gitlab-org--gitlab-foss/app/models/project_team.rb

class ProjectTeam
  attr_accessor :project

  def initialize(project)
    @project = project
  end

  # Shortcut to add users
  #
  # Use:
  #   @team << [@user, :master]
  #   @team << [@users, :master]
  #
  def <<(args)
    users, access, current_user = *args

    if users.respond_to?(:each)
      add_users(users, access, current_user: current_user)
    else
      add_user(users, access, current_user: current_user)
    end
  end

  def add_guest(user, current_user: nil)
    self << [user, :guest, current_user]
  end

  def add_reporter(user, current_user: nil)
    self << [user, :reporter, current_user]
  end

  def add_developer(user, current_user: nil)
    self << [user, :developer, current_user]
  end

  def add_master(user, current_user: nil)
    self << [user, :master, current_user]
  end

  def find_member(user_id)
    member = project.members.find_by(user_id: user_id)

    # If user is not in project members
    # we should check for group membership
    if group && !member
      member = group.members.find_by(user_id: user_id)
    end

    member
  end

  def add_users(users, access_level, current_user: nil, expires_at: nil)
    ProjectMember.add_users_to_projects(
      [project.id],
      users,
      access_level,
      current_user: current_user,
      expires_at: expires_at
    )
  end

  def add_user(user, access_level, current_user: nil, expires_at: nil)
    ProjectMember.add_user(
      project,
      user,
      access_level,
      current_user: current_user,
      expires_at: expires_at
    )
  end

  # Remove all users from project team
  def truncate
    ProjectMember.truncate_team(project)
  end

  def members
    @members ||= fetch_members
  end
  alias_method :users, :members

  def guests
    @guests ||= fetch_members(Gitlab::Access::GUEST)
  end

  def reporters
    @reporters ||= fetch_members(Gitlab::Access::REPORTER)
  end

  def developers
    @developers ||= fetch_members(Gitlab::Access::DEVELOPER)
  end

  def masters
    @masters ||= fetch_members(Gitlab::Access::MASTER)
  end

  def import(source_project, current_user = nil)
    target_project = project

    source_members = source_project.project_members.to_a
    target_user_ids = target_project.project_members.pluck(:user_id)

    source_members.reject! do |member|
      # Skip if user already present in team
      !member.invite? && target_user_ids.include?(member.user_id)
    end

    source_members.map! do |member|
      new_member = member.dup
      new_member.id = nil
      new_member.source = target_project
      new_member.created_by = current_user
      new_member
    end

    ProjectMember.transaction do
      source_members.each do |member|
        member.save
      end
    end

    true
  rescue
    false
  end

  def guest?(user)
    max_member_access(user.id) == Gitlab::Access::GUEST
  end

  def reporter?(user)
    max_member_access(user.id) == Gitlab::Access::REPORTER
  end

  def developer?(user)
    max_member_access(user.id) == Gitlab::Access::DEVELOPER
  end

  def master?(user)
    max_member_access(user.id) == Gitlab::Access::MASTER
  end

  # Checks if `user` is authorized for this project, with at least the
  # `min_access_level` (if given).
  def member?(user, min_access_level = Gitlab::Access::GUEST)
    return false unless user

    user.authorized_project?(project, min_access_level)
  end

  def human_max_access(user_id)
    Gitlab::Access.options_with_owner.key(max_member_access(user_id))
  end

  # Determine the maximum access level for a group of users in bulk.
  #
  # Returns a Hash mapping user ID -> maximum access level.
  def max_member_access_for_user_ids(user_ids)
    user_ids = user_ids.uniq
    key = "max_member_access:#{project.id}"

    access = {}

    if RequestStore.active?
      RequestStore.store[key] ||= {}
      access = RequestStore.store[key]
    end

    # Lookup only the IDs we need
    user_ids = user_ids - access.keys
    users_access = project.project_authorizations.
      where(user: user_ids).
      group(:user_id).
      maximum(:access_level)

    access.merge!(users_access)
    access
  end

  def max_member_access(user_id)
    max_member_access_for_user_ids([user_id])[user_id] || Gitlab::Access::NO_ACCESS
  end

  private

  def fetch_members(level = nil)
    members = project.authorized_users
    members = members.where(project_authorizations: { access_level: level }) if level

    members
  end

  def group
    project.group
  end
end
Rename Team class to ProjectTeam 2013-01-19 13:52:55 -05:00			`class ProjectTeam`
REpostiry, Team models 2013-01-03 14:09:18 -05:00			`attr_accessor :project`

