gitlab-org--gitlab-foss/app/models/project_team.rb

class ProjectTeam
  include BulkMemberAccessLoad

  attr_accessor :project

  def initialize(project)
    @project = project
  end

  def add_guest(user, current_user: nil)
    add_user(user, :guest, current_user: current_user)
  end

  def add_reporter(user, current_user: nil)
    add_user(user, :reporter, current_user: current_user)
  end

  def add_developer(user, current_user: nil)
    add_user(user, :developer, current_user: current_user)
  end

  def add_master(user, current_user: nil)
    add_user(user, :master, current_user: current_user)
  end

  def add_role(user, role, current_user: nil)
    send(:"add_#{role}", user, current_user: current_user) # rubocop:disable GitlabSecurity/PublicSend
  end

  def find_member(user_id)
    member = project.members.find_by(user_id: user_id)

    # If user is not in project members
    # we should check for group membership
    if group && !member
      member = group.members.find_by(user_id: user_id)
    end

    member
  end

  def add_users(users, access_level, current_user: nil, expires_at: nil)
    ProjectMember.add_users(
      project,
      users,
      access_level,
      current_user: current_user,
      expires_at: expires_at
    )
  end

  def add_user(user, access_level, current_user: nil, expires_at: nil)
    ProjectMember.add_user(
      project,
      user,
      access_level,
      current_user: current_user,
      expires_at: expires_at
    )
  end

  # Remove all users from project team
  def truncate
    ProjectMember.truncate_team(project)
  end

  def members
    @members ||= fetch_members
  end
  alias_method :users, :members

  def guests
    @guests ||= fetch_members(Gitlab::Access::GUEST)
  end

  def reporters
    @reporters ||= fetch_members(Gitlab::Access::REPORTER)
  end

  def developers
    @developers ||= fetch_members(Gitlab::Access::DEVELOPER)
  end

  def masters
    @masters ||= fetch_members(Gitlab::Access::MASTER)
  end

  def owners
    @owners ||=
      if group
        group.owners
      else
        [project.owner]
      end
  end

  def import(source_project, current_user = nil)
    target_project = project

    source_members = source_project.project_members.to_a
    target_user_ids = target_project.project_members.pluck(:user_id)

    source_members.reject! do |member|
      # Skip if user already present in team
      !member.invite? && target_user_ids.include?(member.user_id)
    end

    source_members.map! do |member|
      new_member = member.dup
      new_member.id = nil
      new_member.source = target_project
      new_member.created_by = current_user
      new_member
    end

    ProjectMember.transaction do
      source_members.each do |member|
        member.save
      end
    end

    true
  rescue
    false
  end

  def guest?(user)
    max_member_access(user.id) == Gitlab::Access::GUEST
  end

  def reporter?(user)
    max_member_access(user.id) == Gitlab::Access::REPORTER
  end

  def developer?(user)
    max_member_access(user.id) == Gitlab::Access::DEVELOPER
  end

  def master?(user)
    max_member_access(user.id) == Gitlab::Access::MASTER
  end

  # Checks if `user` is authorized for this project, with at least the
  # `min_access_level` (if given).
  def member?(user, min_access_level = Gitlab::Access::GUEST)
    return false unless user

    max_member_access(user.id) >= min_access_level
  end

  def human_max_access(user_id)
    Gitlab::Access.human_access(max_member_access(user_id))
  end

  # Determine the maximum access level for a group of users in bulk.
  #
  # Returns a Hash mapping user ID -> maximum access level.
  def max_member_access_for_user_ids(user_ids)
    max_member_access_for_resource_ids(User, user_ids, project.id) do |user_ids|
      project.project_authorizations
             .where(user: user_ids)
             .group(:user_id)
             .maximum(:access_level)
    end
  end

  def max_member_access(user_id)
    max_member_access_for_user_ids([user_id])[user_id]
  end

  private

  def fetch_members(level = nil)
    members = project.authorized_users
    members = members.where(project_authorizations: { access_level: level }) if level

    members
  end

  def group
    project.group
  end
end
Rename Team class to ProjectTeam 2013-01-19 18:52:55 +00:00			`class ProjectTeam`
Resolve "Display member role per project" 2017-12-07 09:11:41 +00:00			`include BulkMemberAccessLoad`

REpostiry, Team models 2013-01-03 19:09:18 +00:00			`attr_accessor :project`

			`def initialize(project)`
			`@project = project`
Continue refactoring. Use repostory and team 2013-01-04 06:43:25 +00:00			`end`

