Commit a63bce1a authored by Mark Chao's avatar Mark Chao Committed by Dmitriy Zaporozhets

Resolve "Rename the `Master` role to `Maintainer`" Backend

parent 1bf54e09
......@@ -2,19 +2,20 @@ module ProtectedRefAccess
extend ActiveSupport::Concern
ALLOWED_ACCESS_LEVELS = [
Gitlab::Access::MASTER,
Gitlab::Access::MAINTAINER,
Gitlab::Access::DEVELOPER,
Gitlab::Access::NO_ACCESS
].freeze
HUMAN_ACCESS_LEVELS = {
Gitlab::Access::MASTER => "Maintainers".freeze,
Gitlab::Access::MAINTAINER => "Maintainers".freeze,
Gitlab::Access::DEVELOPER => "Developers + Maintainers".freeze,
Gitlab::Access::NO_ACCESS => "No one".freeze
}.freeze
included do
scope :master, -> { where(access_level: Gitlab::Access::MASTER) }
scope :master, -> { maintainer } # @deprecated
scope :maintainer, -> { where(access_level: Gitlab::Access::MAINTAINER) }
scope :developer, -> { where(access_level: Gitlab::Access::DEVELOPER) }
validates :access_level, presence: true, if: :role?, inclusion: {
......
......@@ -6,8 +6,11 @@ module SelectForProjectAuthorization
select("projects.id AS project_id, members.access_level")
end
def select_as_master_for_project_authorization
select(["projects.id AS project_id", "#{Gitlab::Access::MASTER} AS access_level"])
def select_as_maintainer_for_project_authorization
select(["projects.id AS project_id", "#{Gitlab::Access::MAINTAINER} AS access_level"])
end
# @deprecated
alias_method :select_as_master_for_project_authorization, :select_as_maintainer_for_project_authorization
end
end
......@@ -186,10 +186,13 @@ class Group < Namespace
add_user(user, :developer, current_user: current_user)
end
def add_master(user, current_user = nil)
add_user(user, :master, current_user: current_user)
def add_maintainer(user, current_user = nil)
add_user(user, :maintainer, current_user: current_user)
end
# @deprecated
alias_method :add_master, :add_maintainer
def add_owner(user, current_user = nil)
add_user(user, :owner, current_user: current_user)
end
......@@ -206,12 +209,15 @@ class Group < Namespace
members_with_parents.owners.where(user_id: user).any?
end
def has_master?(user)
def has_maintainer?(user)
return false unless user
members_with_parents.masters.where(user_id: user).any?
members_with_parents.maintainers.where(user_id: user).any?
end
# @deprecated
alias_method :has_master?, :has_maintainer?
# Check if user is a last owner of the group.
# Parent owners are ignored for nested groups.
def last_owner?(user)
......
......@@ -69,9 +69,11 @@ class Member < ActiveRecord::Base
scope :guests, -> { active.where(access_level: GUEST) }
scope :reporters, -> { active.where(access_level: REPORTER) }
scope :developers, -> { active.where(access_level: DEVELOPER) }
scope :masters, -> { active.where(access_level: MASTER) }
scope :maintainers, -> { active.where(access_level: MAINTAINER) }
scope :masters, -> { maintainers } # @deprecated
scope :owners, -> { active.where(access_level: OWNER) }
scope :owners_and_masters, -> { active.where(access_level: [OWNER, MASTER]) }
scope :owners_and_maintainers, -> { active.where(access_level: [OWNER, MAINTAINER]) }
scope :owners_and_masters, -> { owners_and_maintainers } # @deprecated
scope :order_name_asc, -> { left_join_users.reorder(Gitlab::Database.nulls_last_order('users.name', 'ASC')) }
scope :order_name_desc, -> { left_join_users.reorder(Gitlab::Database.nulls_last_order('users.name', 'DESC')) }
......
......@@ -17,19 +17,19 @@ class ProjectMember < Member
# Add users to projects with passed access option
#
# access can be an integer representing a access code
# or symbol like :master representing role
# or symbol like :maintainer representing role
#
# Ex.
# add_users_to_projects(
# project_ids,
# user_ids,
# ProjectMember::MASTER
# ProjectMember::MAINTAINER
# )
#
# add_users_to_projects(
# project_ids,
# user_ids,
# :master
# :maintainer
# )
#
def add_users_to_projects(project_ids, users, access_level, current_user: nil, expires_at: nil)
......
