2018-07-25 05:30:33 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
2019-03-28 09:17:42 -04:00
|
|
|
class Member < ApplicationRecord
|
2020-05-12 08:09:47 -04:00
|
|
|
include EachBatch
|
2017-11-29 10:30:17 -05:00
|
|
|
include AfterCommitQueue
|
2015-02-05 17:20:55 -05:00
|
|
|
include Sortable
|
2016-06-01 12:03:51 -04:00
|
|
|
include Importable
|
2020-10-01 14:10:20 -04:00
|
|
|
include CreatedAtFilterable
|
2016-08-18 17:45:41 -04:00
|
|
|
include Expirable
|
2014-09-14 10:54:10 -04:00
|
|
|
include Gitlab::Access
|
2017-03-02 01:01:02 -05:00
|
|
|
include Presentable
|
2018-12-06 08:15:29 -05:00
|
|
|
include Gitlab::Utils::StrongMemoize
|
2019-07-04 13:17:06 -04:00
|
|
|
include FromUnion
|
2020-04-07 11:09:30 -04:00
|
|
|
include UpdateHighestRole
|
2021-08-10 08:11:00 -04:00
|
|
|
include RestrictedSignup
|
2021-10-25 08:10:19 -04:00
|
|
|
include Gitlab::Experiment::Dsl
|
2014-09-14 10:54:10 -04:00
|
|
|
|
2021-01-14 13:10:59 -05:00
|
|
|
AVATAR_SIZE = 40
|
2021-06-01 14:10:04 -04:00
|
|
|
ACCESS_REQUEST_APPROVERS_TO_BE_NOTIFIED_LIMIT = 10
|
2021-01-14 13:10:59 -05:00
|
|
|
|
2022-01-19 01:13:54 -05:00
|
|
|
STATE_ACTIVE = 0
|
2021-12-22 16:11:42 -05:00
|
|
|
STATE_AWAITING = 1
|
|
|
|
|
|
2015-04-14 12:04:29 -04:00
|
|
|
attr_accessor :raw_invite_token
|
|
|
|
|
|
2015-04-10 08:46:09 -04:00
|
|
|
belongs_to :created_by, class_name: "User"
|
2014-09-14 10:54:10 -04:00
|
|
|
belongs_to :user
|
2017-06-02 08:29:30 -04:00
|
|
|
belongs_to :source, polymorphic: true # rubocop:disable Cop/PolymorphicAssociations
|
2022-01-18 01:11:59 -05:00
|
|
|
belongs_to :member_namespace, inverse_of: :namespace_members, foreign_key: 'member_namespace_id', class_name: 'Namespace'
|
2021-10-25 08:10:19 -04:00
|
|
|
has_one :member_task
|
2014-09-14 10:54:10 -04:00
|
|
|
|
2021-12-02 16:10:16 -05:00
|
|
|
delegate :name, :username, :email, :last_activity_on, to: :user, prefix: true
|
2021-10-25 08:10:19 -04:00
|
|
|
delegate :tasks_to_be_done, to: :member_task, allow_nil: true
|
2017-02-22 17:35:08 -05:00
|
|
|
|
2020-10-01 14:10:20 -04:00
|
|
|
validates :expires_at, allow_blank: true, future_date: true
|
2015-04-10 09:09:37 -04:00
|
|
|
validates :user, presence: true, unless: :invite?
|
2014-09-14 10:54:10 -04:00
|
|
|
validates :source, presence: true
|
2015-11-11 10:42:27 -05:00
|
|
|
validates :user_id, uniqueness: { scope: [:source_type, :source_id],
|
2015-04-10 09:09:37 -04:00
|
|
|
message: "already exists in source",
|
|
|
|
|
allow_nil: true }
|
2018-12-06 08:15:29 -05:00
|
|
|
validate :higher_access_level_than_group, unless: :importing?
|
2015-11-17 09:49:37 -05:00
|
|
|
validates :invite_email,
|
|
|
|
|
presence: {
|
|
|
|
|
if: :invite?
|
|
|
|
|
},
|
2018-10-26 18:39:00 -04:00
|
|
|
devise_email: {
|
2015-11-17 09:49:37 -05:00
|
|
|
allow_nil: true
|
|
|
|
|
},
|
|
|
|
|
uniqueness: {
|
|
|
|
|
scope: [:source_type, :source_id],
|
|
|
|
|
allow_nil: true
|
|
|
|
|
}
|
2021-08-10 08:11:00 -04:00
|
|
|
validate :signup_email_valid?, on: :create, if: ->(member) { member.invite_email.present? }
|
2020-07-16 11:09:38 -04:00
|
|
|
validates :user_id,
|
|
|
|
|
uniqueness: {
|
|
|
|
|
message: _('project bots cannot be added to other groups / projects')
|
|
|
|
|
},
|
|
|
|
|
if: :project_bot?
