-
Notifications
You must be signed in to change notification settings - Fork 76
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add new
MAX_PROJECT_VISIBILITY
config option (#2115)
Some CDash administrators may want users to be able to create projects on their own, but not public or protected projects. This PR adds a new `MAX_PROJECT_VISIBILITY` environment variable which specifies the most visible setting a project can be configured to use. Instance administrators can override this setting, to allow some projects to be made public or protected with administrator approval.
- Loading branch information
1 parent
c946bb2
commit fd961b0
Showing
9 changed files
with
157 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
<?php | ||
|
||
namespace App\Rules; | ||
|
||
use App\Models\Project; | ||
use Closure; | ||
use Illuminate\Contracts\Validation\ValidationRule; | ||
use Illuminate\Support\Facades\Auth; | ||
use Illuminate\Support\Str; | ||
use Illuminate\Translation\PotentiallyTranslatedString; | ||
|
||
class ProjectVisibilityAllowed implements ValidationRule | ||
{ | ||
/** | ||
* Verify that the current user is able to create/edit a project with the requested visibility. | ||
* | ||
* @param Closure(string): PotentiallyTranslatedString $fail | ||
*/ | ||
public function validate(string $attribute, mixed $value, Closure $fail): void | ||
{ | ||
$value = (int) $value; | ||
|
||
if ($value < 0 || $value > 2) { | ||
$fail('Invalid project visibility setting'); | ||
} | ||
|
||
$user = Auth::user(); | ||
// Admins can always set the project to whatever visibility they want | ||
if ($user === null || !$user->admin) { | ||
$max_visibility = match (Str::upper(config('cdash.max_project_visibility'))) { | ||
'PUBLIC' => Project::ACCESS_PUBLIC, | ||
'PROTECTED' => Project::ACCESS_PROTECTED, | ||
'PRIVATE' => Project::ACCESS_PRIVATE, | ||
default => $fail('This instance contains an improper MAX_PROJECT_VISIBILITY configuration.'), | ||
}; | ||
|
||
// This horrible logic is an unfortunate byproduct of the decision to misorder the access numbering scheme, | ||
// which prevents range-based logic... | ||
if ($max_visibility === Project::ACCESS_PROTECTED && $value === Project::ACCESS_PUBLIC) { | ||
$fail('This instance is only configured to contain protected or private projects.'); | ||
} elseif ($max_visibility === Project::ACCESS_PRIVATE && ($value === Project::ACCESS_PUBLIC || $value === Project::ACCESS_PROTECTED)) { | ||
$fail('This instance is only configured to contain private projects.'); | ||
} | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters