gitlab-org--gitlab-foss/app/controllers/concerns/membership_actions.rb

module MembershipActions
  include MembersPresentation
  extend ActiveSupport::Concern

  def create
    create_params = params.permit(:user_ids, :access_level, :expires_at)
    result = Members::CreateService.new(current_user, create_params).execute(membershipable)

    if result[:status] == :success
      redirect_to members_page_url, notice: 'Users were successfully added.'
    else
      redirect_to members_page_url, alert: result[:message]
    end
  end

  def update
    update_params = params.require(root_params_key).permit(:access_level, :expires_at)
    member = membershipable.members_and_requesters.find(params[:id])
    member = Members::UpdateService
      .new(current_user, update_params)
      .execute(member)
      .present(current_user: current_user)

    present_members([member])
    respond_to do |format|
      format.js { render 'shared/members/update', locals: { member: member } }
    end
  end

  def destroy
    member = membershipable.members_and_requesters.find(params[:id])
    Members::DestroyService.new(current_user).execute(member)

    respond_to do |format|
      format.html do
        message = "User was successfully removed from #{source_type}."
        redirect_to members_page_url, notice: message
      end

      format.js { head :ok }
    end
  end

  def request_access
    membershipable.request_access(current_user)

    redirect_to polymorphic_path(membershipable),
                notice: 'Your request for access has been queued for review.'
  end

  def approve_access_request
    access_requester = membershipable.requesters.find(params[:id])
    Members::ApproveAccessRequestService
      .new(current_user, params)
      .execute(access_requester)

    redirect_to members_page_url
  end

  # rubocop: disable CodeReuse/ActiveRecord
  def leave
    member = membershipable.members_and_requesters.find_by!(user_id: current_user.id)
    Members::DestroyService.new(current_user).execute(member)

    notice =
      if member.request?
        "Your access request to the #{source_type} has been withdrawn."
      else
        "You left the \"#{membershipable.human_name}\" #{source_type}."
      end

    respond_to do |format|
      format.html do
        redirect_path = member.request? ? member.source : [:dashboard, membershipable.class.to_s.tableize]
        redirect_to redirect_path, notice: notice
      end

      format.json { render json: { notice: notice } }
    end
  end
  # rubocop: enable CodeReuse/ActiveRecord

  def resend_invite
    member = membershipable.members.find(params[:id])

    if member.invite?
      member.resend_invite

      redirect_to members_page_url, notice: 'The invitation was successfully resent.'
    else
      redirect_to members_page_url, alert: 'The invitation has already been accepted.'
    end
  end

  protected

  def membershipable
    raise NotImplementedError
  end

  def root_params_key
    case membershipable
    when Namespace
      :group_member
    when Project
      :project_member
    else
      raise "Unknown membershipable type: #{membershipable}!"
    end
  end

  def members_page_url
    case membershipable
    when Namespace
      polymorphic_url([membershipable, :members])
    when Project
      project_project_members_path(membershipable)
    else
      raise "Unknown membershipable type: #{membershipable}!"
    end
  end

  def source_type
    @source_type ||= membershipable.class.to_s.humanize(capitalize: false)
  end
end
UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 16:05:06 +00:00			`module MembershipActions`
Show the status of a user in interactions The status is shown for - The author of a commit when viewing a commit - Notes on a commit (regular/diff) - The user that triggered a pipeline when viewing a pipeline - The author of a merge request when viewing a merge request - The author of notes on a merge request (regular/diff) - The author of an issue when viewing an issue - The author of notes on an issue - The author of a snippet when viewing a snippet - The author of notes on a snippet - A user's profile page - The list of members of a group/user 2018-07-16 16:18:52 +00:00			`include MembersPresentation`
UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 16:05:06 +00:00			`extend ActiveSupport::Concern`

Refactor controller code that creates project/group members Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-04-17 11:45:14 +00:00			`def create`
Limit non-administrators to adding 100 members at a time to groups and projects 2017-06-06 14:55:12 +00:00			`create_params = params.permit(:user_ids, :access_level, :expires_at)`
Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 14:10:22 +00:00			`result = Members::CreateService.new(current_user, create_params).execute(membershipable)`
Refactor controller code that creates project/group members Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-04-17 11:45:14 +00:00
Limit non-administrators to adding 100 members at a time to groups and projects 2017-06-06 14:55:12 +00:00			`if result[:status] == :success`
Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 14:10:22 +00:00			`redirect_to members_page_url, notice: 'Users were successfully added.'`
Refactor controller code that creates project/group members Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-04-17 11:45:14 +00:00			`else`
Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 14:10:22 +00:00			`redirect_to members_page_url, alert: result[:message]`
Refactor controller code that creates project/group members Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-04-17 11:45:14 +00:00			`end`
			`end`

Move the #update action from Project/Member controllers to the MembershipActions concern Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 11:00:25 +00:00			`def update`
Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 14:10:22 +00:00			`update_params = params.require(root_params_key).permit(:access_level, :expires_at)`
Move the #update action from Project/Member controllers to the MembershipActions concern Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 11:00:25 +00:00			`member = membershipable.members_and_requesters.find(params[:id])`
Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 14:10:22 +00:00			`member = Members::UpdateService`
			`.new(current_user, update_params)`
Move the #update action from Project/Member controllers to the MembershipActions concern Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 11:00:25 +00:00			`.execute(member)`
			`.present(current_user: current_user)`