|
2021-12-08 07:13:04 -05:00
|
|
|
validate :access_level_inclusion
|
2014-09-14 10:54:10 -04:00
|
|
|
|
2021-10-13 08:12:20 -04:00
|
|
|
scope :with_invited_user_state, -> do
|
|
|
|
|
joins('LEFT JOIN users as invited_user ON invited_user.email = members.invite_email')
|
|
|
|
|
.select('members.*', 'invited_user.state as invited_user_state')
|
|
|
|
|
end
|
|
|
|
|
|
2021-02-11 10:09:11 -05:00
|
|
|
scope :in_hierarchy, ->(source) do
|
|
|
|
|
groups = source.root_ancestor.self_and_descendants
|
|
|
|
|
group_members = Member.default_scoped.where(source: groups)
|
|
|
|
|
|
|
|
|
|
projects = source.root_ancestor.all_projects
|
|
|
|
|
project_members = Member.default_scoped.where(source: projects)
|
|
|
|
|
|
|
|
|
|
Member.default_scoped.from_union([
|
|
|
|
|
group_members,
|
|
|
|
|
project_members
|
|
|
|
|
]).merge(self)
|
|
|
|
|
end
|
|
|
|
|
|
2016-09-05 11:37:26 -04:00
|
|
|
# This scope encapsulates (most of) the conditions a row in the member table
|
|
|
|
|
# must satisfy if it is a valid permission. Of particular note:
|
|
|
|
|
#
|
|
|
|
|
# * Access requests must be excluded
|
|
|
|
|
# * Blocked users must be excluded
|
|
|
|
|
# * Invitations take effect immediately
|
|
|
|
|
# * expires_at is not implemented. A background worker purges expired rows
|
|
|
|
|
scope :active, -> do
|
|
|
|
|
is_external_invite = arel_table[:user_id].eq(nil).and(arel_table[:invite_token].not_eq(nil))
|
|
|
|
|
user_is_active = User.arel_table[:state].eq(:active)
|
|
|
|
|
|
2017-08-11 10:19:11 -04:00
|
|
|
user_ok = Arel::Nodes::Grouping.new(is_external_invite).or(user_is_active)
|
|
|
|
|
|
|
|
|
|
left_join_users
|
|
|
|
|
.where(user_ok)
|
2021-03-15 20:09:44 -04:00
|
|
|
.non_request
|
|
|
|
|
.non_minimal_access
|
|
|
|
|
.reorder(nil)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
scope :blocked, -> do
|
|
|
|
|
is_external_invite = arel_table[:user_id].eq(nil).and(arel_table[:invite_token].not_eq(nil))
|
|
|
|
|
user_is_blocked = User.arel_table[:state].eq(:blocked)
|
|
|
|
|
|
|
|
|
|
left_join_users
|
2021-05-06 17:10:07 -04:00
|
|
|
.where(user_is_blocked)
|
|
|
|
|
.where.not(is_external_invite)
|
2021-03-15 20:09:44 -04:00
|
|
|
.non_request
|
2020-09-10 14:08:54 -04:00
|
|
|
.non_minimal_access
|
2017-08-11 10:19:11 -04:00
|
|
|
.reorder(nil)
