2014-01-27 16:34:05 -05:00
|
|
|
require 'carrierwave/orm/activerecord'
|
|
|
|
|
2012-11-22 13:34:16 -05:00
|
|
|
class Group < Namespace
|
2015-08-24 10:46:06 -04:00
|
|
|
include Gitlab::ConfigHelper
|
2016-03-01 10:22:29 -05:00
|
|
|
include Gitlab::VisibilityLevel
|
2016-04-18 12:53:32 -04:00
|
|
|
include AccessRequestable
|
2017-05-10 00:26:17 -04:00
|
|
|
include Avatarable
|
2015-05-02 23:11:21 -04:00
|
|
|
include Referable
|
2016-10-11 08:25:17 -04:00
|
|
|
include SelectForProjectAuthorization
|
2016-03-01 10:22:29 -05:00
|
|
|
|
2016-10-18 17:20:36 -04:00
|
|
|
has_many :group_members, -> { where(requested_at: nil) }, dependent: :destroy, as: :source
|
2015-11-11 10:42:27 -05:00
|
|
|
alias_method :members, :group_members
|
2016-06-27 10:20:57 -04:00
|
|
|
has_many :users, through: :group_members
|
2016-06-15 09:22:05 -04:00
|
|
|
has_many :owners,
|
2016-06-27 10:20:57 -04:00
|
|
|
-> { where(members: { access_level: Gitlab::Access::OWNER }) },
|
2016-06-15 09:22:05 -04:00
|
|
|
through: :group_members,
|
|
|
|
source: :user
|
|
|
|
|
2016-06-27 10:20:57 -04:00
|
|
|
has_many :requesters, -> { where.not(requested_at: nil) }, dependent: :destroy, as: :source, class_name: 'GroupMember'
|
|
|
|
|
2016-03-11 11:47:05 -05:00
|
|
|
has_many :project_group_links, dependent: :destroy
|
|
|
|
has_many :shared_projects, through: :project_group_links, source: :project
|
2016-03-28 14:31:36 -04:00
|
|
|
has_many :notification_settings, dependent: :destroy, as: :source
|
2016-09-19 11:04:38 -04:00
|
|
|
has_many :labels, class_name: 'GroupLabel'
|
2013-04-02 18:28:12 -04:00
|
|
|
|
2015-05-06 17:33:39 -04:00
|
|
|
validate :avatar_type, if: ->(user) { user.avatar.present? && user.avatar_changed? }
|
2016-03-18 08:28:16 -04:00
|
|
|
validate :visibility_level_allowed_by_projects
|
|
|
|
|
2015-01-02 08:54:51 -05:00
|
|
|
validates :avatar, file_size: { maximum: 200.kilobytes.to_i }
|
2014-01-27 16:34:05 -05:00
|
|
|
|
2017-01-24 16:09:58 -05:00
|
|
|
validates :two_factor_grace_period, presence: true, numericality: { greater_than_or_equal_to: 0 }
