gitlab-org--gitlab-foss/app/services/groups/update_service.rb

# frozen_string_literal: true

module Groups
  class UpdateService < Groups::BaseService
    include UpdateVisibilityLevel

    def execute
      reject_parent_id!
      remove_unallowed_params

      if renaming_group_with_container_registry_images?
        group.errors.add(:base, container_images_error)
        return false
      end

      return false unless valid_visibility_level_change?(group, params[:visibility_level])

      return false unless valid_share_with_group_lock_change?

      before_assignment_hook(group, params)

      group.assign_attributes(params)

      begin
        success = group.save

        after_update if success

        success
      rescue Gitlab::UpdatePathError => e
        group.errors.add(:base, e.message)

        false
      end
    end

    private

    def before_assignment_hook(group, params)
      # overridden in EE
    end

    def renaming_group_with_container_registry_images?
      new_path = params[:path]

      new_path &&
        new_path != group.path &&
        group.has_container_repository_including_subgroups?
    end

    def container_images_error
      s_("GroupSettings|Cannot update the path because there are projects under this group that contain Docker images in their Container Registry. Please remove the images from your projects first and try again.")
    end

    def after_update
      if group.previous_changes.include?(:visibility_level) && group.private?
        # don't enqueue immediately to prevent todos removal in case of a mistake
        TodosDestroyer::GroupPrivateWorker.perform_in(Todo::WAIT_FOR_DELETE, group.id)
      end
    end

    def reject_parent_id!
      params.delete(:parent_id)
    end

    # overridden in EE
    def remove_unallowed_params
      params.delete(:emails_disabled) unless can?(current_user, :set_emails_disabled, group)
    end

    def valid_share_with_group_lock_change?
      return true unless changing_share_with_group_lock?
      return true if can?(current_user, :change_share_with_group_lock, group)

      group.errors.add(:share_with_group_lock, s_('GroupSettings|cannot be disabled when the parent group "Share with group lock" is enabled, except by the owner of the parent group'))
      false
    end

    def changing_share_with_group_lock?
      return false if params[:share_with_group_lock].nil?

      params[:share_with_group_lock] != group.share_with_group_lock
    end
  end
end

Groups::UpdateService.prepend_if_ee('EE::Groups::UpdateService')
Enable frozen string in apps/services/*/.rb For directories application_settings --> labels. Partially addresses #47424. 2018-07-16 12:31:01 -04:00			`# frozen_string_literal: true`

Prevent projects to have higher visibility than groups Prevent Groups to have smaller visibility than projects Add default_group_visibility_level to configuration Code improvements 2016-03-08 19:01:33 -05:00			`module Groups`
			`class UpdateService < Groups::BaseService`
Dry up method for code climate 2017-09-02 02:59:24 -04:00			`include UpdateVisibilityLevel`

Prevent projects to have higher visibility than groups Prevent Groups to have smaller visibility than projects Add default_group_visibility_level to configuration Code improvements 2016-03-08 19:01:33 -05:00			`def execute`
Merge branch 'jej-group-name-disclosure' into 'security' Prevent private group disclosure via parent_id See merge request !2077 2017-03-28 07:09:44 -04:00			`reject_parent_id!`
Backport some changes from EE MR: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/9815 2019-04-02 11:55:34 -04:00			`remove_unallowed_params`
Merge branch 'jej-group-name-disclosure' into 'security' Prevent private group disclosure via parent_id See merge request !2077 2017-03-28 07:09:44 -04:00
Add latest changes from gitlab-org/gitlab@master 2019-10-16 05:07:51 -04:00			`if renaming_group_with_container_registry_images?`
			`group.errors.add(:base, container_images_error)`
			`return false`
			`end`

Refactor based on code review 2017-09-05 20:10:30 -04:00			`return false unless valid_visibility_level_change?(group, params[:visibility_level])`
Prevent projects to have higher visibility than groups Prevent Groups to have smaller visibility than projects Add default_group_visibility_level to configuration Code improvements 2016-03-08 19:01:33 -05:00
Enforce share_with_group_lock rules …in Groups::UpdateService instead of only in the browser. 2017-09-01 21:00:46 -04:00			`return false unless valid_share_with_group_lock_change?`

Reduce diff with EE in Groups::UpdateService Signed-off-by: Rémy Coutable <remy@rymai.me> 2019-02-04 12:42:53 -05:00			`before_assignment_hook(group, params)`

Tweaks, refactoring, and specs 2016-03-20 16:03:53 -04:00			`group.assign_attributes(params)`
Prevent projects to have higher visibility than groups Prevent Groups to have smaller visibility than projects Add default_group_visibility_level to configuration Code improvements 2016-03-08 19:01:33 -05:00
Fix error 500 renaming group. Also added specs and changelog. 2016-12-20 11:52:27 -05:00			`begin`
Fix Groups::UpdateService#execute not returning correct error code This was causing problems in EE, where audit events were being generated even if the project failed to save. 2018-10-18 04:43:49 -04:00			`success = group.save`
Remove group todos when a users looses access 2018-08-02 10:16:58 -04:00
Fix Groups::UpdateService#execute not returning correct error code This was causing problems in EE, where audit events were being generated even if the project failed to save. 2018-10-18 04:43:49 -04:00			`after_update if success`