|
|
|
|
|
end
|
|
|
|
|
|
2021-05-18 17:10:16 -04:00
|
|
|
scope :connected_to_user, -> { where.not(user_id: nil) }
|
|
|
|
|
|
2021-05-12 14:10:35 -04:00
|
|
|
# This scope is exclusively used to get the members
|
|
|
|
|
# that can possibly have project_authorization records
|
|
|
|
|
# to projects/groups.
|
|
|
|
|
scope :authorizable, -> do
|
2021-05-18 17:10:16 -04:00
|
|
|
connected_to_user
|
2021-05-12 14:10:35 -04:00
|
|
|
.non_request
|
|
|
|
|
.non_minimal_access
|
|
|
|
|
end
|
|
|
|
|
|
2017-08-11 10:19:11 -04:00
|
|
|
# Like active, but without invites. For when a User is required.
|
2018-03-21 12:14:32 -04:00
|
|
|
scope :active_without_invites_and_requests, -> do
|
2017-08-11 10:19:11 -04:00
|
|
|
left_join_users
|
|
|
|
|
.where(users: { state: 'active' })
|
2021-06-07 11:09:56 -04:00
|
|
|
.without_invites_and_requests
|
|
|
|
|
.reorder(nil)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
scope :without_invites_and_requests, -> do
|
|
|
|
|
non_request
|
2020-09-10 14:08:54 -04:00
|
|
|
.non_invite
|
|
|
|
|
.non_minimal_access
|
2016-09-05 11:37:26 -04:00
|
|
|
end
|
|
|
|
|
|
2016-04-18 12:53:32 -04:00
|
|
|
scope :invite, -> { where.not(invite_token: nil) }
|
2016-06-02 12:05:06 -04:00
|
|
|
scope :non_invite, -> { where(invite_token: nil) }
|
2021-02-11 10:09:11 -05:00
|
|
|
|
2016-04-18 12:53:32 -04:00
|
|
|
scope :request, -> { where.not(requested_at: nil) }
|
2017-02-08 10:02:25 -05:00
|
|
|
scope :non_request, -> { where(requested_at: nil) }
|
2016-09-05 11:37:26 -04:00
|
|
|
|
2020-09-28 05:09:35 -04:00
|
|
|
scope :not_accepted_invitations, -> { invite.where(invite_accepted_at: nil) }
|
|
|
|
|
scope :not_accepted_invitations_by_user, -> (user) { not_accepted_invitations.where(created_by: user) }
|
|
|
|
|
scope :not_expired, -> (today = Date.current) { where(arel_table[:expires_at].gt(today).or(arel_table[:expires_at].eq(nil))) }
|
2021-02-11 10:09:11 -05:00
|
|
|
|
|
|
|
|
scope :created_today, -> do
|
|
|
|
|
now = Date.current
|
|
|
|
|
where(created_at: now.beginning_of_day..now.end_of_day)
|
|
|
|
|
end
|
2020-09-28 05:09:35 -04:00
|
|
|
scope :last_ten_days_excluding_today, -> (today = Date.current) { where(created_at: (today - 10).beginning_of_day..(today - 1).end_of_day) }
|
2020-09-02 11:10:54 -04:00
|
|
|
|
2016-09-05 11:37:26 -04:00
|
|
|
scope :has_access, -> { active.where('access_level > 0') }
|
|
|
|
|
|
|
|
|
|
scope :guests, -> { active.where(access_level: GUEST) }
|
|
|
|
|
scope :reporters, -> { active.where(access_level: REPORTER) }
|
|
|
|
|
scope :developers, -> { active.where(access_level: DEVELOPER) }
|
2018-07-11 10:36:08 -04:00
|
|
|
scope :maintainers, -> { active.where(access_level: MAINTAINER) }
|
2020-02-17 04:08:52 -05:00
|
|
|
scope :non_guests, -> { where('members.access_level > ?', GUEST) }
|
2020-09-10 14:08:54 -04:00
|
|
|
scope :non_minimal_access, -> { where('members.access_level > ?', MINIMAL_ACCESS) }
|
2020-03-23 08:09:47 -04:00
|
|
|
scope :owners, -> { active.where(access_level: OWNER) }
|
2019-01-16 07:09:29 -05:00
|
|
|
scope :owners_and_maintainers, -> { active.where(access_level: [OWNER, MAINTAINER]) }
|
2018-11-16 10:09:32 -05:00
|
|
|
scope :with_user, -> (user) { where(user: user) }
|
2020-11-04 19:09:16 -05:00
|
|
|
|
2020-07-17 14:09:20 -04:00
|
|
|
scope :preload_user_and_notification_settings, -> { preload(user: :notification_settings) }
|
2014-09-14 12:32:51 -04:00
|
|
|
|
2019-01-29 13:10:37 -05:00
|
|
|
scope :with_source_id, ->(source_id) { where(source_id: source_id) }