Show the status of a user in interactions The status is shown for - The author of a commit when viewing a commit - Notes on a commit (regular/diff) - The user that triggered a pipeline when viewing a pipeline - The author of a merge request when viewing a merge request - The author of notes on a merge request (regular/diff) - The author of an issue when viewing an issue - The author of notes on an issue - The author of a snippet when viewing a snippet - The author of notes on a snippet - A user's profile page - The list of members of a group/user 2018-07-16 16:18:52 +00:00			`present_members([member])`
Move the #update action from Project/Member controllers to the MembershipActions concern Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 11:00:25 +00:00			`respond_to do \|format\|`
Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 14:10:22 +00:00			`format.js { render 'shared/members/update', locals: { member: member } }`
Move the #update action from Project/Member controllers to the MembershipActions concern Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 11:00:25 +00:00			`end`
			`end`

Refactor members controller destroy action Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-04-17 14:44:30 +00:00			`def destroy`
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 14:47:08 +00:00			`member = membershipable.members_and_requesters.find(params[:id])`
Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 14:10:22 +00:00			`Members::DestroyService.new(current_user).execute(member)`
Refactor members controller destroy action Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-04-17 14:44:30 +00:00
			`respond_to do \|format\|`
			`format.html do`
			`message = "User was successfully removed from #{source_type}."`
			`redirect_to members_page_url, notice: message`
			`end`

			`format.js { head :ok }`
			`end`
			`end`

UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 16:05:06 +00:00			`def request_access`
			`membershipable.request_access(current_user)`

			`redirect_to polymorphic_path(membershipable),`
			`notice: 'Your request for access has been queued for review.'`
			`end`

			`def approve_access_request`
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 14:47:08 +00:00			`access_requester = membershipable.requesters.find(params[:id])`
			`Members::ApproveAccessRequestService`
Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 14:10:22 +00:00			`.new(current_user, params)`
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 14:47:08 +00:00			`.execute(access_requester)`
UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 16:05:06 +00:00
Refactor members controller destroy action Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-04-17 14:44:30 +00:00			`redirect_to members_page_url`
UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 16:05:06 +00:00			`end`

Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 15:31:01 +00:00			`# rubocop: disable CodeReuse/ActiveRecord`
UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 16:05:06 +00:00			`def leave`
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 14:47:08 +00:00			`member = membershipable.members_and_requesters.find_by!(user_id: current_user.id)`
Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 14:10:22 +00:00			`Members::DestroyService.new(current_user).execute(member)`
New Members::DestroyService This is to ensure we don't send unwanted notifications when deleting a project. In other words, stop abusing AR callbacks and use services. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 12:06:55 +00:00
Raise a new Gitlab::Access::AccessDeniedError when permission is not enough to destroy a member This is a try for a new approach to put the access checks at the service level. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 16:59:33 +00:00			`notice =`
Fix a few things after the initial improvment to Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-09-09 16:51:31 +00:00			`if member.request?`
Raise a new Gitlab::Access::AccessDeniedError when permission is not enough to destroy a member This is a try for a new approach to put the access checks at the service level. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 16:59:33 +00:00			`"Your access request to the #{source_type} has been withdrawn."`
UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 16:05:06 +00:00			`else`
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 17:31:17 +00:00			`"You left the \"#{membershipable.human_name}\" #{source_type}."`
UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 16:05:06 +00:00			`end`
Refactor members controller destroy action Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-04-17 14:44:30 +00:00
Add json support to group members leave action in controller Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-06-06 10:35:22 +00:00			`respond_to do \|format\|`
			`format.html do`
			`redirect_path = member.request? ? member.source : [:dashboard, membershipable.class.to_s.tableize]`
			`redirect_to redirect_path, notice: notice`
			`end`
Raise a new Gitlab::Access::AccessDeniedError when permission is not enough to destroy a member This is a try for a new approach to put the access checks at the service level. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 16:59:33 +00:00
Minor visual adjustments 2017-06-06 14:01:42 +00:00			`format.json { render json: { notice: notice } }`
Add json support to group members leave action in controller Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-06-06 10:35:22 +00:00			`end`
UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 16:05:06 +00:00			`end`
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 15:31:01 +00:00			`# rubocop: enable CodeReuse/ActiveRecord`
UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 16:05:06 +00:00
Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 14:10:22 +00:00			`def resend_invite`
			`member = membershipable.members.find(params[:id])`

			`if member.invite?`
			`member.resend_invite`

			`redirect_to members_page_url, notice: 'The invitation was successfully resent.'`
			`else`
			`redirect_to members_page_url, alert: 'The invitation has already been accepted.'`
			`end`
			`end`

UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 16:05:06 +00:00			`protected`

			`def membershipable`
			`raise NotImplementedError`
			`end`
Refactor members controller destroy action Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-04-17 14:44:30 +00:00
Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 14:10:22 +00:00			`def root_params_key`
			`case membershipable`
			`when Namespace`
			`:group_member`
			`when Project`
			`:project_member`
			`else`
			`raise "Unknown membershipable type: #{membershipable}!"`
			`end`
			`end`

Refactor members controller destroy action Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-04-17 14:44:30 +00:00			`def members_page_url`
Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 14:10:22 +00:00			`case membershipable`
			`when Namespace`
			`polymorphic_url([membershipable, :members])`
			`when Project`
Resolve "Inconsistent location of members page between groups and projects" 2017-07-07 14:40:41 +00:00			`project_project_members_path(membershipable)`
Refactor members controller destroy action Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-04-17 14:44:30 +00:00			`else`
Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 14:10:22 +00:00			`raise "Unknown membershipable type: #{membershipable}!"`
Refactor members controller destroy action Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-04-17 14:44:30 +00:00			`end`
			`end`

			`def source_type`
			`@source_type \|\|= membershipable.class.to_s.humanize(capitalize: false)`
			`end`
UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 16:05:06 +00:00			`end`