access.rb 1.91 KB
Newer Older
1 2 3 4 5 6 7
# Gitlab::Access module
#
# Define allowed roles that can be used
# in GitLab code to determine authorization level
#
module Gitlab
  module Access
8 9
    class AccessDeniedError < StandardError; end

10 11 12 13 14 15
    GUEST     = 10
    REPORTER  = 20
    DEVELOPER = 30
    MASTER    = 40
    OWNER     = 50

16
    # Branch protection settings
17 18 19 20
    PROTECTION_NONE          = 0
    PROTECTION_DEV_CAN_PUSH  = 1
    PROTECTION_FULL          = 2
    PROTECTION_DEV_CAN_MERGE = 3
21

22 23 24 25 26
    class << self
      def values
        options.values
      end

27 28 29 30
      def all_values
        options_with_owner.values
      end

31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53
      def options
        {
          "Guest"     => GUEST,
          "Reporter"  => REPORTER,
          "Developer" => DEVELOPER,
          "Master"    => MASTER,
        }
      end

      def options_with_owner
        options.merge(
          "Owner" => OWNER
        )
      end

      def sym_options
        {
          guest:     GUEST,
          reporter:  REPORTER,
          developer: DEVELOPER,
          master:    MASTER,
        }
      end
54 55

      def protection_options
56
        {
57
          "Not protected: Both developers and masters can push new commits, force push, or delete the branch." => PROTECTION_NONE,
58
          "Protected against pushes: Developers cannot push new commits, but are allowed to accept merge requests to the branch." => PROTECTION_DEV_CAN_MERGE,
59 60
          "Partially protected: Developers can push new commits, but cannot force push or delete the branch. Masters can do all of those." => PROTECTION_DEV_CAN_PUSH,
          "Fully protected: Developers cannot push new commits, force push, or delete the branch. Only masters can do any of those." => PROTECTION_FULL,
61
        }
62
      end
63

64 65 66
      def protection_values
        protection_options.values
      end
67 68 69 70 71
    end

    def human_access
      Gitlab::Access.options_with_owner.key(access_field)
    end
72 73 74 75

    def owner?
      access_field == OWNER
    end
76 77
  end
end