gitlab-org--gitlab-foss/app/controllers/concerns/membership_actions.rb

# frozen_string_literal: true

module MembershipActions
  include MembersPresentation
  extend ActiveSupport::Concern

  def update
    update_params = params.require(root_params_key).permit(:access_level, :expires_at)
    member = membershipable.members_and_requesters.find(params[:id])
    result = Members::UpdateService
      .new(current_user, update_params)
      .execute(member)

    member = result[:member]

    member_data = if member.expires?
                    {
                      expires_soon: member.expires_soon?,
                      expires_at_formatted: member.expires_at.to_time.in_time_zone.to_s(:medium)
                    }
                  else
                    {}
                  end

    if result[:status] == :success
      render json: member_data
    else
      render json: { message: result[:message] }, status: :unprocessable_entity
    end
  end

  def destroy
    member = membershipable.members_and_requesters.find(params[:id])
    skip_subresources = !ActiveRecord::Type::Boolean.new.cast(params.delete(:remove_sub_memberships))
    # !! is used in case unassign_issuables contains empty string which would result in nil
    unassign_issuables = !!ActiveRecord::Type::Boolean.new.cast(params.delete(:unassign_issuables))

    Members::DestroyService.new(current_user).execute(member, skip_subresources: skip_subresources, unassign_issuables: unassign_issuables)

    respond_to do |format|
      format.html do
        message =
          begin
            case membershipable
            when Namespace
              if skip_subresources
                _("User was successfully removed from group.")
              else
                _("User was successfully removed from group and any subgroups and projects.")
              end
            else
              _("User was successfully removed from project.")
            end
          end

        redirect_to members_page_url, notice: message
      end

      format.js { head :ok }
    end
  end

  def request_access
    access_requester = membershipable.request_access(current_user)

    if access_requester.persisted?
      redirect_to polymorphic_path(membershipable),
                  notice: _('Your request for access has been queued for review.')
    else
      redirect_to polymorphic_path(membershipable),
                  alert: _("Your request for access could not be processed: %{error_message}") %
                    { error_message: access_requester.errors.full_messages.to_sentence }
    end
  end

  def approve_access_request
    access_requester = membershipable.requesters.find(params[:id])
    Members::ApproveAccessRequestService
      .new(current_user, params)
      .execute(access_requester)

    redirect_to members_page_url
  end

  # rubocop: disable CodeReuse/ActiveRecord
  def leave
    member = membershipable.members_and_requesters.find_by!(user_id: current_user.id)
    Members::DestroyService.new(current_user).execute(member)

    notice =
      if member.request?
        _("Your access request to the %{source_type} has been withdrawn.") % { source_type: source_type }
      else
        _("You left the \"%{membershipable_human_name}\" %{source_type}.") % { membershipable_human_name: membershipable.human_name, source_type: source_type }
      end

    respond_to do |format|
      format.html do
        redirect_path = member.request? ? member.source : [:dashboard, membershipable.class.to_s.tableize.to_sym]
        redirect_to redirect_path, notice: notice
      end

      format.json { render json: { notice: notice } }
    end
  end
  # rubocop: enable CodeReuse/ActiveRecord

  def resend_invite
    member = membershipable_members.find(params[:id])

    if member.invite?
      member.resend_invite

      redirect_to members_page_url, notice: _('The invitation was successfully resent.')
    else
      redirect_to members_page_url, alert: _('The invitation has already been accepted.')
    end
  end

  protected

  def membershipable
    raise NotImplementedError
  end

  def membershipable_members
    raise NotImplementedError
  end

  def root_params_key
    raise NotImplementedError
  end

  def members_page_url
    raise NotImplementedError
  end

  def source_type
    raise NotImplementedError
  end

  def plain_source_type
    raise NotImplementedError
  end

  def requested_relations(inherited_permissions = :with_inherited_permissions)
    case params[inherited_permissions].presence
    when 'exclude'
      [:direct]
    when 'only'
      [:inherited]
    else
      if Feature.enabled?(:webui_members_inherited_users, current_user)
        [:inherited, :direct, :shared_from_groups]
      else
        [:inherited, :direct]
      end
    end
  end
end

