Resolve "Rename the `Master` role to `Maintainer`" Backend

a63bce1a · Mark Chao · Dmitriy Zaporozhets · 1bf54e09 · a63bce1a · a63bce1a
Commit a63bce1a authored 6 years ago by Mark Chao Committed by Dmitriy Zaporozhets 6 years ago
20 changed files
--- a/app/models/concerns/protected_ref_access.rb
+++ b/app/models/concerns/protected_ref_access.rb
@@ -2,19 +2,20 @@ module ProtectedRefAccess
  extend ActiveSupport::Concern

  ALLOWED_ACCESS_LEVELS = [
-    Gitlab::Access::MASTER,
+    Gitlab::Access::MAINTAINER,
    Gitlab::Access::DEVELOPER,
    Gitlab::Access::NO_ACCESS
  ].freeze

  HUMAN_ACCESS_LEVELS = {
-    Gitlab::Access::MASTER => "Maintainers".freeze,
+    Gitlab::Access::MAINTAINER => "Maintainers".freeze,
    Gitlab::Access::DEVELOPER => "Developers + Maintainers".freeze,
    Gitlab::Access::NO_ACCESS => "No one".freeze
  }.freeze

  included do
-    scope :master, -> { where(access_level: Gitlab::Access::MASTER) }
+    scope :master, -> { maintainer } # @deprecated
+    scope :maintainer, -> { where(access_level: Gitlab::Access::MAINTAINER) }
    scope :developer, -> { where(access_level: Gitlab::Access::DEVELOPER) }

    validates :access_level, presence: true, if: :role?, inclusion: {

--- a/app/models/concerns/select_for_project_authorization.rb
+++ b/app/models/concerns/select_for_project_authorization.rb
@@ -6,8 +6,11 @@ module SelectForProjectAuthorization
      select("projects.id AS project_id, members.access_level")
    end

-    def select_as_master_for_project_authorization
-      select(["projects.id AS project_id", "#{Gitlab::Access::MASTER} AS access_level"])
+    def select_as_maintainer_for_project_authorization
+      select(["projects.id AS project_id", "#{Gitlab::Access::MAINTAINER} AS access_level"])
    end
+
+    # @deprecated
+    alias_method :select_as_master_for_project_authorization, :select_as_maintainer_for_project_authorization
  end
 end
--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -186,10 +186,13 @@ class Group < Namespace
    add_user(user, :developer, current_user: current_user)
  end

-  def add_master(user, current_user = nil)
-    add_user(user, :master, current_user: current_user)
+  def add_maintainer(user, current_user = nil)
+    add_user(user, :maintainer, current_user: current_user)
  end

+  # @deprecated
+  alias_method :add_master, :add_maintainer
+
  def add_owner(user, current_user = nil)
    add_user(user, :owner, current_user: current_user)
  end
@@ -206,12 +209,15 @@ class Group < Namespace
    members_with_parents.owners.where(user_id: user).any?
  end

-  def has_master?(user)
+  def has_maintainer?(user)
    return false unless user

-    members_with_parents.masters.where(user_id: user).any?
+    members_with_parents.maintainers.where(user_id: user).any?
  end

+  # @deprecated
+  alias_method :has_master?, :has_maintainer?
+
  # Check if user is a last owner of the group.
  # Parent owners are ignored for nested groups.
  def last_owner?(user)

--- a/app/models/member.rb
+++ b/app/models/member.rb
@@ -69,9 +69,11 @@ class Member < ActiveRecord::Base
  scope :guests, -> { active.where(access_level: GUEST) }
  scope :reporters, -> { active.where(access_level: REPORTER) }
  scope :developers, -> { active.where(access_level: DEVELOPER) }
-  scope :masters,  -> { active.where(access_level: MASTER) }
+  scope :maintainers, -> { active.where(access_level: MAINTAINER) }
+  scope :masters, -> { maintainers } # @deprecated
  scope :owners,  -> { active.where(access_level: OWNER) }
-  scope :owners_and_masters,  -> { active.where(access_level: [OWNER, MASTER]) }
+  scope :owners_and_maintainers,  -> { active.where(access_level: [OWNER, MAINTAINER]) }
+  scope :owners_and_masters,  -> { owners_and_maintainers } # @deprecated

  scope :order_name_asc, -> { left_join_users.reorder(Gitlab::Database.nulls_last_order('users.name', 'ASC')) }
  scope :order_name_desc, -> { left_join_users.reorder(Gitlab::Database.nulls_last_order('users.name', 'DESC')) }