			`def initialize(project)`
			`@project = project`
Continue refactoring. Use repostory and team 2013-01-04 01:43:25 -05:00			`end`

			`# Shortcut to add users`
			`#`
			`# Use:`
			`# @team << [@user, :master]`
			`# @team << [@users, :master]`
			`#`
Add parenthesis to function def with arguments. 2014-09-25 18:07:40 -04:00			`def <<(args)`
Track who created a group or project member. 2015-04-10 08:46:09 -04:00			`users, access, current_user = *args`
Continue refactoring. Use repostory and team 2013-01-04 01:43:25 -05:00
			`if users.respond_to?(:each)`
Replace optional parameters with keyword arguments. 2016-08-02 14:37:22 -04:00			`add_users(users, access, current_user: current_user)`
Continue refactoring. Use repostory and team 2013-01-04 01:43:25 -05:00			`else`
Add expiration date to group memberships 2016-08-18 12:01:50 -04:00			`add_user(users, access, current_user: current_user)`
Continue refactoring. Use repostory and team 2013-01-04 01:43:25 -05:00			`end`
REpostiry, Team models 2013-01-03 14:09:18 -05:00			`end`

Add shortcuts for adding users to a project team with a specific role This also updates _some_ specs to use these new methods, just to serve as an example for others going forward, but by no means is this exhaustive. Original implementations at !5992 and !6012. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/20944 2016-11-18 07:52:39 -05:00			`def add_guest(user, current_user: nil)`
			`self << [user, :guest, current_user]`
			`end`

			`def add_reporter(user, current_user: nil)`
			`self << [user, :reporter, current_user]`
			`end`

			`def add_developer(user, current_user: nil)`
			`self << [user, :developer, current_user]`
			`end`

			`def add_master(user, current_user: nil)`
			`self << [user, :master, current_user]`
			`end`

Use `member` instead of `tm`. 2015-03-13 11:23:45 -04:00			`def find_member(user_id)`
Exclude requesters from Project#members, Group#members and User#members And create new Project#requesters, Group#requesters scopes. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-27 10:20:57 -04:00			`member = project.members.find_by(user_id: user_id)`
Improve admin user show page Show permissions for all project. Add ability to remove user from group if not an owner Remove unnecessary admin controller 2013-08-27 14:35:41 -04:00
			`# If user is not in project members`
			`# we should check for group membership`
Use `member` instead of `tm`. 2015-03-13 11:23:45 -04:00			`if group && !member`
Exclude requesters from Project#members, Group#members and User#members And create new Project#requesters, Group#requesters scopes. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-27 10:20:57 -04:00			`member = group.members.find_by(user_id: user_id)`
Improve admin user show page Show permissions for all project. Add ability to remove user from group if not an owner Remove unnecessary admin controller 2013-08-27 14:35:41 -04:00			`end`

Use `member` instead of `tm`. 2015-03-13 11:23:45 -04:00			`member`
Fix routing. Finalize user show page 2013-01-22 12:45:13 -05:00			`end`