MembershipActions.prepend_mod_with('MembershipActions')
Enable frozen string in app/controllers/*/.rb Enables frozen string for the following: * app/controllers/.rb app/controllers/admin/*/.rb * app/controllers/boards/*/.rb * app/controllers/ci/*/.rb * app/controllers/concerns/*/.rb Partially addresses #47424. 2018-09-14 01:42:05 -04:00			`# frozen_string_literal: true`

UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 12:05:06 -04:00			`module MembershipActions`
Show the status of a user in interactions The status is shown for - The author of a commit when viewing a commit - Notes on a commit (regular/diff) - The user that triggered a pipeline when viewing a pipeline - The author of a merge request when viewing a merge request - The author of notes on a merge request (regular/diff) - The author of an issue when viewing an issue - The author of notes on an issue - The author of a snippet when viewing a snippet - The author of notes on a snippet - A user's profile page - The list of members of a group/user 2018-07-16 12:18:52 -04:00			`include MembersPresentation`
UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 12:05:06 -04:00			`extend ActiveSupport::Concern`

Move the #update action from Project/Member controllers to the MembershipActions concern Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 06:00:25 -05:00			`def update`
Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 09:10:22 -05:00			`update_params = params.require(root_params_key).permit(:access_level, :expires_at)`
Move the #update action from Project/Member controllers to the MembershipActions concern Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 06:00:25 -05:00			`member = membershipable.members_and_requesters.find(params[:id])`
Add latest changes from gitlab-org/gitlab@master 2021-01-28 16:09:04 -05:00			`result = Members::UpdateService`
Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 09:10:22 -05:00			`.new(current_user, update_params)`
Move the #update action from Project/Member controllers to the MembershipActions concern Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 06:00:25 -05:00			`.execute(member)`

Add latest changes from gitlab-org/gitlab@master 2021-01-28 16:09:04 -05:00			`member = result[:member]`

			`member_data = if member.expires?`
			`{`
			`expires_soon: member.expires_soon?,`
			`expires_at_formatted: member.expires_at.to_time.in_time_zone.to_s(:medium)`
			`}`
			`else`
			`{}`
			`end`

			`if result[:status] == :success`
			`render json: member_data`
Add latest changes from gitlab-org/gitlab@master 2020-10-06 14:08:49 -04:00			`else`
Add latest changes from gitlab-org/gitlab@master 2021-01-28 16:09:04 -05:00			`render json: { message: result[:message] }, status: :unprocessable_entity`
Move the #update action from Project/Member controllers to the MembershipActions concern Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 06:00:25 -05:00			`end`
			`end`

Refactor members controller destroy action Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-04-17 10:44:30 -04:00			`def destroy`
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 10:47:08 -04:00			`member = membershipable.members_and_requesters.find(params[:id])`
Add latest changes from gitlab-org/gitlab@master 2021-03-23 08:09:33 -04:00			`skip_subresources = !ActiveRecord::Type::Boolean.new.cast(params.delete(:remove_sub_memberships))`
Add latest changes from gitlab-org/gitlab@master 2020-06-23 11:08:41 -04:00			`# !! is used in case unassign_issuables contains empty string which would result in nil`
			`unassign_issuables = !!ActiveRecord::Type::Boolean.new.cast(params.delete(:unassign_issuables))`