--- a/app/models/members/project_member.rb
+++ b/app/models/members/project_member.rb
@@ -17,19 +17,19 @@ class ProjectMember < Member
    # Add users to projects with passed access option
    #
    # access can be an integer representing a access code
-    # or symbol like :master representing role
+    # or symbol like :maintainer representing role
    #
    # Ex.
    #   add_users_to_projects(
    #     project_ids,
    #     user_ids,
-    #     ProjectMember::MASTER
+    #     ProjectMember::MAINTAINER
    #   )
    #
    #   add_users_to_projects(
    #     project_ids,
    #     user_ids,
-    #     :master
+    #     :maintainer
    #   )
    #
    def add_users_to_projects(project_ids, users, access_level, current_user: nil, expires_at: nil)

--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -269,7 +269,8 @@ class Project < ActiveRecord::Base
  delegate :name, to: :owner, allow_nil: true, prefix: true
  delegate :members, to: :team, prefix: true
  delegate :add_user, :add_users, to: :team
-  delegate :add_guest, :add_reporter, :add_developer, :add_master, :add_role, to: :team
+  delegate :add_guest, :add_reporter, :add_developer, :add_maintainer, :add_role, to: :team
+  delegate :add_master, to: :team # @deprecated
  delegate :group_runners_enabled, :group_runners_enabled=, :group_runners_enabled?, to: :ci_cd_settings

  # Validations
@@ -1647,10 +1648,10 @@ class Project < ActiveRecord::Base
      params = {
        name: default_branch,
        push_access_levels_attributes: [{
-          access_level: Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_PUSH ? Gitlab::Access::DEVELOPER : Gitlab::Access::MASTER
+          access_level: Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_PUSH ? Gitlab::Access::DEVELOPER : Gitlab::Access::MAINTAINER
        }],
        merge_access_levels_attributes: [{
-          access_level: Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_MERGE ? Gitlab::Access::DEVELOPER : Gitlab::Access::MASTER
+          access_level: Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_MERGE ? Gitlab::Access::DEVELOPER : Gitlab::Access::MAINTAINER
        }]
      }


--- a/app/models/project_group_link.rb
+++ b/app/models/project_group_link.rb
@@ -4,7 +4,8 @@ class ProjectGroupLink < ActiveRecord::Base
  GUEST     = 10
  REPORTER  = 20
  DEVELOPER = 30
-  MASTER    = 40
+  MAINTAINER = 40
+  MASTER = MAINTAINER # @deprecated

  belongs_to :project
  belongs_to :group

--- a/app/models/project_team.rb
+++ b/app/models/project_team.rb
@@ -19,10 +19,13 @@ class ProjectTeam
    add_user(user, :developer, current_user: current_user)
  end

-  def add_master(user, current_user: nil)
-    add_user(user, :master, current_user: current_user)
+  def add_maintainer(user, current_user: nil)
+    add_user(user, :maintainer, current_user: current_user)
  end

+  # @deprecated
+  alias_method :add_master, :add_maintainer
+
  def add_role(user, role, current_user: nil)
    public_send(:"add_#{role}", user, current_user: current_user) # rubocop:disable GitlabSecurity/PublicSend
  end
@@ -81,10 +84,13 @@ class ProjectTeam
    @developers ||= fetch_members(Gitlab::Access::DEVELOPER)
  end

-  def masters
-    @masters ||= fetch_members(Gitlab::Access::MASTER)
+  def maintainers
+    @maintainers ||= fetch_members(Gitlab::Access::MAINTAINER)
  end

+  # @deprecated
+  alias_method :masters, :maintainers
+
  def owners
    @owners ||=
      if group
@@ -136,10 +142,13 @@ class ProjectTeam
    max_member_access(user.id) == Gitlab::Access::DEVELOPER
  end