|
2020-01-22 10:08:48 -05:00
|
|
|
scope :including_source, -> { includes(:source) }
|
2019-01-29 13:10:37 -05:00
|
|
|
|
2021-03-30 11:11:08 -04:00
|
|
|
scope :distinct_on_user_with_max_access_level, -> do
|
|
|
|
|
distinct_members = select('DISTINCT ON (user_id, invite_email) *')
|
|
|
|
|
.order('user_id, invite_email, access_level DESC, expires_at DESC, created_at ASC')
|
2021-04-29 05:10:11 -04:00
|
|
|
|
2021-06-21 05:10:07 -04:00
|
|
|
unscoped.from(distinct_members, :members)
|
2021-03-30 11:11:08 -04:00
|
|
|
end
|
|
|
|
|
|
2016-11-18 12:50:29 -05:00
|
|
|
scope :order_name_asc, -> { left_join_users.reorder(Gitlab::Database.nulls_last_order('users.name', 'ASC')) }
|
|
|
|
|
scope :order_name_desc, -> { left_join_users.reorder(Gitlab::Database.nulls_last_order('users.name', 'DESC')) }
|
|
|
|
|
scope :order_recent_sign_in, -> { left_join_users.reorder(Gitlab::Database.nulls_last_order('users.last_sign_in_at', 'DESC')) }
|
|
|
|
|
scope :order_oldest_sign_in, -> { left_join_users.reorder(Gitlab::Database.nulls_last_order('users.last_sign_in_at', 'ASC')) }
|
2016-11-16 16:37:51 -05:00
|
|
|
|
2019-01-14 16:53:37 -05:00
|
|
|
scope :on_project_and_ancestors, ->(project) { where(source: [project] + project.ancestors) }
|
|
|
|
|
|
2022-01-24 10:11:33 -05:00
|
|
|
before_validation :set_member_namespace_id, on: :create
|
2021-08-16 17:11:02 -04:00
|
|
|
before_validation :generate_invite_token, on: :create, if: -> (member) { member.invite_email.present? && !member.invite_accepted_at? }
|
2016-03-14 09:13:35 -04:00
|
|
|
|
2016-06-01 12:03:51 -04:00
|
|
|
after_create :send_invite, if: :invite?, unless: :importing?
|
2016-06-16 08:07:49 -04:00
|
|
|
after_create :send_request, if: :request?, unless: :importing?
|
|
|
|
|
after_create :create_notification_setting, unless: [:pending?, :importing?]
|
2021-05-20 17:10:31 -04:00
|
|
|
after_create :post_create_hook, unless: [:pending?, :importing?], if: :hook_prerequisites_met?
|
|
|
|
|
after_update :post_update_hook, unless: [:pending?, :importing?], if: :hook_prerequisites_met?
|
2018-03-07 14:54:28 -05:00
|
|
|
after_destroy :destroy_notification_setting
|
2021-05-20 17:10:31 -04:00
|
|
|
after_destroy :post_destroy_hook, unless: :pending?, if: :hook_prerequisites_met?
|
2021-07-29 11:09:48 -04:00
|
|
|
after_save :log_invitation_token_cleanup
|
|
|
|
|
|
2021-09-28 11:11:30 -04:00
|
|
|
after_commit on: [:create, :update], unless: :importing? do
|
|
|
|
|
refresh_member_authorized_projects(blocking: true)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
after_commit on: [:destroy], unless: :importing? do
|
2021-10-17 23:12:16 -04:00
|
|
|
refresh_member_authorized_projects(blocking: false)
|
2021-09-28 11:11:30 -04:00
|
|
|
end
|
2015-04-10 09:09:37 -04:00
|
|
|
|
2016-03-28 17:22:28 -04:00
|
|
|
default_value_for :notification_level, NotificationSetting.levels[:global]
|
|
|
|
|
|
2015-04-14 06:33:27 -04:00
|
|
|
class << self
|
2016-11-16 16:37:51 -05:00
|
|
|
def search(query)
|
2022-02-02 22:17:22 -05:00
|
|
|
joins(:user).merge(User.search(query))
|
2016-11-16 16:37:51 -05:00
|
|
|
end
|
|
|
|
|
|
2019-08-09 03:33:42 -04:00
|
|
|
def search_invite_email(query)
|
2019-05-18 11:06:20 -04:00
|
|
|
invite.where(['invite_email ILIKE ?', "%#{query}%"])
|
|
|
|
|
end
|
|
|
|
|
|
2018-04-20 05:25:22 -04:00
|
|
|
def filter_by_2fa(value)
|
|
|
|
|
case value
|
|
|
|
|
when 'enabled'
|
2018-08-21 05:29:31 -04:00
|
|
|
left_join_users.merge(User.with_two_factor)
|
2018-04-20 05:25:22 -04:00