......@@ -269,7 +269,8 @@ class Project < ActiveRecord::Base
delegate :name, to: :owner, allow_nil: true, prefix: true
delegate :members, to: :team, prefix: true
delegate :add_user, :add_users, to: :team
delegate :add_guest, :add_reporter, :add_developer, :add_master, :add_role, to: :team
delegate :add_guest, :add_reporter, :add_developer, :add_maintainer, :add_role, to: :team
delegate :add_master, to: :team # @deprecated
delegate :group_runners_enabled, :group_runners_enabled=, :group_runners_enabled?, to: :ci_cd_settings
# Validations
......@@ -1647,10 +1648,10 @@ class Project < ActiveRecord::Base
params = {
name: default_branch,
push_access_levels_attributes: [{
access_level: Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_PUSH ? Gitlab::Access::DEVELOPER : Gitlab::Access::MASTER
access_level: Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_PUSH ? Gitlab::Access::DEVELOPER : Gitlab::Access::MAINTAINER
}],
merge_access_levels_attributes: [{
access_level: Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_MERGE ? Gitlab::Access::DEVELOPER : Gitlab::Access::MASTER
access_level: Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_MERGE ? Gitlab::Access::DEVELOPER : Gitlab::Access::MAINTAINER
}]
}
......
......@@ -4,7 +4,8 @@ class ProjectGroupLink < ActiveRecord::Base
GUEST = 10
REPORTER = 20
DEVELOPER = 30
MASTER = 40
MAINTAINER = 40
MASTER = MAINTAINER # @deprecated
belongs_to :project
belongs_to :group
......
......@@ -19,10 +19,13 @@ class ProjectTeam
add_user(user, :developer, current_user: current_user)
end
def add_master(user, current_user: nil)
add_user(user, :master, current_user: current_user)
def add_maintainer(user, current_user: nil)
add_user(user, :maintainer, current_user: current_user)
end
# @deprecated
alias_method :add_master, :add_maintainer
def add_role(user, role, current_user: nil)
public_send(:"add_#{role}", user, current_user: current_user) # rubocop:disable GitlabSecurity/PublicSend
end
......@@ -81,10 +84,13 @@ class ProjectTeam
@developers ||= fetch_members(Gitlab::Access::DEVELOPER)
end
def masters
@masters ||= fetch_members(Gitlab::Access::MASTER)
def maintainers
@maintainers ||= fetch_members(Gitlab::Access::MAINTAINER)
end
# @deprecated
alias_method :masters, :maintainers
def owners
@owners ||=
if group
......@@ -136,10 +142,13 @@ class ProjectTeam
max_member_access(user.id) == Gitlab::Access::DEVELOPER
end
def master?(user)
max_member_access(user.id) == Gitlab::Access::MASTER
def maintainer?(user)
max_member_access(user.id) == Gitlab::Access::MAINTAINER
end
# @deprecated
alias_method :master?, :maintainer?
# Checks if `user` is authorized for this project, with at least the
# `min_access_level` (if given).
def member?(user, min_access_level = Gitlab::Access::GUEST)
......
......@@ -99,7 +99,8 @@ class User < ActiveRecord::Base
has_many :group_members, -> { where(requested_at: nil) }, source: 'GroupMember'
has_many :groups, through: :group_members
has_many :owned_groups, -> { where(members: { access_level: Gitlab::Access::OWNER }) }, through: :group_members, source: :group
has_many :masters_groups, -> { where(members: { access_level: Gitlab::Access::MASTER }) }, through: :group_members, source: :group
has_many :maintainers_groups, -> { where(members: { access_level: Gitlab::Access::MAINTAINER }) }, through: :group_members, source: :group
alias_attribute :masters_groups, :maintainers_groups
# Projects
has_many :groups_projects, through: :groups, source: :projects
......@@ -728,7 +729,7 @@ class User < ActiveRecord::Base
end
def several_namespaces?
owned_groups.any? || masters_groups.any?
owned_groups.any? || maintainers_groups.any?
end
def namespace_id
......@@ -974,15 +975,15 @@ class User < ActiveRecord::Base
end
def manageable_groups
union_sql = Gitlab::SQL::Union.new([owned_groups.select(:id), masters_groups.select(:id)]).to_sql
union_sql = Gitlab::SQL::Union.new([owned_groups.select(:id), maintainers_groups.select(:id)]).to_sql
