gitlab-org--gitlab-foss/lib/api/helpers/members_helpers.rb

# frozen_string_literal: true

# rubocop:disable GitlabSecurity/PublicSend

module API
  module Helpers
    module MembersHelpers
      def find_source(source_type, id)
        public_send("find_#{source_type}!", id) # rubocop:disable GitlabSecurity/PublicSend
      end

      def authorize_admin_source!(source_type, source)
        authorize! :"admin_#{source_type}", source
      end

      def find_all_members(source_type, source)
        members = source_type == 'project' ? find_all_members_for_project(source) : find_all_members_for_group(source)
        members.non_invite
          .non_request
      end

      # rubocop: disable CodeReuse/ActiveRecord
      def find_all_members_for_project(project)
        shared_group_ids = project.project_group_links.pluck(:group_id)
        project_group_ids = project.group&.self_and_ancestors&.pluck(:id)
        source_ids = [project.id, project_group_ids, shared_group_ids]
          .flatten
          .compact
        Member.includes(:user)
          .joins(user: :project_authorizations)
          .where(project_authorizations: { project_id: project.id })
          .where(source_id: source_ids)
      end
      # rubocop: enable CodeReuse/ActiveRecord

      # rubocop: disable CodeReuse/ActiveRecord
      def find_all_members_for_group(group)
        source_ids = group.self_and_ancestors.pluck(:id)
        Member.includes(:user)
          .where(source_id: source_ids)
          .where(source_type: 'Namespace')
      end
      # rubocop: enable CodeReuse/ActiveRecord
    end
  end
end
Enable frozen string in lib/api and lib/backup Partially addresses #47424. Had to make changes to spec files because stubbing methods on frozen objects is a mess in RSpec and leads to failures: https://github.com/rspec/rspec-mocks/issues/1190 2018-09-29 18:34:47 -04:00			`# frozen_string_literal: true`

Re-enable SqlInjection and CommandInjection 2017-08-03 22:20:34 -04:00			`# rubocop:disable GitlabSecurity/PublicSend`

New AccessRequests API endpoints for Group & Project Also, mutualize AccessRequests and Members endpoints for Group & Project. New API documentation for the AccessRequests endpoints. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-23 11:14:31 -04:00			`module API`
			`module Helpers`
			`module MembersHelpers`
			`def find_source(source_type, id)`
Re-enable SqlInjection and CommandInjection 2017-08-03 22:20:34 -04:00			`public_send("find_#{source_type}!", id) # rubocop:disable GitlabSecurity/PublicSend`
New AccessRequests API endpoints for Group & Project Also, mutualize AccessRequests and Members endpoints for Group & Project. New API documentation for the AccessRequests endpoints. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-23 11:14:31 -04:00			`end`

			`def authorize_admin_source!(source_type, source)`
			`authorize! :"admin_#{source_type}", source`
			`end`
Resolve "API endpoint that returns all members, including the inherited membership through ancestor group" 2018-07-25 17:45:42 -04:00
			`def find_all_members(source_type, source)`
			`members = source_type == 'project' ? find_all_members_for_project(source) : find_all_members_for_group(source)`
			`members.non_invite`
			`.non_request`
			`end`

Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 11:31:01 -04:00			`# rubocop: disable CodeReuse/ActiveRecord`
Resolve "API endpoint that returns all members, including the inherited membership through ancestor group" 2018-07-25 17:45:42 -04:00			`def find_all_members_for_project(project)`
			`shared_group_ids = project.project_group_links.pluck(:group_id)`
			`project_group_ids = project.group&.self_and_ancestors&.pluck(:id)`
			`source_ids = [project.id, project_group_ids, shared_group_ids]`
			`.flatten`
			`.compact`
			`Member.includes(:user)`
			`.joins(user: :project_authorizations)`
			`.where(project_authorizations: { project_id: project.id })`
			`.where(source_id: source_ids)`
			`end`
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 11:31:01 -04:00			`# rubocop: enable CodeReuse/ActiveRecord`
Resolve "API endpoint that returns all members, including the inherited membership through ancestor group" 2018-07-25 17:45:42 -04:00
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 11:31:01 -04:00			`# rubocop: disable CodeReuse/ActiveRecord`
Resolve "API endpoint that returns all members, including the inherited membership through ancestor group" 2018-07-25 17:45:42 -04:00			`def find_all_members_for_group(group)`
			`source_ids = group.self_and_ancestors.pluck(:id)`
			`Member.includes(:user)`
			`.where(source_id: source_ids)`
			`.where(source_type: 'Namespace')`
			`end`
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 11:31:01 -04:00			`# rubocop: enable CodeReuse/ActiveRecord`
New AccessRequests API endpoints for Group & Project Also, mutualize AccessRequests and Members endpoints for Group & Project. New API documentation for the AccessRequests endpoints. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-23 11:14:31 -04:00			`end`
			`end`
			`end`