Allow Member.add_user to handle access requesters Changes include: - Ensure Member.add_user is not called directly when not necessary - New GroupMember.add_users_to_group to have the same abstraction level as for Project - Refactor Member.add_user to take a source instead of an array of members - Fix Rubocop offenses - Always use Project#add_user instead of project.team.add_user - Factorize users addition as members in Member.add_users_to_source - Make access_level a keyword argument in GroupMember.add_users_to_group and ProjectMember.add_users_to_projects - Destroy any requester before adding them as a member - Improve the way we handle access requesters in Member.add_user Instead of removing the requester and creating a new member, we now simply accepts their access request. This way, they will receive a "access request granted" email. - Fix error that was previously silently ignored - Stop raising when access level is invalid in Member, let Rails validation do their work Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-09-16 11:54:21 -04:00			`def add_users(users, access_level, current_user: nil, expires_at: nil)`
Fix Rename `add_users_into_project` and `projects_ids` We never add things `into` projects, we just add them `to` projects. So how about we rename this to `add_users_to_project`. Rename `projects_ids` to `project_ids` by following the convention of rails. 2016-08-04 00:35:17 -04:00			`ProjectMember.add_users_to_projects(`
REpostiry, Team models 2013-01-03 14:09:18 -05:00			`[project.id],`
Track who created a group or project member. 2015-04-10 08:46:09 -04:00			`users,`
Allow Member.add_user to handle access requesters Changes include: - Ensure Member.add_user is not called directly when not necessary - New GroupMember.add_users_to_group to have the same abstraction level as for Project - Refactor Member.add_user to take a source instead of an array of members - Fix Rubocop offenses - Always use Project#add_user instead of project.team.add_user - Factorize users addition as members in Member.add_users_to_source - Make access_level a keyword argument in GroupMember.add_users_to_group and ProjectMember.add_users_to_projects - Destroy any requester before adding them as a member - Improve the way we handle access requesters in Member.add_user Instead of removing the requester and creating a new member, we now simply accepts their access request. This way, they will receive a "access request granted" email. - Fix error that was previously silently ignored - Stop raising when access level is invalid in Member, let Rails validation do their work Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-09-16 11:54:21 -04:00			`access_level,`
Replace optional parameters with keyword arguments. 2016-08-02 14:37:22 -04:00			`current_user: current_user,`
			`expires_at: expires_at`
REpostiry, Team models 2013-01-03 14:09:18 -05:00			`)`
			`end`

Allow Member.add_user to handle access requesters Changes include: - Ensure Member.add_user is not called directly when not necessary - New GroupMember.add_users_to_group to have the same abstraction level as for Project - Refactor Member.add_user to take a source instead of an array of members - Fix Rubocop offenses - Always use Project#add_user instead of project.team.add_user - Factorize users addition as members in Member.add_users_to_source - Make access_level a keyword argument in GroupMember.add_users_to_group and ProjectMember.add_users_to_projects - Destroy any requester before adding them as a member - Improve the way we handle access requesters in Member.add_user Instead of removing the requester and creating a new member, we now simply accepts their access request. This way, they will receive a "access request granted" email. - Fix error that was previously silently ignored - Stop raising when access level is invalid in Member, let Rails validation do their work Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-09-16 11:54:21 -04:00			`def add_user(user, access_level, current_user: nil, expires_at: nil)`
			`ProjectMember.add_user(`
			`project,`
			`user,`
			`access_level,`
			`current_user: current_user,`
			`expires_at: expires_at`
			`)`
Track who created a group or project member. 2015-04-10 08:46:09 -04:00			`end`

REpostiry, Team models 2013-01-03 14:09:18 -05:00			`# Remove all users from project team`
			`def truncate`
Huge replace of old users_project and users_group references Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-09-14 12:32:51 -04:00			`ProjectMember.truncate_team(project)`
REpostiry, Team models 2013-01-03 14:09:18 -05:00			`end`

			`def members`
cache project.team.members 2013-06-22 05:57:05 -04:00			`@members \|\|= fetch_members`
REpostiry, Team models 2013-01-03 14:09:18 -05:00			`end`
Add request access for groups Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-04-18 12:53:32 -04:00			`alias_method :users, :members`
REpostiry, Team models 2013-01-03 14:09:18 -05:00
			`def guests`
Update ProjectTeam#fetch_members to use project authorizations 2016-11-21 09:26:12 -05:00			`@guests \|\|= fetch_members(Gitlab::Access::GUEST)`
REpostiry, Team models 2013-01-03 14:09:18 -05:00			`end`

			`def reporters`
Update ProjectTeam#fetch_members to use project authorizations 2016-11-21 09:26:12 -05:00			`@reporters \|\|= fetch_members(Gitlab::Access::REPORTER)`
REpostiry, Team models 2013-01-03 14:09:18 -05:00			`end`

			`def developers`
Update ProjectTeam#fetch_members to use project authorizations 2016-11-21 09:26:12 -05:00			`@developers \|\|= fetch_members(Gitlab::Access::DEVELOPER)`
REpostiry, Team models 2013-01-03 14:09:18 -05:00			`end`

			`def masters`
Update ProjectTeam#fetch_members to use project authorizations 2016-11-21 09:26:12 -05:00			`@masters \|\|= fetch_members(Gitlab::Access::MASTER)`
REpostiry, Team models 2013-01-03 14:09:18 -05:00			`end`
Continue refactoring. Use repostory and team 2013-01-04 01:43:25 -05:00
Track who created a group or project member. 2015-04-10 08:46:09 -04:00			`def import(source_project, current_user = nil)`
Continue refactoring. Use repostory and team 2013-01-04 01:43:25 -05:00			`target_project = project`