|
|
|
when 'disabled'
|
|
|
|
|
left_join_users.merge(User.without_two_factor)
|
|
|
|
|
else
|
|
|
|
|
all
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2018-04-04 05:19:47 -04:00
|
|
|
def sort_by_attribute(method)
|
2016-11-16 16:37:51 -05:00
|
|
|
case method.to_s
|
2016-11-16 16:45:35 -05:00
|
|
|
when 'access_level_asc' then reorder(access_level: :asc)
|
|
|
|
|
when 'access_level_desc' then reorder(access_level: :desc)
|
2016-11-16 16:37:51 -05:00
|
|
|
when 'recent_sign_in' then order_recent_sign_in
|
|
|
|
|
when 'oldest_sign_in' then order_oldest_sign_in
|
|
|
|
|
when 'last_joined' then order_created_desc
|
|
|
|
|
when 'oldest_joined' then order_created_asc
|
|
|
|
|
else
|
|
|
|
|
order_by(method)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2016-11-18 12:50:29 -05:00
|
|
|
def left_join_users
|
2021-12-23 07:15:16 -05:00
|
|
|
left_outer_joins(:user)
|
2016-11-18 12:50:29 -05:00
|
|
|
end
|
|
|
|
|
|
2016-07-25 09:21:55 -04:00
|
|
|
def access_for_user_ids(user_ids)
|
2016-08-04 01:59:14 -04:00
|
|
|
where(user_id: user_ids).has_access.pluck(:user_id, :access_level).to_h
|
2016-07-25 09:21:55 -04:00
|
|
|
end
|
|
|
|
|
|
2020-09-04 17:08:41 -04:00
|
|
|
def find_by_invite_token(raw_invite_token)
|
|
|
|
|
invite_token = Devise.token_generator.digest(self, :invite_token, raw_invite_token)
|
2015-04-14 06:33:27 -04:00
|
|
|
find_by(invite_token: invite_token)
|
|
|
|
|
end
|
|
|
|
|
|
2021-04-07 17:09:01 -04:00
|
|
|
def valid_email?(email)
|
|
|
|
|
Devise.email_regexp.match?(email)
|
|
|
|
|
end
|
2015-04-10 09:22:31 -04:00
|
|
|
end
|
|
|
|
|
|
2016-06-02 12:05:06 -04:00
|
|
|
def real_source_type
|
|
|
|
|
source_type
|
|
|
|
|
end
|
|
|
|
|
|
2017-06-02 10:13:10 -04:00
|
|
|
def access_field
|
|
|
|
|
access_level
|
|
|
|
|
end
|
|
|
|
|
|
2015-04-10 09:09:37 -04:00
|
|
|
def invite?
|
|
|
|
|
self.invite_token.present?
|
|
|
|
|
end
|
|
|
|
|
|
2016-03-14 09:13:35 -04:00
|
|
|
def request?
|
2016-06-02 12:05:06 -04:00
|
|
|
requested_at.present?
|
2016-03-14 09:13:35 -04:00
|
|
|
end
|
|
|
|
|
|
2016-06-02 12:05:06 -04:00
|
|
|
def pending?
|
|
|
|
|
invite? || request?
|
2015-04-10 09:09:37 -04:00
|
|
|
end
|
|
|
|
|
|
2021-05-20 17:10:31 -04:00
|
|
|
def hook_prerequisites_met?
|
|
|
|
|
# It is essential that an associated user record exists
|
|
|
|
|
# so that we can successfully fire any member related hooks/notifications.
|
|
|
|
|
user.present?
|
|
|
|
|
end
|
|
|
|
|
|
2016-04-18 12:53:32 -04:00
|
|
|
def accept_request
|
2016-03-14 09:13:35 -04:00
|
|
|
return false unless request?
|
|
|
|
|
|
2016-06-02 12:05:06 -04:00
|
|
|
updated = self.update(requested_at: nil)
|
2016-04-18 12:53:32 -04:00
|
|
|
after_accept_request if updated
|
2016-03-14 09:13:35 -04:00
|
|
|
|
2016-04-18 12:53:32 -04:00
|
|
|
updated
|
2016-03-14 09:13:35 -04:00
|
|
|
end
|
|
|
|
|
|
2015-04-10 09:09:37 -04:00
|
|
|
def accept_invite!(new_user)
|
2015-04-10 09:22:31 -04:00
|
|
|
return false unless invite?
|
2021-08-31 05:08:57 -04:00
|
|
|
return false unless new_user
|
|
|
|
|
|
|
|
|
|
self.user = new_user
|
|
|
|
|
return false unless self.user.save
|
2015-11-11 10:42:27 -05:00
|
|
|
|
2015-04-10 09:09:37 -04:00
|
|
|
self.invite_token = nil
|
2020-05-22 05:08:09 -04:00
|
|
|
self.invite_accepted_at = Time.current.utc
|
2015-04-10 09:09:37 -04:00
|
|
|
|
|
|
|
|
saved = self.save
|
|
|
|
|
|
|
|
|
|
after_accept_invite if saved
|
|
|
|
|
|
|
|
|
|
saved
|
|
|
|
|
end
|
|
|
|
|
|
2015-04-10 10:37:02 -04:00
|
|
|
def decline_invite!