Add latest changes from gitlab-org/gitlab@master 2021-03-23 08:09:33 -04:00			`Members::DestroyService.new(current_user).execute(member, skip_subresources: skip_subresources, unassign_issuables: unassign_issuables)`
Refactor members controller destroy action Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-04-17 10:44:30 -04:00
			`respond_to do \|format\|`
			`format.html do`
Externalize strings in projects controllers - concerns - dashboard - groups - import 2019-03-27 12:52:52 -04:00			`message =`
			`begin`
			`case membershipable`
			`when Namespace`
Add latest changes from gitlab-org/gitlab@master 2021-03-23 08:09:33 -04:00			`if skip_subresources`
			`_("User was successfully removed from group.")`
			`else`
			`_("User was successfully removed from group and any subgroups and projects.")`
			`end`
Externalize strings in projects controllers - concerns - dashboard - groups - import 2019-03-27 12:52:52 -04:00			`else`
			`_("User was successfully removed from project.")`
			`end`
			`end`
Add subresources removal to member destroy service 2018-11-16 10:09:32 -05:00
Refactor members controller destroy action Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-04-17 10:44:30 -04:00			`redirect_to members_page_url, notice: message`
			`end`

			`format.js { head :ok }`
			`end`
			`end`

UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 12:05:06 -04:00			`def request_access`
Add latest changes from gitlab-org/gitlab@master 2020-05-27 17:08:05 -04:00			`access_requester = membershipable.request_access(current_user)`
UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 12:05:06 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-05-27 17:08:05 -04:00			`if access_requester.persisted?`
			`redirect_to polymorphic_path(membershipable),`
			`notice: _('Your request for access has been queued for review.')`
			`else`
			`redirect_to polymorphic_path(membershipable),`
Add latest changes from gitlab-org/gitlab@master 2022-02-28 04:15:16 -05:00			`alert: _("Your request for access could not be processed: %{error_message}") %`
			`{ error_message: access_requester.errors.full_messages.to_sentence }`
Add latest changes from gitlab-org/gitlab@master 2020-05-27 17:08:05 -04:00			`end`
UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 12:05:06 -04:00			`end`

			`def approve_access_request`
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 10:47:08 -04:00			`access_requester = membershipable.requesters.find(params[:id])`
			`Members::ApproveAccessRequestService`
Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 09:10:22 -05:00			`.new(current_user, params)`
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 10:47:08 -04:00			`.execute(access_requester)`
UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 12:05:06 -04:00
Refactor members controller destroy action Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-04-17 10:44:30 -04:00			`redirect_to members_page_url`
UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 12:05:06 -04:00			`end`

Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 11:31:01 -04:00			`# rubocop: disable CodeReuse/ActiveRecord`
UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 12:05:06 -04:00			`def leave`
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 10:47:08 -04:00			`member = membershipable.members_and_requesters.find_by!(user_id: current_user.id)`
Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 09:10:22 -05:00			`Members::DestroyService.new(current_user).execute(member)`
New Members::DestroyService This is to ensure we don't send unwanted notifications when deleting a project. In other words, stop abusing AR callbacks and use services. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 08:06:55 -04:00
Raise a new Gitlab::Access::AccessDeniedError when permission is not enough to destroy a member This is a try for a new approach to put the access checks at the service level. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 12:59:33 -04:00			`notice =`
Fix a few things after the initial improvment to Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-09-09 12:51:31 -04:00			`if member.request?`
Externalize strings in projects controllers - concerns - dashboard - groups - import 2019-03-27 12:52:52 -04:00			`_("Your access request to the %{source_type} has been withdrawn.") % { source_type: source_type }`
UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 12:05:06 -04:00			`else`
Externalize strings in projects controllers - concerns - dashboard - groups - import 2019-03-27 12:52:52 -04:00			`_("You left the \"%{membershipable_human_name}\" %{source_type}.") % { membershipable_human_name: membershipable.human_name, source_type: source_type }`
UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 12:05:06 -04:00			`end`
Refactor members controller destroy action Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-04-17 10:44:30 -04:00
Add json support to group members leave action in controller Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-06-06 06:35:22 -04:00			`respond_to do \|format\|`
			`format.html do`
Add latest changes from gitlab-org/gitlab@master 2021-05-24 14:10:28 -04:00			`redirect_path = member.request? ? member.source : [:dashboard, membershipable.class.to_s.tableize.to_sym]`
Add json support to group members leave action in controller Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-06-06 06:35:22 -04:00			`redirect_to redirect_path, notice: notice`
			`end`
Raise a new Gitlab::Access::AccessDeniedError when permission is not enough to destroy a member This is a try for a new approach to put the access checks at the service level. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 12:59:33 -04:00
Minor visual adjustments 2017-06-06 10:01:42 -04:00			`format.json { render json: { notice: notice } }`
Add json support to group members leave action in controller Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-06-06 06:35:22 -04:00			`end`
UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 12:05:06 -04:00			`end`
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 11:31:01 -04:00			`# rubocop: enable CodeReuse/ActiveRecord`
UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 12:05:06 -04:00
Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 09:10:22 -05:00			`def resend_invite`
Add latest changes from gitlab-org/gitlab@master 2020-10-16 05:09:06 -04:00			`member = membershipable_members.find(params[:id])`
Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 09:10:22 -05:00
			`if member.invite?`
			`member.resend_invite`

