
lib/gitlab/external_authorization/client.rb,
lib/gitlab/external_authorization/config.rb,
lib/gitlab/external_authorization/logger.rb,
lib/gitlab/external_authorization/response.rb

Defined Under Namespace

Modules: Config Classes: Access, Cache, Client, Logger, Response

Constant Summary collapse

RequestFailed =
Class.new(StandardError)

Class Method Summary collapse

Methods included from Config

allow_deploy_tokens_and_deploy_keys?, client_cert, client_key, client_key_pass, enabled?, has_tls?, perform_check?, service_url, timeout

Class Method Details

.access_allowed?(user, label, project_path = nil) ⇒ Boolean

Returns:

  • (Boolean)


9
10
11
12
13
14
# File 'lib/gitlab/external_authorization.rb', line 9

def self.access_allowed?(user, label, project_path = nil)
  return true unless perform_check?
  return false unless user

  access_for_user_to_label(user, label, project_path).has_access?
end

.access_for_user_to_label(user, label, project_path) ⇒ Object



23
24
25
26
27
28
29
30
31
# File 'lib/gitlab/external_authorization.rb', line 23

def self.access_for_user_to_label(user, label, project_path)
  if RequestStore.active?
    RequestStore.fetch("external_authorisation:user-#{user.id}:label-#{label}") do
      load_access(user, label, project_path)
    end
  else
    load_access(user, label, project_path)
  end
end

.load_access(user, label, project_path) ⇒ Object



33
34
35
36
37
38
# File 'lib/gitlab/external_authorization.rb', line 33

def self.load_access(user, label, project_path)
  access = ::Gitlab::ExternalAuthorization::Access.new(user, label).load!
  ::Gitlab::ExternalAuthorization::Logger.log_access(access, project_path)

  access
end

.rejection_reason(user, label) ⇒ Object



16
17
18
19
20
21
# File 'lib/gitlab/external_authorization.rb', line 16

def self.rejection_reason(user, label)
  return unless enabled?
  return unless user

  access_for_user_to_label(user, label, nil).reason
end