Dependency proxy: move group config creation to models and refactor auth layer
The dependency proxy has a bit of a confusing behaviour.
In the controller
we check if dependency_proxy_setting
exists yes or no, if it does not exist we create it.
Problems with this approach:
- If we hit the graphql API first in particular the mutation => we may get an error
- This logic should be delegated to the models, with an
update_or_create
type of behaviour - This complicates checking if the proxy page should be accessible because we need to check if:
- The setting does not exist => access the page (because we will create the setting on the fly)
- The setting exists => check if is enabled or not to access the page
Auth issues
- Part of the logic to determine if the dependency proxy is accessible is baked in group_policy: https://gitlab.com/gitlab-org/gitlab/blob/9b46e46671dbf2ffd2b7b7b4a8f8507799f8b782/app/policies/group_policy.rb#L236
- Another part of the logic is in the menu file and the controller.
We should look into unifying the two.
Proposal
- Move the
update_or_create
into the model file and remove all thecustom
handling -
Move all the auth checks in the group_policy(This will be addressed separately in #340461 (closed). See this comment for reasoning.)
Edited by Steve Abrams