-  def master?(user)
-    max_member_access(user.id) == Gitlab::Access::MASTER
+  def maintainer?(user)
+    max_member_access(user.id) == Gitlab::Access::MAINTAINER
  end

+  # @deprecated
+  alias_method :master?, :maintainer?
+
  # Checks if `user` is authorized for this project, with at least the
  # `min_access_level` (if given).
  def member?(user, min_access_level = Gitlab::Access::GUEST)

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -99,7 +99,8 @@ class User < ActiveRecord::Base
  has_many :group_members, -> { where(requested_at: nil) }, source: 'GroupMember'
  has_many :groups, through: :group_members
  has_many :owned_groups, -> { where(members: { access_level: Gitlab::Access::OWNER }) }, through: :group_members, source: :group
-  has_many :masters_groups, -> { where(members: { access_level: Gitlab::Access::MASTER }) }, through: :group_members, source: :group
+  has_many :maintainers_groups, -> { where(members: { access_level: Gitlab::Access::MAINTAINER }) }, through: :group_members, source: :group
+  alias_attribute :masters_groups, :maintainers_groups

  # Projects
  has_many :groups_projects,          through: :groups, source: :projects
@@ -728,7 +729,7 @@ class User < ActiveRecord::Base
  end

  def several_namespaces?
-    owned_groups.any? || masters_groups.any?
+    owned_groups.any? || maintainers_groups.any?
  end

  def namespace_id
@@ -974,15 +975,15 @@ class User < ActiveRecord::Base
  end

  def manageable_groups
-    union_sql = Gitlab::SQL::Union.new([owned_groups.select(:id), masters_groups.select(:id)]).to_sql
+    union_sql = Gitlab::SQL::Union.new([owned_groups.select(:id), maintainers_groups.select(:id)]).to_sql

    # Update this line to not use raw SQL when migrated to Rails 5.2.
    # Either ActiveRecord or Arel constructions are fine.
    # This was replaced with the raw SQL construction because of bugs in the arel gem.
    # Bugs were fixed in arel 9.0.0 (Rails 5.2).
-    owned_and_master_groups = Group.where("namespaces.id IN (#{union_sql})") # rubocop:disable GitlabSecurity/SqlInjection
+    owned_and_maintainer_groups = Group.where("namespaces.id IN (#{union_sql})") # rubocop:disable GitlabSecurity/SqlInjection

-    Gitlab::GroupHierarchy.new(owned_and_master_groups).base_and_descendants
+    Gitlab::GroupHierarchy.new(owned_and_maintainer_groups).base_and_descendants
  end

  def namespaces
@@ -1023,11 +1024,11 @@ class User < ActiveRecord::Base
  def ci_owned_runners
    @ci_owned_runners ||= begin
      project_runner_ids = Ci::RunnerProject
-        .where(project: authorized_projects(Gitlab::Access::MASTER))
+        .where(project: authorized_projects(Gitlab::Access::MAINTAINER))
        .select(:runner_id)

      group_runner_ids = Ci::RunnerNamespace
-        .where(namespace_id: owned_or_masters_groups.select(:id))
+        .where(namespace_id: owned_or_maintainers_groups.select(:id))
        .select(:runner_id)

      union = Gitlab::SQL::Union.new([project_runner_ids, group_runner_ids])
@@ -1236,11 +1237,14 @@ class User < ActiveRecord::Base
      !terms_accepted?
  end

-  def owned_or_masters_groups
-    union = Gitlab::SQL::Union.new([owned_groups, masters_groups])
+  def owned_or_maintainers_groups
+    union = Gitlab::SQL::Union.new([owned_groups, maintainers_groups])
    Group.from("(#{union.to_sql}) namespaces")
  end

+  # @deprecated
+  alias_method :owned_or_masters_groups, :owned_or_maintainers_groups
+
  protected

  # override, from Devise::Validatable

--- a/app/policies/clusters/cluster_policy.rb
+++ b/app/policies/clusters/cluster_policy.rb
@@ -4,7 +4,7 @@ module Clusters

    delegate { cluster.project }

-    rule { can?(:master_access) }.policy do
+    rule { can?(:maintainer_access) }.policy do
      enable :update_cluster
      enable :admin_cluster
    end