Externalize strings in projects controllers - concerns - dashboard - groups - import 2019-03-27 12:52:52 -04:00			`redirect_to members_page_url, notice: _('The invitation was successfully resent.')`
Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 09:10:22 -05:00			`else`
Externalize strings in projects controllers - concerns - dashboard - groups - import 2019-03-27 12:52:52 -04:00			`redirect_to members_page_url, alert: _('The invitation has already been accepted.')`
Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 09:10:22 -05:00			`end`
			`end`

UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 12:05:06 -04:00			`protected`

			`def membershipable`
			`raise NotImplementedError`
			`end`
Refactor members controller destroy action Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-04-17 10:44:30 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-10-16 05:09:06 -04:00			`def membershipable_members`
			`raise NotImplementedError`
			`end`

Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 09:10:22 -05:00			`def root_params_key`
Add latest changes from gitlab-org/gitlab@master 2021-06-15 08:10:11 -04:00			`raise NotImplementedError`
Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 09:10:22 -05:00			`end`

Refactor members controller destroy action Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-04-17 10:44:30 -04:00			`def members_page_url`
Add latest changes from gitlab-org/gitlab@master 2021-06-15 08:10:11 -04:00			`raise NotImplementedError`
Refactor members controller destroy action Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-04-17 10:44:30 -04:00			`end`

			`def source_type`
Add latest changes from gitlab-org/gitlab@master 2021-06-15 08:10:11 -04:00			`raise NotImplementedError`
Refactor members controller destroy action Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-04-17 10:44:30 -04:00			`end`
Add latest changes from gitlab-org/gitlab@master 2019-12-13 10:08:02 -05:00
Add latest changes from gitlab-org/gitlab@master 2021-06-14 14:10:28 -04:00			`def plain_source_type`
			`raise NotImplementedError`
			`end`

Add latest changes from gitlab-org/gitlab@master 2022-05-30 05:09:35 -04:00			`def requested_relations(inherited_permissions = :with_inherited_permissions)`
			`case params[inherited_permissions].presence`
Add latest changes from gitlab-org/gitlab@master 2019-12-13 10:08:02 -05:00			`when 'exclude'`
			`[:direct]`
			`when 'only'`
			`[:inherited]`
			`else`
Add latest changes from gitlab-org/gitlab@master 2022-08-25 23:12:38 -04:00			`if Feature.enabled?(:webui_members_inherited_users, current_user)`
			`[:inherited, :direct, :shared_from_groups]`
			`else`
			`[:inherited, :direct]`
			`end`
Add latest changes from gitlab-org/gitlab@master 2019-12-13 10:08:02 -05:00			`end`
			`end`
UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 12:05:06 -04:00			`end`
Add latest changes from gitlab-org/gitlab@master 2021-05-03 20:10:16 -04:00
Add latest changes from gitlab-org/gitlab@master 2021-05-11 17:10:21 -04:00			`MembershipActions.prepend_mod_with('MembershipActions')`