|
|
|
|
|
return false unless invite?
|
|
|
|
|
|
|
|
|
|
destroyed = self.destroy
|
|
|
|
|
|
|
|
|
|
after_decline_invite if destroyed
|
|
|
|
|
|
|
|
|
|
destroyed
|
|
|
|
|
end
|
|
|
|
|
|
2015-04-10 09:09:37 -04:00
|
|
|
def generate_invite_token
|
|
|
|
|
raw, enc = Devise.token_generator.generate(self.class, :invite_token)
|
|
|
|
|
@raw_invite_token = raw
|
|
|
|
|
self.invite_token = enc
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def generate_invite_token!
|
|
|
|
|
generate_invite_token && save(validate: false)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def resend_invite
|
|
|
|
|
return unless invite?
|
|
|
|
|
|
|
|
|
|
generate_invite_token! unless @raw_invite_token
|
|
|
|
|
|
|
|
|
|
send_invite
|
|
|
|
|
end
|
|
|
|
|
|
2020-09-25 11:09:36 -04:00
|
|
|
def send_invitation_reminder(reminder_index)
|
|
|
|
|
return unless invite?
|
|
|
|
|
|
|
|
|
|
generate_invite_token! unless @raw_invite_token
|
|
|
|
|
|
|
|
|
|
run_after_commit_or_now { notification_service.invite_member_reminder(self, @raw_invite_token, reminder_index) }
|
|
|
|
|
end
|
|
|
|
|
|
2016-03-28 12:25:57 -04:00
|
|
|
def create_notification_setting
|
2016-03-29 08:03:23 -04:00
|
|
|
user.notification_settings.find_or_create_for(source)
|
2016-03-28 12:25:57 -04:00
|
|
|
end
|
|
|
|
|
|
2018-03-07 14:54:28 -05:00
|
|
|
def destroy_notification_setting
|
|
|
|
|
notification_setting&.destroy
|
|
|
|
|
end
|
|
|
|
|
|
2016-03-29 07:37:43 -04:00
|
|
|
def notification_setting
|
2018-02-14 07:01:12 -05:00
|
|
|
@notification_setting ||= user&.notification_settings_for(source)
|
2016-03-28 14:31:36 -04:00
|
|
|
end
|
|
|
|
|
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ServiceClass
|
2017-08-07 20:36:35 -04:00
|
|
|
def notifiable?(type, opts = {})
|
2017-08-04 16:56:33 -04:00
|
|
|
# always notify when there isn't a user yet
|
|
|
|
|
return true if user.blank?
|
|
|
|
|
|
2020-03-10 08:08:16 -04:00
|
|
|
NotificationRecipients::BuildService.notifiable?(user, type, notifiable_options.merge(opts))
|
2017-08-04 16:56:33 -04:00
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ServiceClass
|
2017-08-04 16:56:33 -04:00
|
|
|
|
2018-12-06 08:15:29 -05:00
|
|
|
# Find the user's group member with a highest access level
|
|
|
|
|
def highest_group_member
|
|
|
|
|
strong_memoize(:highest_group_member) do
|
|
|
|
|
next unless user_id && source&.ancestors&.any?
|
|
|
|
|
|
|
|
|
|
GroupMember.where(source: source.ancestors, user_id: user_id).order(:access_level).last
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2020-08-25 14:10:49 -04:00
|
|
|
def invite_to_unknown_user?
|
|
|
|
|
invite? && user_id.nil?