|
|
|
|
|
2015-02-20 09:19:50 -05:00
|
|
|
mount_uploader :avatar, AvatarUploader
|
2017-03-02 12:02:33 -05:00
|
|
|
has_many :uploads, as: :model, dependent: :destroy
|
2014-05-28 12:03:01 -04:00
|
|
|
|
2014-08-21 06:53:32 -04:00
|
|
|
after_create :post_create_hook
|
|
|
|
after_destroy :post_destroy_hook
|
2017-01-24 16:09:58 -05:00
|
|
|
after_save :update_two_factor_requirement
|
2014-08-21 06:53:32 -04:00
|
|
|
|
2015-02-05 22:15:05 -05:00
|
|
|
class << self
|
2016-03-01 10:15:42 -05:00
|
|
|
# Searches for groups matching the given query.
|
|
|
|
#
|
|
|
|
# This method uses ILIKE on PostgreSQL and LIKE on MySQL.
|
|
|
|
#
|
|
|
|
# query - The search query as a String
|
|
|
|
#
|
|
|
|
# Returns an ActiveRecord::Relation.
|
2015-02-05 22:15:05 -05:00
|
|
|
def search(query)
|
2016-03-04 06:01:21 -05:00
|
|
|
table = Namespace.arel_table
|
2016-03-01 10:15:42 -05:00
|
|
|
pattern = "%#{query}%"
|
|
|
|
|
|
|
|
where(table[:name].matches(pattern).or(table[:path].matches(pattern)))
|
2015-02-05 22:15:05 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def sort(method)
|
2016-11-22 11:58:10 -05:00
|
|
|
if method == 'storage_size_desc'
|
|
|
|
# storage_size is a virtual column so we need to
|
|
|
|
# pass a string to avoid AR adding the table name
|
|
|
|
reorder('storage_size DESC, namespaces.id DESC')
|
|
|
|
else
|
|
|
|
order_by(method)
|
|
|
|
end
|
2015-02-05 22:15:05 -05:00
|
|
|
end
|
2015-05-02 23:11:21 -04:00
|
|
|
|
|
|
|
def reference_prefix
|
2015-05-14 16:59:39 -04:00
|
|
|
User.reference_prefix
|
|
|
|
end
|
|
|
|
|
|
|
|
def reference_pattern
|
|
|
|
User.reference_pattern
|
2015-05-02 23:11:21 -04:00
|
|
|
end
|
2015-11-18 06:27:21 -05:00
|
|
|
|
|
|
|
def visible_to_user(user)
|
|
|
|
where(id: user.authorized_groups.select(:id).reorder(nil))
|
|
|
|
end
|
2016-10-11 08:25:17 -04:00
|
|
|
|
|
|
|
def select_for_project_authorization
|
|
|
|
if current_scope.joins_values.include?(:shared_projects)
|
2016-11-21 08:33:58 -05:00
|
|
|
joins('INNER JOIN namespaces project_namespace ON project_namespace.id = projects.namespace_id')
|
|
|
|
.where('project_namespace.share_with_group_lock = ?', false)
|
|
|
|
.select("members.user_id, projects.id AS project_id, LEAST(project_group_links.group_access, members.access_level) AS access_level")
|
2016-10-11 08:25:17 -04:00
|
|
|
else
|
|
|
|
super
|
|
|
|
end
|
|
|
|
end
|
2015-05-02 23:11:21 -04:00
|
|
|
end
|
|
|
|
|
2016-12-21 11:41:33 -05:00
|
|
|
def to_reference(_from_project = nil, full: nil)
|
2017-02-13 06:26:33 -05:00
|
|
|
"#{self.class.reference_prefix}#{full_path}"
|
2015-02-05 22:15:05 -05:00
|
|
|
end
|
|
|
|
|
2016-06-02 10:14:02 -04:00
|
|
|
def web_url
|
2016-10-26 14:13:58 -04:00
|
|
|
Gitlab::Routing.url_helpers.group_canonical_url(self)
|
2016-06-02 10:14:02 -04:00
|
|
|
end
|
|
|
|
|
2012-11-22 23:11:09 -05:00
|
|
|
def human_name
|
2016-12-13 10:00:06 -05:00
|
|
|
full_name
|
2012-11-22 23:11:09 -05:00
|
|
|
end
|
2012-12-30 07:26:19 -05:00
|
|
|
|
2016-03-02 17:13:50 -05:00
|
|
|
def visibility_level_field
|
2017-03-01 15:23:00 -05:00
|
|
|
:visibility_level
|
2016-03-02 17:13:50 -05:00
|
|
|
end
|
|
|
|
|
2016-03-18 08:28:16 -04:00
|
|
|
def visibility_level_allowed_by_projects
|
2016-03-21 19:09:20 -04:00
|
|
|
allowed_by_projects = self.projects.where('visibility_level > ?', self.visibility_level).none?
|
2016-03-18 08:28:16 -04:00
|
|
|
|
|
|
|
unless allowed_by_projects
|
|
|
|
level_name = Gitlab::VisibilityLevel.level_name(visibility_level).downcase
|
|
|
|
self.errors.add(:visibility_level, "#{level_name} is not allowed since there are projects with higher visibility.")
|
|
|
|
end
|
|
|
|
|
|
|
|
allowed_by_projects
|
|
|
|
end
|
|
|
|
|
2017-05-10 00:26:17 -04:00
|
|
|
def avatar_url(**args)
|
|
|
|
# We use avatar_path instead of overriding avatar_url because of carrierwave.
|
|
|
|
# See https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11001/diffs#note_28659864
|
|
|
|
avatar_path(args)
|
2015-07-28 09:49:44 -04:00
|
|
|
end
|
|
|
|
|
2016-09-01 19:49:48 -04:00
|
|
|
def lfs_enabled?
|
|
|
|
return false unless Gitlab.config.lfs.enabled
|
|
|
|
return Gitlab.config.lfs.enabled if self[:lfs_enabled].nil?
