gitlab-org--gitlab-foss/app/services/users/destroy_service.rb

module Users
  class DestroyService
    attr_accessor :current_user

    def initialize(current_user)
      @current_user = current_user
    end

    def execute(user, options = {})
      unless current_user.admin? || current_user == user
        raise Gitlab::Access::AccessDeniedError, "#{current_user} tried to destroy user #{user}!"
      end

      if !options[:delete_solo_owned_groups] && user.solo_owned_groups.present?
        user.errors[:base] << 'You must transfer ownership or delete groups before you can remove user'
        return user
      end

      user.solo_owned_groups.each do |group|
        Groups::DestroyService.new(group, current_user).execute
      end

      user.personal_projects.each do |project|
        # Skip repository removal because we remove directory with namespace
        # that contain all this repositories
        ::Projects::DestroyService.new(project, current_user, skip_repo: true).async_execute
      end

      move_issues_to_ghost_user(user)

      # Destroy the namespace after destroying the user since certain methods may depend on the namespace existing
      namespace = user.namespace
      user_data = user.destroy
      namespace.really_destroy!

      user_data
    end

    private
    
    def move_issues_to_ghost_user(user)
      ghost_user = User.ghost

      Issue.transaction do
        user.issues.update_all(author_id: ghost_user.id)
      end

      user.reload
    end
  end
end
Fix inconsistent naming for services that delete things * Changed name of delete_user_service and worker to destroy * Move and change delete_group_service to Groups::DestroyService * Rename Notes::DeleteService to Notes::DestroyService 2016-08-13 08:45:31 -04:00			`module Users`
			`class DestroyService`
			`attr_accessor :current_user`

			`def initialize(current_user)`
			`@current_user = current_user`
			`end`

			`def execute(user, options = {})`
Add user deletion permission check in `Users::DestroyService` We saw from a recent incident that the `Users::DestroyService` would attempt to delete a user over and over. Revoking the permissions from the current user did not help. We should ensure that the current user does, in fact, have permissions to delete the user. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-02-04 03:14:17 -05:00			`unless current_user.admin? \|\| current_user == user`
			`raise Gitlab::Access::AccessDeniedError, "#{current_user} tried to destroy user #{user}!"`
			`end`

Fix inconsistent naming for services that delete things * Changed name of delete_user_service and worker to destroy * Move and change delete_group_service to Groups::DestroyService * Rename Notes::DeleteService to Notes::DestroyService 2016-08-13 08:45:31 -04:00			`if !options[:delete_solo_owned_groups] && user.solo_owned_groups.present?`
			`user.errors[:base] << 'You must transfer ownership or delete groups before you can remove user'`
			`return user`
			`end`

			`user.solo_owned_groups.each do \|group\|`
			`Groups::DestroyService.new(group, current_user).execute`
			`end`

			`user.personal_projects.each do \|project\|`
			`# Skip repository removal because we remove directory with namespace`
			`# that contain all this repositories`
			`::Projects::DestroyService.new(project, current_user, skip_repo: true).async_execute`
			`end`

Deleting a user shouldn't delete associated issues. - "Associated" issues are issues the user has created + issues that the user is assigned to. - Issues that a user owns are transferred to a "Ghost User" (just a regular user with `state = 'ghost'` that is created when `User.ghost` is called). - Issues that a user is assigned to are moved to the "Unassigned" state. - Fix a spec failure in `profile_spec` — a spec was asserting that when a user is deleted, `User.count` decreases by 1. After this change, deleting a user creates (potentially) a ghost user, causing `User.count` not to change. The spec has been updated to look for the relevant user in the assertion. 2016-11-11 01:27:43 -05:00			`move_issues_to_ghost_user(user)`

Fix inconsistent naming for services that delete things * Changed name of delete_user_service and worker to destroy * Move and change delete_group_service to Groups::DestroyService * Rename Notes::DeleteService to Notes::DestroyService 2016-08-13 08:45:31 -04:00			`# Destroy the namespace after destroying the user since certain methods may depend on the namespace existing`
			`namespace = user.namespace`
			`user_data = user.destroy`
			`namespace.really_destroy!`

			`user_data`
			`end`
Deleting a user shouldn't delete associated issues. - "Associated" issues are issues the user has created + issues that the user is assigned to. - Issues that a user owns are transferred to a "Ghost User" (just a regular user with `state = 'ghost'` that is created when `User.ghost` is called). - Issues that a user is assigned to are moved to the "Unassigned" state. - Fix a spec failure in `profile_spec` — a spec was asserting that when a user is deleted, `User.count` decreases by 1. After this change, deleting a user creates (potentially) a ghost user, causing `User.count` not to change. The spec has been updated to look for the relevant user in the assertion. 2016-11-11 01:27:43 -05:00
			`private`
Implement review comments from @DouweM and @nick.thomas. 1. Use an advisory lock to guarantee the absence of concurrency in `User.ghost`, to prevent data races from creating more than one ghost, or preventing the creation of ghost users by causing validation errors. 2. Use `update_all` instead of updating issues one-by-one. 2017-02-06 06:48:27 -05:00
Deleting a user shouldn't delete associated issues. - "Associated" issues are issues the user has created + issues that the user is assigned to. - Issues that a user owns are transferred to a "Ghost User" (just a regular user with `state = 'ghost'` that is created when `User.ghost` is called). - Issues that a user is assigned to are moved to the "Unassigned" state. - Fix a spec failure in `profile_spec` — a spec was asserting that when a user is deleted, `User.count` decreases by 1. After this change, deleting a user creates (potentially) a ghost user, causing `User.count` not to change. The spec has been updated to look for the relevant user in the assertion. 2016-11-11 01:27:43 -05:00			`def move_issues_to_ghost_user(user)`
			`ghost_user = User.ghost`

			`Issue.transaction do`
Implement review comments from @DouweM and @nick.thomas. 1. Use an advisory lock to guarantee the absence of concurrency in `User.ghost`, to prevent data races from creating more than one ghost, or preventing the creation of ghost users by causing validation errors. 2. Use `update_all` instead of updating issues one-by-one. 2017-02-06 06:48:27 -05:00			`user.issues.update_all(author_id: ghost_user.id)`
Deleting a user shouldn't delete associated issues. - "Associated" issues are issues the user has created + issues that the user is assigned to. - Issues that a user owns are transferred to a "Ghost User" (just a regular user with `state = 'ghost'` that is created when `User.ghost` is called). - Issues that a user is assigned to are moved to the "Unassigned" state. - Fix a spec failure in `profile_spec` — a spec was asserting that when a user is deleted, `User.count` decreases by 1. After this change, deleting a user creates (potentially) a ghost user, causing `User.count` not to change. The spec has been updated to look for the relevant user in the assertion. 2016-11-11 01:27:43 -05:00			`end`

			`user.reload`
			`end`
Fix inconsistent naming for services that delete things * Changed name of delete_user_service and worker to destroy * Move and change delete_group_service to Groups::DestroyService * Rename Notes::DeleteService to Notes::DestroyService 2016-08-13 08:45:31 -04:00			`end`
			`end`