--- a/app/policies/deploy_token_policy.rb
+++ b/app/policies/deploy_token_policy.rb
 class DeployTokenPolicy < BasePolicy
  with_options scope: :subject, score: 0
-  condition(:master) { @subject.project.team.master?(@user) }
+  condition(:maintainer) { @subject.project.team.maintainer?(@user) }

  rule { anonymous }.prevent_all

-  rule { master }.policy do
+  rule { maintainer }.policy do
    enable :create_deploy_token
    enable :update_deploy_token
  end

--- a/app/policies/group_policy.rb
+++ b/app/policies/group_policy.rb
@@ -11,7 +11,7 @@ class GroupPolicy < BasePolicy
  condition(:guest) { access_level >= GroupMember::GUEST }
  condition(:developer) { access_level >= GroupMember::DEVELOPER }
  condition(:owner) { access_level >= GroupMember::OWNER }
-  condition(:master) { access_level >= GroupMember::MASTER }
+  condition(:maintainer) { access_level >= GroupMember::MAINTAINER }
  condition(:reporter) { access_level >= GroupMember::REPORTER }

  condition(:nested_groups_supported, scope: :global) { Group.supports_nested_groups? }
@@ -59,7 +59,7 @@ class GroupPolicy < BasePolicy
    enable :admin_issue
  end

-  rule { master }.policy do
+  rule { maintainer }.policy do
    enable :create_projects
    enable :admin_pipeline
    enable :admin_build

--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -46,7 +46,7 @@ class ProjectPolicy < BasePolicy
  condition(:developer) { team_access_level >= Gitlab::Access::DEVELOPER }

  desc "User has maintainer access"
-  condition(:master) { team_access_level >= Gitlab::Access::MASTER }
+  condition(:maintainer) { team_access_level >= Gitlab::Access::MAINTAINER }

  desc "Project is public"
  condition(:public_project, scope: :subject, score: 0) { project.public? }
@@ -123,14 +123,14 @@ class ProjectPolicy < BasePolicy
  rule { guest }.enable :guest_access
  rule { reporter }.enable :reporter_access
  rule { developer }.enable :developer_access
-  rule { master }.enable :master_access
+  rule { maintainer }.enable :maintainer_access
  rule { owner | admin }.enable :owner_access

  rule { can?(:owner_access) }.policy do
    enable :guest_access
    enable :reporter_access
    enable :developer_access
-    enable :master_access
+    enable :maintainer_access

    enable :change_namespace
    enable :change_visibility_level
@@ -228,7 +228,7 @@ class ProjectPolicy < BasePolicy
    enable :create_deployment
  end

-  rule { can?(:master_access) }.policy do
+  rule { can?(:maintainer_access) }.policy do
    enable :push_to_delete_protected_branch
    enable :update_project_snippet
    enable :update_environment

--- a/app/services/notification_service.rb
+++ b/app/services/notification_service.rb
@@ -274,9 +274,9 @@ class NotificationService
  def new_access_request(member)
    return true unless member.notifiable?(:subscription)

-    recipients = member.source.members.active_without_invites_and_requests.owners_and_masters
-    if fallback_to_group_owners_masters?(recipients, member)
-      recipients = member.source.group.members.active_without_invites_and_requests.owners_and_masters
+    recipients = member.source.members.active_without_invites_and_requests.owners_and_maintainers
+    if fallback_to_group_owners_maintainers?(recipients, member)
+      recipients = member.source.group.members.active_without_invites_and_requests.owners_and_maintainers
    end

    recipients.each { |recipient| deliver_access_request_email(recipient, member) }
@@ -519,7 +519,7 @@ class NotificationService

    return [] unless project

-    notifiable_users(project.team.masters, :watch, target: project)
+    notifiable_users(project.team.maintainers, :watch, target: project)
  end

  def notifiable?(*args)
@@ -534,7 +534,7 @@ class NotificationService
    mailer.member_access_requested_email(member.real_source_type, member.id, recipient.user.notification_email).deliver_later
  end