Add shortcuts for adding users to a project team with a specific role This also updates _some_ specs to use these new methods, just to serve as an example for others going forward, but by no means is this exhaustive. Original implementations at !5992 and !6012. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/20944 2016-11-18 12:52:39 +00:00			`def add_guest(user, current_user: nil)`
Replace '.team << [user, role]' with 'add_role(user)' in specs 2017-12-22 08:18:28 +00:00			`add_user(user, :guest, current_user: current_user)`
Add shortcuts for adding users to a project team with a specific role This also updates _some_ specs to use these new methods, just to serve as an example for others going forward, but by no means is this exhaustive. Original implementations at !5992 and !6012. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/20944 2016-11-18 12:52:39 +00:00			`end`

			`def add_reporter(user, current_user: nil)`
Replace '.team << [user, role]' with 'add_role(user)' in specs 2017-12-22 08:18:28 +00:00			`add_user(user, :reporter, current_user: current_user)`
Add shortcuts for adding users to a project team with a specific role This also updates _some_ specs to use these new methods, just to serve as an example for others going forward, but by no means is this exhaustive. Original implementations at !5992 and !6012. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/20944 2016-11-18 12:52:39 +00:00			`end`

			`def add_developer(user, current_user: nil)`
Replace '.team << [user, role]' with 'add_role(user)' in specs 2017-12-22 08:18:28 +00:00			`add_user(user, :developer, current_user: current_user)`
Add shortcuts for adding users to a project team with a specific role This also updates _some_ specs to use these new methods, just to serve as an example for others going forward, but by no means is this exhaustive. Original implementations at !5992 and !6012. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/20944 2016-11-18 12:52:39 +00:00			`end`

			`def add_master(user, current_user: nil)`
Replace '.team << [user, role]' with 'add_role(user)' in specs 2017-12-22 08:18:28 +00:00			`add_user(user, :master, current_user: current_user)`
			`end`

			`def add_role(user, role, current_user: nil)`
			`send(:"add_#{role}", user, current_user: current_user) # rubocop:disable GitlabSecurity/PublicSend`
Add shortcuts for adding users to a project team with a specific role This also updates _some_ specs to use these new methods, just to serve as an example for others going forward, but by no means is this exhaustive. Original implementations at !5992 and !6012. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/20944 2016-11-18 12:52:39 +00:00			`end`

Use `member` instead of `tm`. 2015-03-13 15:23:45 +00:00			`def find_member(user_id)`
Exclude requesters from Project#members, Group#members and User#members And create new Project#requesters, Group#requesters scopes. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-27 14:20:57 +00:00			`member = project.members.find_by(user_id: user_id)`
Improve admin user show page Show permissions for all project. Add ability to remove user from group if not an owner Remove unnecessary admin controller 2013-08-27 18:35:41 +00:00
			`# If user is not in project members`
			`# we should check for group membership`
Use `member` instead of `tm`. 2015-03-13 15:23:45 +00:00			`if group && !member`
Exclude requesters from Project#members, Group#members and User#members And create new Project#requesters, Group#requesters scopes. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-27 14:20:57 +00:00			`member = group.members.find_by(user_id: user_id)`
Improve admin user show page Show permissions for all project. Add ability to remove user from group if not an owner Remove unnecessary admin controller 2013-08-27 18:35:41 +00:00			`end`

Use `member` instead of `tm`. 2015-03-13 15:23:45 +00:00			`member`
Fix routing. Finalize user show page 2013-01-22 17:45:13 +00:00			`end`

Allow Member.add_user to handle access requesters Changes include: - Ensure Member.add_user is not called directly when not necessary - New GroupMember.add_users_to_group to have the same abstraction level as for Project - Refactor Member.add_user to take a source instead of an array of members - Fix Rubocop offenses - Always use Project#add_user instead of project.team.add_user - Factorize users addition as members in Member.add_users_to_source - Make access_level a keyword argument in GroupMember.add_users_to_group and ProjectMember.add_users_to_projects - Destroy any requester before adding them as a member - Improve the way we handle access requesters in Member.add_user Instead of removing the requester and creating a new member, we now simply accepts their access request. This way, they will receive a "access request granted" email. - Fix error that was previously silently ignored - Stop raising when access level is invalid in Member, let Rails validation do their work Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-09-16 15:54:21 +00:00			`def add_users(users, access_level, current_user: nil, expires_at: nil)`
Refactor add_users method for project and group Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2017-04-21 14:07:42 +00:00			`ProjectMember.add_users(`
			`project,`
Track who created a group or project member. 2015-04-10 12:46:09 +00:00			`users,`
Allow Member.add_user to handle access requesters Changes include: - Ensure Member.add_user is not called directly when not necessary - New GroupMember.add_users_to_group to have the same abstraction level as for Project - Refactor Member.add_user to take a source instead of an array of members - Fix Rubocop offenses - Always use Project#add_user instead of project.team.add_user - Factorize users addition as members in Member.add_users_to_source - Make access_level a keyword argument in GroupMember.add_users_to_group and ProjectMember.add_users_to_projects - Destroy any requester before adding them as a member - Improve the way we handle access requesters in Member.add_user Instead of removing the requester and creating a new member, we now simply accepts their access request. This way, they will receive a "access request granted" email. - Fix error that was previously silently ignored - Stop raising when access level is invalid in Member, let Rails validation do their work Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-09-16 15:54:21 +00:00			`access_level,`
Replace optional parameters with keyword arguments. 2016-08-02 18:37:22 +00:00			`current_user: current_user,`
			`expires_at: expires_at`
REpostiry, Team models 2013-01-03 19:09:18 +00:00			`)`
			`end`

