gitlab-org--gitlab-foss/app/controllers/groups_controller.rb

class GroupsController < Groups::ApplicationController
  include FilterProjects
  include IssuesAction
  include MergeRequestsAction

  respond_to :html

  before_action :authenticate_user!, only: [:new, :create]
  before_action :group, except: [:index, :new, :create]

  # Authorize
  before_action :authorize_admin_group!, only: [:edit, :update, :destroy, :projects]
  before_action :authorize_create_group!, only: [:new, :create]

  # Load group projects
  before_action :group_projects, only: [:show, :projects, :activity, :issues, :merge_requests]
  before_action :event_filter, only: [:activity]

  layout :determine_layout

  def index
    redirect_to(current_user ? dashboard_groups_path : explore_groups_path)
  end

  def new
    @group = Group.new
  end

  def create
    @group = Groups::CreateService.new(current_user, group_params).execute

    if @group.persisted?
      redirect_to @group, notice: "Group '#{@group.name}' was successfully created."
    else
      render action: "new"
    end
  end

  def show
    if current_user
      @last_push            = current_user.recent_push
      @notification_setting = current_user.notification_settings_for(group)
    end

    setup_projects

    respond_to do |format|
      format.html

      format.json do
        render json: {
          html: view_to_html_string("dashboard/projects/_projects", locals: { projects: @projects })
        }
      end

      format.atom do
        load_events
        render layout: false
      end
    end
  end

  def activity
    respond_to do |format|
      format.html

      format.json do
        load_events
        pager_json("events/_events", @events.count)
      end
    end
  end

  def edit
  end

  def projects
    @projects = @group.projects.page(params[:page])
  end

  def update
    if Groups::UpdateService.new(@group, current_user, group_params).execute
      redirect_to edit_group_path(@group), notice: "Group '#{@group.name}' was successfully updated."
    else
      error = group.errors.full_messages.first
      alert_message = "Group '#{@group.name}' cannot be updated: " + error

      redirect_to edit_group_path(@group.reload), alert: alert_message
    end
  end

  def destroy
    DestroyGroupService.new(@group, current_user).async_execute

    redirect_to root_path, alert: "Group '#{@group.name}' was scheduled for deletion."
  end

  protected

  def setup_projects
    @projects = @projects.includes(:namespace)
    @projects = @projects.sorted_by_activity
    @projects = filter_projects(@projects)
    @projects = @projects.sort(@sort = params[:sort])
    @projects = @projects.page(params[:page]) if params[:filter_projects].blank?

    @shared_projects = GroupProjectsFinder.new(group, only_shared: true).execute(current_user)
  end

  def authorize_create_group!
    unless can?(current_user, :create_group, nil)
      return render_404
    end
  end

  def determine_layout
    if [:new, :create].include?(action_name.to_sym)
      'application'
    elsif [:edit, :update, :projects].include?(action_name.to_sym)
      'group_settings'
    else
      'group'
    end
  end

  def group_params
    params.require(:group).permit(
      :avatar,
      :description,
      :lfs_enabled,
      :name,
      :path,
      :public,
      :request_access_enabled,
      :share_with_group_lock,
      :visibility_level
    )
  end

  def load_events
    @events = Event.in_projects(@projects)
    @events = event_filter.apply_filter(@events).with_associations
    @events = @events.limit(20).offset(params[:offset] || 0)
  end
end
group controller refactoring 2015-03-12 15:08:48 +00:00			`class GroupsController < Groups::ApplicationController`
Add projects list sort dropdown to group page Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-03-04 15:42:58 +00:00			`include FilterProjects`
Refactor duplciate code for groups_controller.rb and slack_service/note_message.rb Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2015-11-17 10:03:18 +00:00			`include IssuesAction`
			`include MergeRequestsAction`