|
|
|
|
|
end
|
|
|
|
|
|
2020-11-16 10:09:23 -05:00
|
|
|
def created_by_name
|
|
|
|
|
created_by&.name
|
|
|
|
|
end
|
|
|
|
|
|
2015-04-10 09:09:37 -04:00
|
|
|
private
|
|
|
|
|
|
2022-01-24 10:11:33 -05:00
|
|
|
# TODO: https://gitlab.com/groups/gitlab-org/-/epics/7054
|
|
|
|
|
# temporary until we can we properly remove the source columns
|
|
|
|
|
def set_member_namespace_id
|
|
|
|
|
self.member_namespace_id = self.source_id
|
|
|
|
|
end
|
|
|
|
|
|
2021-12-08 07:13:04 -05:00
|
|
|
def access_level_inclusion
|
|
|
|
|
return if access_level.in?(Gitlab::Access.all_values)
|
|
|
|
|
|
|
|
|
|
errors.add(:access_level, "is not included in the list")
|
|
|
|
|
end
|
|
|
|
|
|
2015-04-10 09:09:37 -04:00
|
|
|
def send_invite
|
|
|
|
|
# override in subclass
|
|
|
|
|
end
|
|
|
|
|
|
2016-04-18 12:53:32 -04:00
|
|
|
def send_request
|
2016-06-17 08:06:55 -04:00
|
|
|
notification_service.new_access_request(self)
|
2015-04-10 09:09:37 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def post_create_hook
|
|
|
|
|
system_hook_service.execute_hooks_for(self, :create)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def post_update_hook
|
2019-08-28 19:27:18 -04:00
|
|
|
system_hook_service.execute_hooks_for(self, :update)
|
2015-04-10 09:09:37 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def post_destroy_hook
|
|
|
|
|
system_hook_service.execute_hooks_for(self, :destroy)
|
|
|
|
|
end
|
|
|
|
|
|
Fix race conditions for AuthorizedProjectsWorker
There were two cases that could be problematic:
1. Because sometimes AuthorizedProjectsWorker would be scheduled in a
transaction it was possible for a job to run/complete before a
COMMIT; resulting in it either producing an error, or producing no
new data.
2. When scheduling jobs the code would not wait until completion. This
could lead to a user creating a project and then immediately trying
to push to it. Usually this will work fine, but given enough load it
might take a few seconds before a user has access.
The first one is problematic, the second one is mostly just annoying
(but annoying enough to warrant a solution).
This commit changes two things to deal with this:
1. Sidekiq scheduling now takes places after a COMMIT, this is ensured
by scheduling using Rails' after_commit hook instead of doing so in
an arbitrary method.
2. When scheduling jobs the calling thread now waits for all jobs to
complete.
Solution 2 requires tracking of job completions. Sidekiq provides a way
to find a job by its ID, but this involves scanning over the entire
queue; something that is very in-efficient for large queues. As such a
more efficient solution is necessary. There are two main Gems that can
do this in a more efficient manner:
* sidekiq-status
* sidekiq_status
No, this is not a joke. Both Gems do a similar thing (but slightly
different), and the only difference in their name is a dash vs an
underscore. Both Gems however provide far more than just checking if a
job has been completed, and both have their problems. sidekiq-status
does not appear to be actively maintained, with the last release being
in 2015. It also has some issues during testing as API calls are not
stubbed in any way. sidekiq_status on the other hand does not appear to
be very popular, and introduces a similar amount of code.
Because of this I opted to write a simple home grown solution. After
all, all we need is storing a job ID somewhere so we can efficiently
look it up; we don't need extra web UIs (as provided by sidekiq-status)
or complex APIs to update progress, etc.
This is where Gitlab::SidekiqStatus comes in handy. This namespace
contains some code used for tracking, removing, and looking up job IDs;
all without having to scan over an entire queue. Data is removed
explicitly, but also expires automatically just in case.
Using this API we can now schedule jobs in a fork-join like manner: we
schedule the jobs in Sidekiq, process them in parallel, then wait for
completion. By using Sidekiq we can leverage all the benefits such as
being able to scale across multiple cores and hosts, retrying failed
jobs, etc.
The one downside is that we need to make sure we can deal with
unexpected increases in job processing timings. To deal with this the
class Gitlab::JobWaiter (used for waiting for jobs to complete) will
only wait a number of seconds (30 by default). Once this timeout is
reached it will simply return.
For GitLab.com almost all AuthorizedProjectWorker jobs complete in
seconds, only very rarely do we spike to job timings of around a minute.
These in turn seem to be the result of external factors (e.g. deploys),
in which case a user is most likely not able to use the system anyway.
In short, this new solution should ensure that jobs are processed
properly and that in almost all cases a user has access to their
resources whenever they need to have access.
