mirror of
https://gitlab.com/gitlab-org/gitlab-foss.git
synced 2025-07-25 16:03:48 +00:00
78 lines
3.2 KiB
Ruby
78 lines
3.2 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class ProjectAuthorization < ApplicationRecord
|
|
extend SuppressCompositePrimaryKeyWarning
|
|
include EachBatch
|
|
include FromUnion
|
|
|
|
belongs_to :user
|
|
belongs_to :project
|
|
|
|
validates :project, presence: true
|
|
validates :access_level, inclusion: { in: Gitlab::Access.all_values }, presence: true
|
|
validates :user, uniqueness: { scope: :project }, presence: true
|
|
|
|
scope :for_project, ->(projects) { where(project: projects) }
|
|
scope :for_user, ->(user_ids) { where(user_id: user_ids) }
|
|
scope :non_guests, -> { where('access_level > ?', ::Gitlab::Access::GUEST) }
|
|
scope :owners, -> { where(access_level: ::Gitlab::Access::OWNER) }
|
|
|
|
scope :preload_users, -> { preload(:user) }
|
|
|
|
scope :count_by_user_id, -> do
|
|
group(:user_id).count
|
|
end
|
|
|
|
# TODO: To be removed after https://gitlab.com/gitlab-org/gitlab/-/issues/418205
|
|
before_create :assign_is_unique
|
|
|
|
def self.select_from_union(relations)
|
|
from_union(relations)
|
|
.select(['project_id', 'MAX(access_level) AS access_level'])
|
|
.group(:project_id)
|
|
end
|
|
|
|
# This method overrides its ActiveRecord's version in order to work correctly
|
|
# with composite primary keys and fix the tests for Rails 6.1
|
|
#
|
|
# Consider using BulkInsertSafe module instead since we plan to refactor it in
|
|
# https://gitlab.com/gitlab-org/gitlab/-/issues/331264
|
|
def self.insert_all(attributes)
|
|
super(attributes, unique_by: connection.schema_cache.primary_keys(table_name))
|
|
end
|
|
|
|
def self.find_or_create_authorization_for(user_id, project_id, access_level)
|
|
# We only try to find the record by user and project so that we match the current model level validation and
|
|
# database constraints.
|
|
# Ideally, in the case where a record exists with a different access_level,
|
|
# this will save us from performing an unnecessary upsert that will hit the `ON CONFLICT DO NOTHING` path.
|
|
# Due to the nature of project authorizations, differences in access_level should be handled by the
|
|
# recalculation service/workers and not anything that invokes this method.
|
|
find_by(user_id: user_id, project_id: project_id) ||
|
|
|
|
# If not, we try to create it with `upsert`.
|
|
# We use upsert for these reasons:
|
|
# - No subtransactions
|
|
# - Due to the use of `on_duplicate: :skip`, we are essentially issuing a `ON CONFLICT DO NOTHING`.
|
|
# - Postgres will take care of skipping the record without errors if a similar record was created
|
|
# by then in another thread.
|
|
# - There is no explicit error being thrown because we said "ON CONFLICT DO NOTHING".
|
|
# With this we avoid both the problems with subtransactions that could arise when we upgrade Rails,
|
|
# see https://gitlab.com/gitlab-org/gitlab/-/issues/439567, and also with race conditions.
|
|
|
|
upsert(
|
|
{ project_id: project_id, user_id: user_id, access_level: access_level, is_unique: true },
|
|
unique_by: [:project_id, :user_id], # skip unique_by access_level here to avoid conflicting access.
|
|
on_duplicate: :skip # Do not change access_level, could cause conflicting permissions.
|
|
)
|
|
end
|
|
|
|
private
|
|
|
|
def assign_is_unique
|
|
self.is_unique = true
|
|
end
|
|
end
|
|
|
|
ProjectAuthorization.prepend_mod_with('ProjectAuthorization')
|