Move all stuff to groups controller 2012-10-02 17:42:15 +00:00			`respond_to :html`
Make the `/groups` route behave as expected The route is supposed to redirect the Groups#index request based on whether or not a user was logged in. If they are, we redirect them to their groups dashboard; if they're not, we redirect them to the public Explore page. But due to overly aggressive `before_action`s that weren't excluding the `index` action, the request always resulted in a 404, whether a user was logged in or not. Closes #12660 2016-01-24 00:08:15 +00:00
Tweaks, refactoring, and specs 2016-03-20 20:03:53 +00:00			`before_action :authenticate_user!, only: [:new, :create]`
Make the `/groups` route behave as expected The route is supposed to redirect the Groups#index request based on whether or not a user was logged in. If they are, we redirect them to their groups dashboard; if they're not, we redirect them to the public Explore page. But due to overly aggressive `before_action`s that weren't excluding the `index` action, the request always resulted in a 404, whether a user was logged in or not. Closes #12660 2016-01-24 00:08:15 +00:00			`before_action :group, except: [:index, :new, :create]`
Move all stuff to groups controller 2012-10-02 17:42:15 +00:00
authorized_projects and authorized_groups methods for user 2012-11-29 15:17:01 +00:00			`# Authorize`
Fixed the Rails/ActionFilter cop Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com> 2015-04-16 12:03:37 +00:00			`before_action :authorize_admin_group!, only: [:edit, :update, :destroy, :projects]`
			`before_action :authorize_create_group!, only: [:new, :create]`
User can create group 2013-01-24 15:47:09 +00:00
			`# Load group projects`
Tweaks, refactoring, and specs 2016-03-20 20:03:53 +00:00			`before_action :group_projects, only: [:show, :projects, :activity, :issues, :merge_requests]`
Move group activity feed to separate page for consistency with dashboard and project pages Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-03-10 13:29:38 +00:00			`before_action :event_filter, only: [:activity]`
Fix determine of layout for group/team 2013-06-08 13:26:57 +00:00
Add helpers for header title and sidebar, and move setting those from controllers to layouts. 2015-05-01 08:39:11 +00:00			`layout :determine_layout`

Clean up overlap between dashboard and explore. - Split up SnippetsController into separate dashboard and explore sections. - Use consistent page titles, header titles and sidebars between dashboard and explore sections when signed in or not. 2015-09-08 13:49:20 +00:00			`def index`
Move partial to right place and fix tests. 2015-09-08 14:14:14 +00:00			`redirect_to(current_user ? dashboard_groups_path : explore_groups_path)`
Clean up overlap between dashboard and explore. - Split up SnippetsController into separate dashboard and explore sections. - Use consistent page titles, header titles and sidebars between dashboard and explore sections when signed in or not. 2015-09-08 13:49:20 +00:00			`end`

User can create group 2013-01-24 15:47:09 +00:00			`def new`
			`@group = Group.new`
			`end`

			`def create`
Code fixes 2016-03-17 22:42:46 +00:00			`@group = Groups::CreateService.new(current_user, group_params).execute`
User can create group 2013-01-24 15:47:09 +00:00
Code fixes 2016-03-17 22:42:46 +00:00			`if @group.persisted?`
Mention group and project name in flash messages upon create, update and delete. 2015-07-29 22:06:16 +00:00			`redirect_to @group, notice: "Group '#{@group.name}' was successfully created."`
User can create group 2013-01-24 15:47:09 +00:00			`else`
			`render action: "new"`
			`end`
			`end`
authorized_projects and authorized_groups methods for user 2012-11-29 15:17:01 +00:00
Move all stuff to groups controller 2012-10-02 17:42:15 +00:00			`def show`
Insert notification settings dropdown into groups 2016-06-21 19:50:13 +00:00			`if current_user`
			`@last_push = current_user.recent_push`
			`@notification_setting = current_user.notification_settings_for(group)`
			`end`
Tweaks, refactoring, and specs 2016-03-20 20:03:53 +00:00
Insert notification settings dropdown into groups 2016-06-21 19:50:13 +00:00			`setup_projects`
Show shared projects on group page Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-03-11 17:42:16 +00:00
Move all stuff to groups controller 2012-10-02 17:42:15 +00:00			`respond_to do \|format\|`
			`format.html`
DB performance improvements to GitLab 2015-02-18 08:16:42 +00:00
			`format.json do`
Extract events rendering to own action. 2016-02-06 17:36:46 +00:00			`render json: {`
			`html: view_to_html_string("dashboard/projects/_projects", locals: { projects: @projects })`
			`}`
DB performance improvements to GitLab 2015-02-18 08:16:42 +00:00			`end`

