Class: NamespaceSetting

Inherits:
ApplicationRecord show all
Includes:
CascadingNamespaceSettingAttribute, ChronicDurationAttribute, EachBatch, NullifyIfBlank, SafelyChangeColumnDefault, Sanitizable
Defined in:
app/models/namespace_setting.rb

Constant Summary collapse

NAMESPACE_SETTINGS_PARAMS = 
i[
  emails_enabled
  default_branch_name
  resource_access_token_creation_allowed
  prevent_sharing_groups_outside_hierarchy
  new_user_signups_cap
  setup_for_company
  seat_control
  jobs_to_be_done
  runner_token_expiration_interval
  enabled_git_access_protocol
  subgroup_runner_token_expiration_interval
  project_runner_token_expiration_interval
  default_branch_protection_defaults
  math_rendering_limits_enabled
  lock_math_rendering_limits_enabled
  jwt_ci_cd_job_token_enabled
].freeze
DEFAULT_BRANCH_PROTECTIONS_DEFAULT_MAX_SIZE =

matches the size set in the database constraint

1.kilobyte

Constants inherited from ApplicationRecord

ApplicationRecord::MAX_PLUCK

Constants included from HasCheckConstraints

HasCheckConstraints::NOT_NULL_CHECK_PATTERN

Constants included from ResetOnColumnErrors

ResetOnColumnErrors::MAX_RESET_PERIOD

Class Method Summary collapse

Instance Method Summary collapse

Methods included from ChronicDurationAttribute

#chronic_duration_attributes, #output_chronic_duration_attribute

Methods inherited from ApplicationRecord

===, cached_column_list, #create_or_load_association, current_transaction, declarative_enum, default_select_columns, delete_all_returning, #deleted_from_database?, id_in, id_not_in, iid_in, nullable_column?, primary_key_in, #readable_by?, safe_ensure_unique, safe_find_or_create_by, safe_find_or_create_by!, #to_ability_name, underscore, where_exists, where_not_exists, with_fast_read_statement_timeout, without_order

Methods included from Organizations::Sharding

#sharding_organization

Methods included from ResetOnColumnErrors

#reset_on_union_error, #reset_on_unknown_attribute_error

Methods included from Gitlab::SensitiveSerializableHash

#serializable_hash

Class Method Details

.allowed_namespace_settings_paramsObject 



113
114
115
 
# File 'app/models/namespace_setting.rb', line 113

def self.allowed_namespace_settings_params
  NAMESPACE_SETTINGS_PARAMS
end

.declarative_policy_classObject 



109
110
111
 
# File 'app/models/namespace_setting.rb', line 109

def self.declarative_policy_class
  "Ci::NamespaceSettingPolicy"
end

.enterprise_bypass_max_dateObject 



121
122
123
 
# File 'app/models/namespace_setting.rb', line 121

def self.enterprise_bypass_max_date
  Date.current.advance(years: 1, days: -1).end_of_day
end

.enterprise_bypass_min_dateObject 



117
118
119
 
# File 'app/models/namespace_setting.rb', line 117

def self.enterprise_bypass_min_date
  Date.current.tomorrow.beginning_of_day
end

Instance Method Details

#all_ancestors_have_runner_registration_enabled?Boolean

Returns:

  • (Boolean) 


157
158
159
160
161
162
163
 
# File 'app/models/namespace_setting.rb', line 157

def all_ancestors_have_runner_registration_enabled?
  return false unless Gitlab::CurrentSettings.valid_runner_registrars.include?('group')

  return true unless namespace.has_parent?