2017-01-22 12:22:02 -05:00
|
|
|
# Refreshes authorizations of the current member.
|
|
|
|
|
#
|
|
|
|
|
# This method schedules a job using Sidekiq and as such **must not** be called
|
|
|
|
|
# in a transaction. Doing so can lead to the job running before the
|
|
|
|
|
# transaction has been committed, resulting in the job either throwing an
|
|
|
|
|
# error or not doing any meaningful work.
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ServiceClass
|
2021-09-28 11:11:30 -04:00
|
|
|
def refresh_member_authorized_projects(blocking:)
|
|
|
|
|
UserProjectAccessChangedService.new(user_id).execute(blocking: blocking)
|
2016-10-11 08:25:17 -04:00
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ServiceClass
|
2016-10-11 08:25:17 -04:00
|
|
|
|
2015-04-10 09:09:37 -04:00
|
|
|
def after_accept_invite
|
|
|
|
|
post_create_hook
|
2021-10-25 08:10:19 -04:00
|
|
|
|
2021-11-23 19:12:33 -05:00
|
|
|
run_after_commit_or_now do
|
|
|
|
|
if member_task
|
|
|
|
|
TasksToBeDone::CreateWorker.perform_async(member_task.id, created_by_id, [user_id.to_i])
|
2021-10-25 08:10:19 -04:00
|
|
|
end
|
|
|
|
|
end
|
2015-04-10 09:09:37 -04:00
|
|
|
end
|
|
|
|
|
|
2015-04-10 10:37:02 -04:00
|
|
|
def after_decline_invite
|
|
|
|
|
# override in subclass
|
|
|
|
|
end
|
|
|
|
|
|
2016-04-18 12:53:32 -04:00
|
|
|
def after_accept_request
|
2015-04-10 09:09:37 -04:00
|
|
|
post_create_hook
|
|
|
|
|
end
|
|
|
|
|
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ServiceClass
|
2015-04-10 09:09:37 -04:00
|
|
|
def system_hook_service
|
|
|
|
|
SystemHooksService.new
|
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ServiceClass
|
2015-04-10 09:09:37 -04:00
|
|
|
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ServiceClass
|
2015-04-10 09:09:37 -04:00
|
|
|
def notification_service
|
|
|
|
|
NotificationService.new
|
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ServiceClass
|
2017-08-04 14:53:36 -04:00
|
|
|
|
2017-08-04 16:56:33 -04:00
|
|
|
def notifiable_options
|
|
|
|
|
{}
|
2017-08-04 14:53:36 -04:00
|
|
|
end
|
2018-12-06 08:15:29 -05:00
|
|
|
|
|
|
|
|
def higher_access_level_than_group
|
2019-04-30 14:39:15 -04:00
|
|
|
if highest_group_member && highest_group_member.access_level > access_level
|
2018-12-06 08:15:29 -05:00
|
|
|
error_parameters = { access: highest_group_member.human_access, group_name: highest_group_member.group.name }
|
|
|
|
|
|
2019-04-30 14:39:15 -04:00
|
|
|
errors.add(:access_level, s_("should be greater than or equal to %{access} inherited membership from group %{group_name}") % error_parameters)
|
2018-12-06 08:15:29 -05:00
|
|
|
end
|
|
|
|
|
end
|
2020-03-26 05:07:52 -04:00
|
|
|
|
2021-08-10 08:11:00 -04:00
|
|
|
def signup_email_valid?
|
|
|
|
|
error = validate_admin_signup_restrictions(invite_email)
|
|
|
|
|
|
|
|
|
|
errors.add(:user, error) if error
|
|
|
|
|
end
|
|
|
|
|
|
2021-10-01 17:11:37 -04:00
|
|
|
def signup_email_invalid_message
|
|
|
|
|
if source_type == 'Project'
|
|
|
|
|
_("is not allowed for this project.")
|
|
|
|
|
else
|
|
|
|
|
_("is not allowed for this group.")
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2020-04-07 11:09:30 -04:00
|
|
|
def update_highest_role?
|
2020-03-26 05:07:52 -04:00
|
|
|
return unless user_id.present?
|
|
|
|
|
|
2021-07-02 08:08:31 -04:00
|
|
|
previous_changes[:access_level].present? || destroyed?
|
2020-04-07 11:09:30 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def update_highest_role_attribute
|
|
|
|
|
user_id
|
2020-03-26 05:07:52 -04:00
|
|
|
end
|
2020-07-16 11:09:38 -04:00
|
|
|
|
|
|
|
|
def project_bot?
|
|
|
|
|
user&.project_bot?
|
|
|
|
|
end
|
2021-07-29 11:09:48 -04:00
|
|
|
|
|
|
|
|
def log_invitation_token_cleanup
|
|
|
|
|
return true unless Gitlab.com? && invite? && invite_accepted_at?
|
|
|
|
|
|
|
|
|
|
error = StandardError.new("Invitation token is present but invite was already accepted!")
|
|
|
|
|
Gitlab::ErrorTracking.track_exception(error, attributes.slice(%w["invite_accepted_at created_at source_type source_id user_id id"]))
|
|
|
|
|
end
|
2014-09-14 10:54:10 -04:00
|
|
|
end
|
2019-09-13 09:26:31 -04:00
|
|
|
|
2021-05-11 17:10:21 -04:00
|
|
|
Member.prepend_mod_with('Member')
|