Fix event loading with associations 2015-02-18 17:38:46 +00:00			`format.atom do`
			`load_events`
			`render layout: false`
			`end`
Move all stuff to groups controller 2012-10-02 17:42:15 +00:00			`end`
			`end`

Move group activity feed to separate page for consistency with dashboard and project pages Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-03-10 13:29:38 +00:00			`def activity`
Extract events rendering to own action. 2016-02-06 17:36:46 +00:00			`respond_to do \|format\|`
Move group activity feed to separate page for consistency with dashboard and project pages Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-03-10 13:29:38 +00:00			`format.html`

Extract events rendering to own action. 2016-02-06 17:36:46 +00:00			`format.json do`
			`load_events`
			`pager_json("events/_events", @events.count)`
			`end`
			`end`
			`end`

Ability to manage and remove group as owner outside of admin area 2013-02-01 17:04:11 +00:00			`def edit`
			`end`

merge master into issue_3359_3 2016-06-22 13:50:19 +00:00			`def projects`
			`@projects = @group.projects.page(params[:page])`
			`end`

Ability to manage and remove group as owner outside of admin area 2013-02-01 17:04:11 +00:00			`def update`
Prevent projects to have higher visibility than groups Prevent Groups to have smaller visibility than projects Add default_group_visibility_level to configuration Code improvements 2016-03-09 00:01:33 +00:00			`if Groups::UpdateService.new(@group, current_user, group_params).execute`
Mention group and project name in flash messages upon create, update and delete. 2015-07-29 22:06:16 +00:00			`redirect_to edit_group_path(@group), notice: "Group '#{@group.name}' was successfully updated."`
Ability to manage and remove group as owner outside of admin area 2013-02-01 17:04:11 +00:00			`else`
Fix error 500 renaming group. Also added specs and changelog. 2016-12-20 16:52:27 +00:00			`error = group.errors.full_messages.first`
			`alert_message = "Group '#{@group.name}' cannot be updated: " + error`

			`redirect_to edit_group_path(@group.reload), alert: alert_message`
Ability to manage and remove group as owner outside of admin area 2013-02-01 17:04:11 +00:00			`end`
			`end`

			`def destroy`
Fix bug where destroying a namespace would not always destroy projects There is a race condition in DestroyGroupService now that projects are deleted asynchronously: 1. User attempts to delete group 2. DestroyGroupService iterates through all projects and schedules a Sidekiq job to delete each Project 3. DestroyGroupService destroys the Group, leaving all its projects without a namespace 4. Projects::DestroyService runs later but the can?(current_user, :remove_project) is `false` because the user no longer has permission to destroy projects with no namespace. 5. This leaves the project in pending_delete state with no namespace/group. Projects without a namespace or group also adds another problem: it's not possible to destroy the container registry tags, since container_registry_path_with_namespace is the wrong value. The fix is to destroy the group asynchronously and to run execute directly on Projects::DestroyService. Closes #17893 2016-05-29 02:54:17 +00:00			`DestroyGroupService.new(@group, current_user).async_execute`
Ability to manage and remove group as owner outside of admin area 2013-02-01 17:04:11 +00:00
Fix bug where destroying a namespace would not always destroy projects There is a race condition in DestroyGroupService now that projects are deleted asynchronously: 1. User attempts to delete group 2. DestroyGroupService iterates through all projects and schedules a Sidekiq job to delete each Project 3. DestroyGroupService destroys the Group, leaving all its projects without a namespace 4. Projects::DestroyService runs later but the can?(current_user, :remove_project) is `false` because the user no longer has permission to destroy projects with no namespace. 5. This leaves the project in pending_delete state with no namespace/group. Projects without a namespace or group also adds another problem: it's not possible to destroy the container registry tags, since container_registry_path_with_namespace is the wrong value. The fix is to destroy the group asynchronously and to run execute directly on Projects::DestroyService. Closes #17893 2016-05-29 02:54:17 +00:00			`redirect_to root_path, alert: "Group '#{@group.name}' was scheduled for deletion."`
Ability to manage and remove group as owner outside of admin area 2013-02-01 17:04:11 +00:00			`end`