  !self.class.where(namespace_id: namespace.ancestors, runner_registration_enabled: false).exists?
end

#allow_runner_registration_token?Boolean

Returns:

  • (Boolean) 


165
166
167
168
169
 
# File 'app/models/namespace_setting.rb', line 165

def allow_runner_registration_token?
  settings = Gitlab::CurrentSettings.current_application_settings

  settings.allow_runner_registration_token && namespace.root_ancestor.allow_runner_registration_token
end

#emails_enabled?Boolean

Returns:

  • (Boolean) 


140
141
142
143
144
 
# File 'app/models/namespace_setting.rb', line 140

def emails_enabled?
  return emails_enabled unless namespace.has_parent?

  all_ancestors_have_emails_enabled?
end

#enterprise_placeholder_bypass_enabled?Boolean

Returns:

  • (Boolean) 


177
178
179
 
# File 'app/models/namespace_setting.rb', line 177

def enterprise_placeholder_bypass_enabled?
  allow_enterprise_bypass_placeholder_confirmation? && enterprise_bypass_expires_at.present? && enterprise_bypass_expires_at.future?
end

#jwt_ci_cd_job_token_enabled?Boolean

Returns:

  • (Boolean) 


171
172
173
174
175
 
# File 'app/models/namespace_setting.rb', line 171

def jwt_ci_cd_job_token_enabled?
  return true if Feature.enabled?(:ci_job_token_jwt, namespace) && !jwt_ci_cd_job_token_opted_out?

  super
end

#pipeline_variables_default_roleObject 



131
132
133
134
135
136
137
138
 
# File 'app/models/namespace_setting.rb', line 131

def pipeline_variables_default_role
  # We consider only the root namespace setting to cascade the default value to all projects.
  # By ignoring settings from sub-groups we don't need to deal with complexities from
  # hierarchical settings.
  return namespace.root_ancestor.pipeline_variables_default_role unless namespace.root?

  super
end

#prevent_sharing_groups_outside_hierarchyObject 



125
126
127
128
129
 
# File 'app/models/namespace_setting.rb', line 125

def prevent_sharing_groups_outside_hierarchy
  return super if namespace.root?

  namespace.root_ancestor.prevent_sharing_groups_outside_hierarchy
end

#runner_registration_enabled?Boolean

Returns:

  • (Boolean) 


153
154
155
 
# File 'app/models/namespace_setting.rb', line 153

def runner_registration_enabled?
  runner_registration_enabled && all_ancestors_have_runner_registration_enabled?
end

#show_diff_preview_in_email?Boolean

Where this function is used, a returned “nil” is considered a truthy value

Returns:

  • (Boolean) 


147
148
149
150
151
 
# File 'app/models/namespace_setting.rb', line 147

def show_diff_preview_in_email?
  return show_diff_preview_in_email unless namespace.has_parent?

  all_ancestors_allow_diff_preview_in_email?
end

#step_up_auth_required_oauth_provider_from_self_or_inheritedObject

Returns the active/effective step-up auth provider, considering inheritance from parent groups



203
204
205
 
# File 'app/models/namespace_setting.rb', line 203

def step_up_auth_required_oauth_provider_from_self_or_inherited
  step_up_auth_required_oauth_provider_inherited_namespace_setting&.step_up_auth_required_oauth_provider || step_up_auth_required_oauth_provider
end

#step_up_auth_required_oauth_provider_inherited_namespace_settingObject

Returns the namespace_setting that provides the inherited step-up auth provider (excluding self) This is the base method that all other inheritance methods build upon



183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
 
# File 'app/models/namespace_setting.rb', line 183

def step_up_auth_required_oauth_provider_inherited_namespace_setting
  # Use traversal_ids for efficient ancestor lookup
  # traversal_ids is an array like [root_id, parent_id, ..., current_id]
  # We need to exclude self (current_id is the last element)
  ancestor_ids = namespace.traversal_ids[0..-2] # All except the last element (self)

  return if ancestor_ids.empty?

  # Single optimized query using traversal_ids
  # Order by position in traversal_ids array (root first, so most distant ancestor has precedence)
  @step_up_auth_inherited_setting ||= self.class
    .joins(:namespace)
    .where(namespace_id: ancestor_ids)
    .where.not(step_up_auth_required_oauth_provider: nil)
    .order(Arel.sql("array_position(ARRAY[#{ancestor_ids.join(',')}]::bigint[], namespace_settings.namespace_id)"))
    .includes(:namespace)
    .first
end