Use `member` instead of `tm`. 2015-03-13 11:23:45 -04:00			`source_members = source_project.project_members.to_a`
Huge replace of old users_project and users_group references Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-09-14 12:32:51 -04:00			`target_user_ids = target_project.project_members.pluck(:user_id)`
Continue refactoring. Use repostory and team 2013-01-04 01:43:25 -05:00
Use `member` instead of `tm`. 2015-03-13 11:23:45 -04:00			`source_members.reject! do \|member\|`
Continue refactoring. Use repostory and team 2013-01-04 01:43:25 -05:00			`# Skip if user already present in team`
Correctly import invited members. 2015-04-10 09:26:53 -04:00			`!member.invite? && target_user_ids.include?(member.user_id)`
Continue refactoring. Use repostory and team 2013-01-04 01:43:25 -05:00			`end`

Use `member` instead of `tm`. 2015-03-13 11:23:45 -04:00			`source_members.map! do \|member\|`
			`new_member = member.dup`
			`new_member.id = nil`
			`new_member.source = target_project`
Track who created a group or project member. 2015-04-10 08:46:09 -04:00			`new_member.created_by = current_user`
Use `member` instead of `tm`. 2015-03-13 11:23:45 -04:00			`new_member`
Continue refactoring. Use repostory and team 2013-01-04 01:43:25 -05:00			`end`

Huge replace of old users_project and users_group references Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-09-14 12:32:51 -04:00			`ProjectMember.transaction do`
Use `member` instead of `tm`. 2015-03-13 11:23:45 -04:00			`source_members.each do \|member\|`
			`member.save`
Continue refactoring. Use repostory and team 2013-01-04 01:43:25 -05:00			`end`
			`end`

			`true`
			`rescue`
			`false`
			`end`
Add UsersGroup relation to be respected by abilities and Project#team 2013-06-17 07:17:32 -04:00
Improve performance of application for large teams This commit fixes a lot of sql queries to db for for groups and projects with big amount of members. Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-04 04:52:17 -04:00			`def guest?(user)`
Use `member` instead of `tm`. 2015-03-13 11:23:45 -04:00			`max_member_access(user.id) == Gitlab::Access::GUEST`
Improve performance of application for large teams This commit fixes a lot of sql queries to db for for groups and projects with big amount of members. Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-04 04:52:17 -04:00			`end`

			`def reporter?(user)`
Use `member` instead of `tm`. 2015-03-13 11:23:45 -04:00			`max_member_access(user.id) == Gitlab::Access::REPORTER`
Improve performance of application for large teams This commit fixes a lot of sql queries to db for for groups and projects with big amount of members. Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-04 04:52:17 -04:00			`end`

			`def developer?(user)`
Use `member` instead of `tm`. 2015-03-13 11:23:45 -04:00			`max_member_access(user.id) == Gitlab::Access::DEVELOPER`
Improve performance of application for large teams This commit fixes a lot of sql queries to db for for groups and projects with big amount of members. Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-04 04:52:17 -04:00			`end`

			`def master?(user)`
Use `member` instead of `tm`. 2015-03-13 11:23:45 -04:00			`max_member_access(user.id) == Gitlab::Access::MASTER`
Fix permission issue with highest access level for group If user was a member of both group and project and group access level was higher it was not respected and user got lowest project access level. Now it is fixed and user get highest access level Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-20 05:54:03 -04:00			`end`

Drop Project#authorized_for_user? in favor of ProjectTeam#member? Closes #23938 2016-11-18 12:15:47 -05:00			# Checks if `user` is authorized for this project, with at least the
			# `min_access_level` (if given).
			`def member?(user, min_access_level = Gitlab::Access::GUEST)`
			`return false unless user`

			`user.authorized_project?(project, min_access_level)`
Snippets: public/internal/private 2014-10-08 09:44:25 -04:00			`end`

UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 12:05:06 -04:00			`def human_max_access(user_id)`
			`Gitlab::Access.options_with_owner.key(max_member_access(user_id))`
			`end`