-  def fallback_to_group_owners_masters?(recipients, member)
+  def fallback_to_group_owners_maintainers?(recipients, member)
    return false if recipients.present?

    member.source.respond_to?(:group) && member.source.group

--- a/app/services/projects/create_service.rb
+++ b/app/services/projects/create_service.rb
@@ -115,7 +115,7 @@ module Projects
        @project.group.refresh_members_authorized_projects(blocking: false)
        current_user.refresh_authorized_projects
      else
-        @project.add_master(@project.namespace.owner, current_user: current_user)
+        @project.add_maintainer(@project.namespace.owner, current_user: current_user)
      end
    end


--- a/app/services/protected_branches/access_level_params.rb
+++ b/app/services/protected_branches/access_level_params.rb
@@ -14,7 +14,7 @@ module ProtectedBranches
    private

    def params_with_default(params)
-      params[:"#{type}_access_level"] ||= Gitlab::Access::MASTER if use_default_access_level?(params)
+      params[:"#{type}_access_level"] ||= Gitlab::Access::MAINTAINER if use_default_access_level?(params)
      params
    end


--- a/app/services/protected_branches/legacy_api_create_service.rb
+++ b/app/services/protected_branches/legacy_api_create_service.rb
@@ -9,14 +9,14 @@ module ProtectedBranches
        if params.delete(:developers_can_push)
          Gitlab::Access::DEVELOPER
        else
-          Gitlab::Access::MASTER
+          Gitlab::Access::MAINTAINER
        end

      merge_access_level =
        if params.delete(:developers_can_merge)
          Gitlab::Access::DEVELOPER
        else
-          Gitlab::Access::MASTER
+          Gitlab::Access::MAINTAINER
        end

      @params.merge!(push_access_levels_attributes: [{ access_level: push_access_level }],

--- a/app/services/protected_branches/legacy_api_update_service.rb
+++ b/app/services/protected_branches/legacy_api_update_service.rb
@@ -17,14 +17,14 @@ module ProtectedBranches
        when true
          params[:push_access_levels_attributes] = [{ access_level: Gitlab::Access::DEVELOPER }]
        when false
-          params[:push_access_levels_attributes] = [{ access_level: Gitlab::Access::MASTER }]
+          params[:push_access_levels_attributes] = [{ access_level: Gitlab::Access::MAINTAINER }]
        end

        case @developers_can_merge
        when true
          params[:merge_access_levels_attributes] = [{ access_level: Gitlab::Access::DEVELOPER }]
        when false
-          params[:merge_access_levels_attributes] = [{ access_level: Gitlab::Access::MASTER }]
+          params[:merge_access_levels_attributes] = [{ access_level: Gitlab::Access::MAINTAINER }]
        end

        service = ProtectedBranches::UpdateService.new(@project, @current_user, @params)

--- a/db/fixtures/development/12_snippets.rb
+++ b/db/fixtures/development/12_snippets.rb
@@ -17,7 +17,7 @@ class Member < ActiveRecord::Base
  scope :guests, -> { where(access_level: GUEST) }
  scope :reporters, -> { where(access_level: REPORTER) }
  scope :developers, -> { where(access_level: DEVELOPER) }
-  scope :masters,  -> { where(access_level: MASTER) }
+  scope :maintainers,  -> { where(access_level: MAINTAINER) }
  scope :owners,  -> { where(access_level: OWNER) }

  delegate :name, :username, :email, to: :user, prefix: true

--- a/db/migrate/20160705054938_add_protected_branches_push_access.rb
+++ b/db/migrate/20160705054938_add_protected_branches_push_access.rb
@@ -9,7 +9,7 @@ class AddProtectedBranchesPushAccess < ActiveRecord::Migration
    create_table :protected_branch_push_access_levels do |t|
      t.references :protected_branch, index: { name: "index_protected_branch_push_access" }, foreign_key: true, null: false

-      # Gitlab::Access::MASTER == 40
+      # Gitlab::Access::MAINTAINER == 40
      t.integer :access_level, default: 40, null: false

      t.timestamps null: false