# Update this line to not use raw SQL when migrated to Rails 5.2.
# Either ActiveRecord or Arel constructions are fine.
# This was replaced with the raw SQL construction because of bugs in the arel gem.
# Bugs were fixed in arel 9.0.0 (Rails 5.2).
owned_and_master_groups = Group.where("namespaces.id IN (#{union_sql})") # rubocop:disable GitlabSecurity/SqlInjection
owned_and_maintainer_groups = Group.where("namespaces.id IN (#{union_sql})") # rubocop:disable GitlabSecurity/SqlInjection
Gitlab::GroupHierarchy.new(owned_and_master_groups).base_and_descendants
Gitlab::GroupHierarchy.new(owned_and_maintainer_groups).base_and_descendants
end
def namespaces
......@@ -1023,11 +1024,11 @@ class User < ActiveRecord::Base
def ci_owned_runners
@ci_owned_runners ||= begin
project_runner_ids = Ci::RunnerProject
.where(project: authorized_projects(Gitlab::Access::MASTER))
.where(project: authorized_projects(Gitlab::Access::MAINTAINER))
.select(:runner_id)
group_runner_ids = Ci::RunnerNamespace
.where(namespace_id: owned_or_masters_groups.select(:id))
.where(namespace_id: owned_or_maintainers_groups.select(:id))
.select(:runner_id)
union = Gitlab::SQL::Union.new([project_runner_ids, group_runner_ids])
......@@ -1236,11 +1237,14 @@ class User < ActiveRecord::Base
!terms_accepted?
end
def owned_or_masters_groups
union = Gitlab::SQL::Union.new([owned_groups, masters_groups])
def owned_or_maintainers_groups
union = Gitlab::SQL::Union.new([owned_groups, maintainers_groups])
Group.from("(#{union.to_sql}) namespaces")
end
# @deprecated
alias_method :owned_or_masters_groups, :owned_or_maintainers_groups
protected
# override, from Devise::Validatable
......
......@@ -4,7 +4,7 @@ module Clusters
delegate { cluster.project }
rule { can?(:master_access) }.policy do
rule { can?(:maintainer_access) }.policy do
enable :update_cluster
enable :admin_cluster
end
......
class DeployTokenPolicy < BasePolicy
with_options scope: :subject, score: 0
condition(:master) { @subject.project.team.master?(@user) }
condition(:maintainer) { @subject.project.team.maintainer?(@user) }
rule { anonymous }.prevent_all
rule { master }.policy do
rule { maintainer }.policy do
enable :create_deploy_token
enable :update_deploy_token
end
......
......@@ -11,7 +11,7 @@ class GroupPolicy < BasePolicy
condition(:guest) { access_level >= GroupMember::GUEST }
condition(:developer) { access_level >= GroupMember::DEVELOPER }
condition(:owner) { access_level >= GroupMember::OWNER }
condition(:master) { access_level >= GroupMember::MASTER }
condition(:maintainer) { access_level >= GroupMember::MAINTAINER }
condition(:reporter) { access_level >= GroupMember::REPORTER }
condition(:nested_groups_supported, scope: :global) { Group.supports_nested_groups? }
......@@ -59,7 +59,7 @@ class GroupPolicy < BasePolicy
enable :admin_issue
end
rule { master }.policy do
rule { maintainer }.policy do
enable :create_projects
enable :admin_pipeline
enable :admin_build
......
......@@ -46,7 +46,7 @@ class ProjectPolicy < BasePolicy
condition(:developer) { team_access_level >= Gitlab::Access::DEVELOPER }
desc "User has maintainer access"
condition(:master) { team_access_level >= Gitlab::Access::MASTER }
condition(:maintainer) { team_access_level >= Gitlab::Access::MAINTAINER }
desc "Project is public"
condition(:public_project, scope: :subject, score: 0) { project.public? }
......@@ -123,14 +123,14 @@ class ProjectPolicy < BasePolicy
rule { guest }.enable :guest_access
rule { reporter }.enable :reporter_access
rule { developer }.enable :developer_access
rule { master }.enable :master_access
rule { maintainer }.enable :maintainer_access
rule { owner | admin }.enable :owner_access
rule { can?(:owner_access) }.policy do
enable :guest_access
enable :reporter_access
enable :developer_access
enable :master_access
enable :maintainer_access
enable :change_namespace
enable :change_visibility_level
......@@ -228,7 +228,7 @@ class ProjectPolicy < BasePolicy
enable :create_deployment
end
rule { can?(:master_access) }.policy do
rule { can?(:maintainer_access) }.policy do
enable :push_to_delete_protected_branch
enable :update_project_snippet
enable :update_environment
......
......@@ -274,9 +274,9 @@ class NotificationService
def new_access_request(member)
return true unless member.notifiable?(:subscription)
recipients = member.source.members.active_without_invites_and_requests.owners_and_masters
if fallback_to_group_owners_masters?(recipients, member)
recipients = member.source.group.members.active_without_invites_and_requests.owners_and_masters
recipients = member.source.members.active_without_invites_and_requests.owners_and_maintainers
if fallback_to_group_owners_maintainers?(recipients, member)
recipients = member.source.group.members.active_without_invites_and_requests.owners_and_maintainers
end
recipients.each { |recipient| deliver_access_request_email(recipient, member) }
......@@ -519,7 +519,7 @@ class NotificationService
return [] unless project
notifiable_users(project.team.masters, :watch, target: project)
notifiable_users(project.team.maintainers, :watch, target: project)
end
def notifiable?(*args)
......@@ -534,7 +534,7 @@ class NotificationService
mailer.member_access_requested_email(member.real_source_type, member.id, recipient.user.notification_email).deliver_later
end
def fallback_to_group_owners_masters?(recipients, member)
def fallback_to_group_owners_maintainers?(recipients, member)
return false if recipients.present?
member.source.respond_to?(:group) && member.source.group
......
