Rename RepositoryCommitterships#committerships to #all
[gitorious:mainline.git] / lib / gitorious / authorization / ldap_group_authorization.rb
1 # encoding: utf-8
2 #--
3 #   Copyright (C) 2012 Gitorious AS
4 #
5 #   This program is free software: you can redistribute it and/or modify
6 #   it under the terms of the GNU Affero General Public License as published by
7 #   the Free Software Foundation, either version 3 of the License, or
8 #   (at your option) any later version.
9 #
10 #   This program is distributed in the hope that it will be useful,
11 #   but WITHOUT ANY WARRANTY; without even the implied warranty of
12 #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 #   GNU Affero General Public License for more details.
14 #
15 #   You should have received a copy of the GNU Affero General Public License
16 #   along with this program.  If not, see <http://www.gnu.org/licenses/>.
17 #++
18 module Gitorious
19   module Authorization
20     # Resolve authorization when LDAP backed groups are used
21     #
22     # The @authorizer instance variable is an object who is able to
23     # perform authorization. This behavior is mixed into all
24     # controllers, models etc. - and is able to do authorization which
25     # is not handled by an LDAP authorization object; ie. direct user
26     # access.
27
28     class RepositoryLdapCommitterships
29       def initialize(repository)
30         @committerships = repository.repository_committerships.all
31       end
32
33       def committers
34         committerships.committers
35       end
36
37       def group_committers
38         committerships.committers.select{|c|c.committer_type == "LdapGroup"}.map(&:committer)
39       end
40
41       def reviewers
42         committerships.reviewers
43       end
44
45       def group_reviewers
46         committerships.reviewers.select{|c| c.committer_type == "LdapGroup"}.map(&:committer)
47       end
48
49       def administrators
50         committerships.admins
51       end
52
53       def group_administrators
54         committerships.admins.select{|c| c.committer_type == "LdapGroup"}.map(&:committer)
55       end
56
57       private
58
59       attr_reader :committerships
60     end
61
62     class LdapGroupAuthorization
63       def initialize(authorizer)
64         @authorizer = authorizer
65       end
66
67       def push_granted?(repository, user)
68         return true if @authorizer.committers(repository).include?(user)
69         groups = Team.for_user(user)
70         groups_with_access = repository_ldap_committerships(repository).group_committers
71         return groups_with_access.any?{|group| groups.include?(group) }
72       end
73
74       def can_resolve_merge_request?(user, merge_request)
75         repository_committerships = repository_ldap_committerships(merge_request.target_repository)
76         return true if repository_committerships.reviewers.any? {|cs| cs.committer == user}
77
78         groups = Team.for_user(user)
79         review_groups = repository_committerships.group_reviewers
80         return review_groups.any?{|group| groups.include?(group)}
81       end
82
83       def repository_admin?(candidate, repository)
84         repository_committerships = repository_ldap_committerships(repository)
85         return true if repository_committerships.administrators.any? {|cs| cs.committer == candidate}
86
87         groups = Team.for_user(candidate)
88         groups_with_admin_access = repository_committerships.group_administrators
89         return groups_with_admin_access.any?{|group| groups.include?(group)}
90       end
91
92       def project_admin?(user, project)
93         return true if !project.owned_by_group? && project.user == user
94         Team.for_user(user).include?(project.owner)
95       end
96
97       private
98
99       def repository_ldap_committerships(repository)
100         RepositoryLdapCommitterships.new(repository)
101       end
102     end
103   end
104 end