Optimize maximum user access level lookup in loading of notes NotesHelper#note_editable? and ProjectTeam#human_max_access currently take about 16% of the load time of an issue page. This MR preloads the maximum access level of users for all notes in issues and merge requests with several queries instead of one per user and caches the result in RequestStore. 2016-07-20 00:52:31 -04:00			`# Determine the maximum access level for a group of users in bulk.`
			`#`
Fix typo in comment 2016-07-26 20:07:51 -04:00			`# Returns a Hash mapping user ID -> maximum access level.`
Optimize maximum user access level lookup in loading of notes NotesHelper#note_editable? and ProjectTeam#human_max_access currently take about 16% of the load time of an issue page. This MR preloads the maximum access level of users for all notes in issues and merge requests with several queries instead of one per user and caches the result in RequestStore. 2016-07-20 00:52:31 -04:00			`def max_member_access_for_user_ids(user_ids)`
			`user_ids = user_ids.uniq`
			`key = "max_member_access:#{project.id}"`
Only use RequestStore in ProjectTeam#max_member_access_for_user if it is active 2016-08-01 16:11:45 -04:00
			`access = {}`

			`if RequestStore.active?`
			`RequestStore.store[key] \|\|= {}`
			`access = RequestStore.store[key]`
			`end`
Improve ProjectTeam#max_member_access performance By comparing objects in Ruby we can greatly improve the performance of this method. In the worst case (should no data be eager loaded) this will run the same amount of queries as before, in the best case (when data _is_ eager loadeD) it requires no queries at all. The added benchmark used to produce around 273 iterations per second. With this commit this has been increased to almost 40 000 iterations per second: a speedup of roughly 145 times. Combined with eager loading Note associations this results in about 30 queries less when viewing a single issue, this in turn cuts down the loading time by 30-40%. 2015-10-14 08:54:04 -04:00
Optimize maximum user access level lookup in loading of notes NotesHelper#note_editable? and ProjectTeam#human_max_access currently take about 16% of the load time of an issue page. This MR preloads the maximum access level of users for all notes in issues and merge requests with several queries instead of one per user and caches the result in RequestStore. 2016-07-20 00:52:31 -04:00			`# Lookup only the IDs we need`
			`user_ids = user_ids - access.keys`
Update ProjectTeam#max_member_access_for_user_ids to use project authorizations 2016-11-21 08:36:40 -05:00			`users_access = project.project_authorizations.`
			`where(user: user_ids).`
			`group(:user_id).`
			`maximum(:access_level)`
Fix permission issue with highest access level for group If user was a member of both group and project and group access level was higher it was not respected and user got lowest project access level. Now it is fixed and user get highest access level Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-20 05:54:03 -04:00
Update ProjectTeam#max_member_access_for_user_ids to use project authorizations 2016-11-21 08:36:40 -05:00			`access.merge!(users_access)`
Optimize maximum user access level lookup in loading of notes NotesHelper#note_editable? and ProjectTeam#human_max_access currently take about 16% of the load time of an issue page. This MR preloads the maximum access level of users for all notes in issues and merge requests with several queries instead of one per user and caches the result in RequestStore. 2016-07-20 00:52:31 -04:00			`access`
			`end`

			`def max_member_access(user_id)`
Update ProjectTeam#max_member_access_for_user_ids to use project authorizations 2016-11-21 08:36:40 -05:00			`max_member_access_for_user_ids([user_id])[user_id] \|\| Gitlab::Access::NO_ACCESS`
Allow users to access project shared with their group Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-03-11 12:46:01 -05:00			`end`

Add request access for groups Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-04-18 12:53:32 -04:00			`private`
Allow users to access project shared with their group Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-03-11 12:46:01 -05:00
Add UsersGroup relation to be respected by abilities and Project#team 2013-06-17 07:17:32 -04:00			`def fetch_members(level = nil)`
Update ProjectTeam#fetch_members to use project authorizations 2016-11-21 09:26:12 -05:00			`members = project.authorized_users`
			`members = members.where(project_authorizations: { access_level: level }) if level`
Add UsersGroup relation to be respected by abilities and Project#team 2013-06-17 07:17:32 -04:00
Update ProjectTeam#fetch_members to use project authorizations 2016-11-21 09:26:12 -05:00			`members`
Add UsersGroup relation to be respected by abilities and Project#team 2013-06-17 07:17:32 -04:00			`end`
Project Team now supports a non-group projects 2013-06-17 08:38:19 -04:00
			`def group`
			`project.group`
			`end`
REpostiry, Team models 2013-01-03 14:09:18 -05:00			`end`