......@@ -115,7 +115,7 @@ module Projects
@project.group.refresh_members_authorized_projects(blocking: false)
current_user.refresh_authorized_projects
else
@project.add_master(@project.namespace.owner, current_user: current_user)
@project.add_maintainer(@project.namespace.owner, current_user: current_user)
end
end
......
......@@ -14,7 +14,7 @@ module ProtectedBranches
private
def params_with_default(params)
params[:"#{type}_access_level"] ||= Gitlab::Access::MASTER if use_default_access_level?(params)
params[:"#{type}_access_level"] ||= Gitlab::Access::MAINTAINER if use_default_access_level?(params)
params
end
......
......@@ -9,14 +9,14 @@ module ProtectedBranches
if params.delete(:developers_can_push)
Gitlab::Access::DEVELOPER
else
Gitlab::Access::MASTER
Gitlab::Access::MAINTAINER
end
merge_access_level =
if params.delete(:developers_can_merge)
Gitlab::Access::DEVELOPER
else
Gitlab::Access::MASTER
Gitlab::Access::MAINTAINER
end
@params.merge!(push_access_levels_attributes: [{ access_level: push_access_level }],
......
......@@ -17,14 +17,14 @@ module ProtectedBranches
when true
params[:push_access_levels_attributes] = [{ access_level: Gitlab::Access::DEVELOPER }]
when false
params[:push_access_levels_attributes] = [{ access_level: Gitlab::Access::MASTER }]
params[:push_access_levels_attributes] = [{ access_level: Gitlab::Access::MAINTAINER }]
end
case @developers_can_merge
when true
params[:merge_access_levels_attributes] = [{ access_level: Gitlab::Access::DEVELOPER }]
when false
params[:merge_access_levels_attributes] = [{ access_level: Gitlab::Access::MASTER }]
params[:merge_access_levels_attributes] = [{ access_level: Gitlab::Access::MAINTAINER }]
end
service = ProtectedBranches::UpdateService.new(@project, @current_user, @params)
......
......@@ -17,7 +17,7 @@ class Member < ActiveRecord::Base
scope :guests, -> { where(access_level: GUEST) }
scope :reporters, -> { where(access_level: REPORTER) }
scope :developers, -> { where(access_level: DEVELOPER) }
scope :masters, -> { where(access_level: MASTER) }
scope :maintainers, -> { where(access_level: MAINTAINER) }
scope :owners, -> { where(access_level: OWNER) }
delegate :name, :username, :email, to: :user, prefix: true
......
......@@ -9,7 +9,7 @@ class AddProtectedBranchesPushAccess < ActiveRecord::Migration
create_table :protected_branch_push_access_levels do |t|
t.references :protected_branch, index: { name: "index_protected_branch_push_access" }, foreign_key: true, null: false
# Gitlab::Access::MASTER == 40
# Gitlab::Access::MAINTAINER == 40
t.integer :access_level, default: 40, null: false
t.timestamps null: false
......
......@@ -9,7 +9,7 @@ class AddProtectedBranchesMergeAccess < ActiveRecord::Migration
create_table :protected_branch_merge_access_levels do |t|
t.references :protected_branch, index: { name: "index_protected_branch_merge_access" }, foreign_key: true, null: false
# Gitlab::Access::MASTER == 40
# Gitlab::Access::MAINTAINER == 40
t.integer :access_level, default: 40, null: false
t.timestamps null: false
......
......@@ -14,7 +14,7 @@ bundle exec rake gitlab:import:user_to_projects[username@domain.tld] RAILS_ENV=p
Notes:
- admin users are added as masters
- admin users are added as maintainers
```bash
# omnibus-gitlab
......
......@@ -7,12 +7,14 @@ module Gitlab
module Access
AccessDeniedError = Class.new(StandardError)
NO_ACCESS = 0
GUEST = 10
REPORTER = 20
DEVELOPER = 30
MASTER = 40
OWNER = 50
NO_ACCESS = 0
GUEST = 10
REPORTER = 20
DEVELOPER = 30
MAINTAINER = 40
# @deprecated
MASTER = MAINTAINER
OWNER = 50