Move all stuff to groups controller 2012-10-02 17:42:15 +00:00			`protected`

Insert notification settings dropdown into groups 2016-06-21 19:50:13 +00:00			`def setup_projects`
			`@projects = @projects.includes(:namespace)`
			`@projects = @projects.sorted_by_activity`
			`@projects = filter_projects(@projects)`
			`@projects = @projects.sort(@sort = params[:sort])`
			`@projects = @projects.page(params[:page]) if params[:filter_projects].blank?`

			`@shared_projects = GroupProjectsFinder.new(group, only_shared: true).execute(current_user)`
			`end`

allow/deny user to create group/team 2013-01-25 09:30:49 +00:00			`def authorize_create_group!`
Ability to manage and remove group as owner outside of admin area 2013-02-01 17:04:11 +00:00			`unless can?(current_user, :create_group, nil)`
			`return render_404`
			`end`
			`end`

Add helpers for header title and sidebar, and move setting those from controllers to layouts. 2015-05-01 08:39:11 +00:00			`def determine_layout`
Fix determine of layout for group/team 2013-06-08 13:26:57 +00:00			`if [:new, :create].include?(action_name.to_sym)`
Add helpers for header title and sidebar, and move setting those from controllers to layouts. 2015-05-01 08:39:11 +00:00			`'application'`
Fix consistency issue in sidebars of Project and Group Settings. Fixes #2277. 2015-06-15 22:32:14 +00:00			`elsif [:edit, :update, :projects].include?(action_name.to_sym)`
			`'group_settings'`
Allow access to groups with public projects. Fixed Group avatars to only display when user has read permissions to at least one project in the group. 2014-02-13 20:45:51 +00:00			`else`
Add helpers for header title and sidebar, and move setting those from controllers to layouts. 2015-05-01 08:39:11 +00:00			`'group'`
Fix determine of layout for group/team 2013-06-08 13:26:57 +00:00			`end`
			`end`
Use FilteringService for Dashboard, Group pages Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-01-15 14:16:45 +00:00
Group and Event strong_params Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 13:57:10 +00:00			`def group_params`
Added group-specific setting for LFS. Groups can enable/disable LFS, but this setting can be overridden at the project level. Admin only 2016-09-01 23:49:48 +00:00			`params.require(:group).permit(`
Syntax fixes and better tests for helper methods. Updated docs. 2016-09-06 16:48:00 +00:00			`:avatar,`
Added group-specific setting for LFS. Groups can enable/disable LFS, but this setting can be overridden at the project level. Admin only 2016-09-01 23:49:48 +00:00			`:description,`
Syntax fixes and better tests for helper methods. Updated docs. 2016-09-06 16:48:00 +00:00			`:lfs_enabled,`
			`:name,`
Added group-specific setting for LFS. Groups can enable/disable LFS, but this setting can be overridden at the project level. Admin only 2016-09-01 23:49:48 +00:00			`:path,`
			`:public,`
			`:request_access_enabled,`
Syntax fixes and better tests for helper methods. Updated docs. 2016-09-06 16:48:00 +00:00			`:share_with_group_lock,`
			`:visibility_level`
Added group-specific setting for LFS. Groups can enable/disable LFS, but this setting can be overridden at the project level. Admin only 2016-09-01 23:49:48 +00:00			`)`
Group and Event strong_params Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 13:57:10 +00:00			`end`
Fix event loading with associations 2015-02-18 17:38:46 +00:00
			`def load_events`
Don't pluck project IDs for events By instead using a sub-query we save ourselves the overhead of loading any data into memory only to pass it on to another query. 2016-01-25 15:56:23 +00:00			`@events = Event.in_projects(@projects)`
Fix event loading with associations 2015-02-18 17:38:46 +00:00			`@events = event_filter.apply_filter(@events).with_associations`
			`@events = @events.limit(20).offset(params[:offset] \|\| 0)`
			`end`
Move all stuff to groups controller 2012-10-02 17:42:15 +00:00			`end`