kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/app/services/users/destroy_service.rb

40 lines
1.3 KiB
Ruby
Raw Normal View History

Fix inconsistent naming for services that delete things * Changed name of delete_user_service and worker to destroy * Move and change delete_group_service to Groups::DestroyService * Rename Notes::DeleteService to Notes::DestroyService
2016-08-13 12:45:31 +00:00
module Users
class DestroyService
attr_accessor :current_user
def initialize(current_user)
@current_user = current_user
end
def execute(user, options = {})
Don't allow deleting a ghost user. - Add a `destroy_user` ability. This didn't exist before, and was implicit in other abilities (only admins could access the admin area, so only they could destroy all users; a user can only access their own account page, and so can destroy only themselves). - Grant this ability to admins, and when the current user is trying to destroy themselves. Disallow destroying ghost users in all cases. - Modify the `Users::DestroyService` to check this ability. Also check it in views to decide whether or not to show the "Delete User" button. - Add a short summary of the Ghost User to the bio.
2017-02-17 14:58:12 +00:00
unless Ability.allowed?(current_user, :destroy_user, user)
Add user deletion permission check in `Users::DestroyService` We saw from a recent incident that the `Users::DestroyService` would attempt to delete a user over and over. Revoking the permissions from the current user did not help. We should ensure that the current user does, in fact, have permissions to delete the user. Signed-off-by: Rémy Coutable <remy@rymai.me>
2017-02-04 08:14:17 +00:00
raise Gitlab::Access::AccessDeniedError, "#{current_user} tried to destroy user #{user}!"
end
Fix inconsistent naming for services that delete things * Changed name of delete_user_service and worker to destroy * Move and change delete_group_service to Groups::DestroyService * Rename Notes::DeleteService to Notes::DestroyService
2016-08-13 12:45:31 +00:00
if !options[:delete_solo_owned_groups] && user.solo_owned_groups.present?
user.errors[:base] << 'You must transfer ownership or delete groups before you can remove user'
return user
end
user.solo_owned_groups.each do |group|
Groups::DestroyService.new(group, current_user).execute
end
Fix race condition where a namespace would be deleted before a project was deleted When deleting a user, the following sequence could happen: 1. Project `mygroup/myproject` is scheduled for deletion 2. The group `mygroup` is deleted 3. Sidekiq worker runs to delete `mygroup/myproject`, but the namespace and routes have been destroyed. Closes #30334
2017-03-31 23:59:46 +00:00
user.personal_projects.with_deleted.each do |project|
Fix inconsistent naming for services that delete things * Changed name of delete_user_service and worker to destroy * Move and change delete_group_service to Groups::DestroyService * Rename Notes::DeleteService to Notes::DestroyService
2016-08-13 12:45:31 +00:00
# Skip repository removal because we remove directory with namespace
# that contain all this repositories
Fix race condition where a namespace would be deleted before a project was deleted When deleting a user, the following sequence could happen: 1. Project `mygroup/myproject` is scheduled for deletion 2. The group `mygroup` is deleted 3. Sidekiq worker runs to delete `mygroup/myproject`, but the namespace and routes have been destroyed. Closes #30334
2017-03-31 23:59:46 +00:00
::Projects::DestroyService.new(project, current_user, skip_repo: true).execute
Fix inconsistent naming for services that delete things * Changed name of delete_user_service and worker to destroy * Move and change delete_group_service to Groups::DestroyService * Rename Notes::DeleteService to Notes::DestroyService
2016-08-13 12:45:31 +00:00
end
Hard delete users' associated records deleted from AbuseReports In the case of spammers, we really want a hard delete to avoid retaining spam. Closes #31021
2017-04-16 15:21:40 +00:00
MigrateToGhostUserService.new(user).execute unless options[:hard_delete]
Deleting a user shouldn't delete associated issues. - "Associated" issues are issues the user has created + issues that the user is assigned to. - Issues that a user owns are transferred to a "Ghost User" (just a regular user with `state = 'ghost'` that is created when `User.ghost` is called). - Issues that a user is assigned to are moved to the "Unassigned" state. - Fix a spec failure in `profile_spec` — a spec was asserting that when a user is deleted, `User.count` decreases by 1. After this change, deleting a user creates (potentially) a ghost user, causing `User.count` not to change. The spec has been updated to look for the relevant user in the assertion.
2016-11-11 06:27:43 +00:00
Fix inconsistent naming for services that delete things * Changed name of delete_user_service and worker to destroy * Move and change delete_group_service to Groups::DestroyService * Rename Notes::DeleteService to Notes::DestroyService
2016-08-13 12:45:31 +00:00
# Destroy the namespace after destroying the user since certain methods may depend on the namespace existing
namespace = user.namespace
user_data = user.destroy
namespace.really_destroy!
user_data
end
end
end