			`success`
Fix error 500 renaming group. Also added specs and changelog. 2016-12-20 11:52:27 -05:00			`rescue Gitlab::UpdatePathError => e`
			`group.errors.add(:base, e.message)`

			`false`
			`end`
Prevent projects to have higher visibility than groups Prevent Groups to have smaller visibility than projects Add default_group_visibility_level to configuration Code improvements 2016-03-08 19:01:33 -05:00			`end`
Merge branch 'jej-group-name-disclosure' into 'security' Prevent private group disclosure via parent_id See merge request !2077 2017-03-28 07:09:44 -04:00
			`private`

Reduce diff with EE in Groups::UpdateService Signed-off-by: Rémy Coutable <remy@rymai.me> 2019-02-04 12:42:53 -05:00			`def before_assignment_hook(group, params)`
Merge branch 'fix-misspellings-app-comments' into 'master' Fix misspellings in app/spec comments See merge request gitlab-org/gitlab-ce!25517 2019-02-25 05:42:31 -05:00			`# overridden in EE`
Reduce diff with EE in Groups::UpdateService Signed-off-by: Rémy Coutable <remy@rymai.me> 2019-02-04 12:42:53 -05:00			`end`

Add latest changes from gitlab-org/gitlab@master 2019-10-16 05:07:51 -04:00			`def renaming_group_with_container_registry_images?`
			`new_path = params[:path]`

Add latest changes from gitlab-org/gitlab@master 2019-11-08 04:06:07 -05:00			`new_path &&`
			`new_path != group.path &&`
			`group.has_container_repository_including_subgroups?`
Add latest changes from gitlab-org/gitlab@master 2019-10-16 05:07:51 -04:00			`end`

			`def container_images_error`
			`s_("GroupSettings\|Cannot update the path because there are projects under this group that contain Docker images in their Container Registry. Please remove the images from your projects first and try again.")`
			`end`

Remove group todos when a users looses access 2018-08-02 10:16:58 -04:00			`def after_update`
			`if group.previous_changes.include?(:visibility_level) && group.private?`
			`# don't enqueue immediately to prevent todos removal in case of a mistake`
Delete confidential issue todos for guests Fix leaking information of confidential issues on TODOs when user is downgraded to guest access. 2018-12-11 13:15:10 -05:00			`TodosDestroyer::GroupPrivateWorker.perform_in(Todo::WAIT_FOR_DELETE, group.id)`
Remove group todos when a users looses access 2018-08-02 10:16:58 -04:00			`end`
			`end`

Merge branch 'jej-group-name-disclosure' into 'security' Prevent private group disclosure via parent_id See merge request !2077 2017-03-28 07:09:44 -04:00			`def reject_parent_id!`
Change deprecated `except!` usages These can just be `delete` calls, with the caveat that it only takes one argument. 2018-12-14 17:58:57 -05:00			`params.delete(:parent_id)`
Merge branch 'jej-group-name-disclosure' into 'security' Prevent private group disclosure via parent_id See merge request !2077 2017-03-28 07:09:44 -04:00			`end`
Enforce share_with_group_lock rules …in Groups::UpdateService instead of only in the browser. 2017-09-01 21:00:46 -04:00
Allow disabling group/project email notifications - Adds UI to configure in group and project settings - Removes notification configuration for users when disabled at group or project level 2019-08-15 13:37:36 -04:00			`# overridden in EE`
			`def remove_unallowed_params`
			`params.delete(:emails_disabled) unless can?(current_user, :set_emails_disabled, group)`
			`end`

Enforce share_with_group_lock rules …in Groups::UpdateService instead of only in the browser. 2017-09-01 21:00:46 -04:00			`def valid_share_with_group_lock_change?`
			`return true unless changing_share_with_group_lock?`
			`return true if can?(current_user, :change_share_with_group_lock, group)`

Refer to “Share with group lock” consistently 2017-09-06 14:31:45 -04:00			`group.errors.add(:share_with_group_lock, s_('GroupSettings\|cannot be disabled when the parent group "Share with group lock" is enabled, except by the owner of the parent group'))`
Enforce share_with_group_lock rules …in Groups::UpdateService instead of only in the browser. 2017-09-01 21:00:46 -04:00			`false`
			`end`

			`def changing_share_with_group_lock?`
			`return false if params[:share_with_group_lock].nil?`

			`params[:share_with_group_lock] != group.share_with_group_lock`
			`end`
Prevent projects to have higher visibility than groups Prevent Groups to have smaller visibility than projects Add default_group_visibility_level to configuration Code improvements 2016-03-08 19:01:33 -05:00			`end`
			`end`
Add latest changes from gitlab-org/gitlab@master 2019-09-13 09:26:31 -04:00
			`Groups::UpdateService.prepend_if_ee('EE::Groups::UpdateService')`