|
|
|
|
|
|
|
|
self[:lfs_enabled]
|
|
|
|
end
|
|
|
|
|
2016-09-16 11:54:21 -04:00
|
|
|
def add_users(users, access_level, current_user: nil, expires_at: nil)
|
2017-04-21 10:07:42 -04:00
|
|
|
GroupMember.add_users(
|
2016-09-16 11:54:21 -04:00
|
|
|
self,
|
|
|
|
users,
|
|
|
|
access_level,
|
|
|
|
current_user: current_user,
|
|
|
|
expires_at: expires_at
|
|
|
|
)
|
2013-06-18 09:56:31 -04:00
|
|
|
end
|
|
|
|
|
2016-08-18 12:01:50 -04:00
|
|
|
def add_user(user, access_level, current_user: nil, expires_at: nil)
|
2016-09-16 11:54:21 -04:00
|
|
|
GroupMember.add_user(
|
|
|
|
self,
|
|
|
|
user,
|
|
|
|
access_level,
|
|
|
|
current_user: current_user,
|
|
|
|
expires_at: expires_at
|
|
|
|
)
|
2013-09-25 07:05:35 -04:00
|
|
|
end
|
|
|
|
|
2015-08-07 00:20:02 -04:00
|
|
|
def add_guest(user, current_user = nil)
|
2016-09-16 11:54:21 -04:00
|
|
|
add_user(user, :guest, current_user: current_user)
|
2015-08-07 00:20:02 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def add_reporter(user, current_user = nil)
|
2016-09-16 11:54:21 -04:00
|
|
|
add_user(user, :reporter, current_user: current_user)
|
2015-08-07 00:20:02 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def add_developer(user, current_user = nil)
|
2016-09-16 11:54:21 -04:00
|
|
|
add_user(user, :developer, current_user: current_user)
|
2015-08-07 00:20:02 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def add_master(user, current_user = nil)
|
2016-09-16 11:54:21 -04:00
|
|
|
add_user(user, :master, current_user: current_user)
|
2015-08-07 00:20:02 -04:00
|
|
|
end
|
|
|
|
|
2015-11-17 09:49:37 -05:00
|
|
|
def add_owner(user, current_user = nil)
|
2016-09-16 11:54:21 -04:00
|
|
|
add_user(user, :owner, current_user: current_user)
|
2015-11-17 09:49:37 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def has_owner?(user)
|
2016-12-13 13:59:39 -05:00
|
|
|
members_with_parents.owners.where(user_id: user).any?
|
2015-11-17 09:49:37 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def has_master?(user)
|
2016-12-13 13:59:39 -05:00
|
|
|
members_with_parents.masters.where(user_id: user).any?
|
2015-11-17 09:49:37 -05:00
|
|
|
end
|
|
|
|
|
2016-12-13 13:59:39 -05:00
|
|
|
# Check if user is a last owner of the group.
|
|
|
|
# Parent owners are ignored for nested groups.
|
2015-11-17 09:49:37 -05:00
|
|
|
def last_owner?(user)
|
2016-12-13 13:59:39 -05:00
|
|
|
owners.include?(user) && owners.size == 1
|
2015-11-17 09:49:37 -05:00
|
|
|
end
|
|
|
|
|
2014-01-27 16:34:05 -05:00
|
|
|
def avatar_type
|
|
|
|
unless self.avatar.image?
|
|
|
|
self.errors.add :avatar, "only images allowed"
|
|
|
|
end
|
|
|
|
end
|
2014-06-05 13:37:35 -04:00
|
|
|
|
2014-08-21 06:53:32 -04:00
|
|
|
def post_create_hook
|
2015-06-03 10:15:58 -04:00
|
|
|
Gitlab::AppLogger.info("Group \"#{name}\" was created")
|
|
|
|
|
2014-08-21 06:53:32 -04:00
|
|
|
system_hook_service.execute_hooks_for(self, :create)
|
|
|
|
end
|
|
|
|
|
|
|
|
def post_destroy_hook
|
2015-06-03 10:15:58 -04:00
|
|
|
Gitlab::AppLogger.info("Group \"#{name}\" was removed")
|
|
|
|
|
2014-08-21 06:53:32 -04:00
|
|
|
system_hook_service.execute_hooks_for(self, :destroy)
|
|
|
|
end
|
|
|
|
|
|
|
|
def system_hook_service
|
|
|
|
SystemHooksService.new
|
|
|
|
end
|
2016-10-11 08:25:17 -04:00
|
|
|
|
|
|
|
def refresh_members_authorized_projects
|
2017-02-07 08:55:42 -05:00
|
|
|
UserProjectAccessChangedService.new(user_ids_for_project_authorizations).
|
|
|
|
execute
|
|
|
|
end
|
|
|
|
|
|
|
|
def user_ids_for_project_authorizations
|
|
|
|
users_with_parents.pluck(:id)
|
2016-12-13 13:59:39 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def members_with_parents
|
2017-03-15 10:09:53 -04:00
|
|
|
GroupMember.non_request.where(source_id: ancestors.pluck(:id).push(id))
|
2016-12-13 13:59:39 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def users_with_parents
|
2016-12-28 17:29:33 -05:00
|
|
|
User.where(id: members_with_parents.select(:user_id))
|
2016-10-11 08:25:17 -04:00
|
|
|
end
|
2017-03-01 14:34:29 -05:00
|
|
|
|
|
|
|
def mattermost_team_params
|
|
|
|
max_length = 59
|
|
|
|
|
|
|
|
{
|
|
|
|
name: path[0..max_length],
|
|
|
|
display_name: name[0..max_length],
|
|
|
|
type: public? ? 'O' : 'I' # Open vs Invite-only
|
|
|
|
}
|
|
|
|
end
|
2017-01-24 16:09:58 -05:00
|
|
|
|
|
|
|
protected
|
|
|
|
|
|
|
|
def update_two_factor_requirement
|
|
|
|
return unless require_two_factor_authentication_changed? || two_factor_grace_period_changed?
|
|
|
|
|
|
|
|
users.find_each(&:update_two_factor_requirement)
|
|
|
|
end
|
2012-10-02 11:17:12 -04:00
|
|
|
end
|