Allow Member.add_user to handle access requesters Changes include: - Ensure Member.add_user is not called directly when not necessary - New GroupMember.add_users_to_group to have the same abstraction level as for Project - Refactor Member.add_user to take a source instead of an array of members - Fix Rubocop offenses - Always use Project#add_user instead of project.team.add_user - Factorize users addition as members in Member.add_users_to_source - Make access_level a keyword argument in GroupMember.add_users_to_group and ProjectMember.add_users_to_projects - Destroy any requester before adding them as a member - Improve the way we handle access requesters in Member.add_user Instead of removing the requester and creating a new member, we now simply accepts their access request. This way, they will receive a "access request granted" email. - Fix error that was previously silently ignored - Stop raising when access level is invalid in Member, let Rails validation do their work Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-09-16 15:54:21 +00:00			`def add_user(user, access_level, current_user: nil, expires_at: nil)`
			`ProjectMember.add_user(`
			`project,`
			`user,`
			`access_level,`
			`current_user: current_user,`
			`expires_at: expires_at`
			`)`
Track who created a group or project member. 2015-04-10 12:46:09 +00:00			`end`

REpostiry, Team models 2013-01-03 19:09:18 +00:00			`# Remove all users from project team`
			`def truncate`
Huge replace of old users_project and users_group references Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-09-14 16:32:51 +00:00			`ProjectMember.truncate_team(project)`
REpostiry, Team models 2013-01-03 19:09:18 +00:00			`end`

			`def members`
cache project.team.members 2013-06-22 09:57:05 +00:00			`@members \|\|= fetch_members`
REpostiry, Team models 2013-01-03 19:09:18 +00:00			`end`
Add request access for groups Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-04-18 16:53:32 +00:00			`alias_method :users, :members`
REpostiry, Team models 2013-01-03 19:09:18 +00:00
			`def guests`
Update ProjectTeam#fetch_members to use project authorizations 2016-11-21 14:26:12 +00:00			`@guests \|\|= fetch_members(Gitlab::Access::GUEST)`
REpostiry, Team models 2013-01-03 19:09:18 +00:00			`end`

			`def reporters`
Update ProjectTeam#fetch_members to use project authorizations 2016-11-21 14:26:12 +00:00			`@reporters \|\|= fetch_members(Gitlab::Access::REPORTER)`
REpostiry, Team models 2013-01-03 19:09:18 +00:00			`end`

			`def developers`
Update ProjectTeam#fetch_members to use project authorizations 2016-11-21 14:26:12 +00:00			`@developers \|\|= fetch_members(Gitlab::Access::DEVELOPER)`
REpostiry, Team models 2013-01-03 19:09:18 +00:00			`end`

			`def masters`
Update ProjectTeam#fetch_members to use project authorizations 2016-11-21 14:26:12 +00:00			`@masters \|\|= fetch_members(Gitlab::Access::MASTER)`
REpostiry, Team models 2013-01-03 19:09:18 +00:00			`end`
Continue refactoring. Use repostory and team 2013-01-04 06:43:25 +00:00
Backport relevant changes from EE https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/4827 to CE 2018-03-07 17:01:32 +00:00			`def owners`
			`@owners \|\|=`
			`if group`
			`group.owners`
			`else`
			`[project.owner]`
			`end`
			`end`

Track who created a group or project member. 2015-04-10 12:46:09 +00:00			`def import(source_project, current_user = nil)`
Continue refactoring. Use repostory and team 2013-01-04 06:43:25 +00:00			`target_project = project`

Use `member` instead of `tm`. 2015-03-13 15:23:45 +00:00			`source_members = source_project.project_members.to_a`
Huge replace of old users_project and users_group references Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-09-14 16:32:51 +00:00			`target_user_ids = target_project.project_members.pluck(:user_id)`
Continue refactoring. Use repostory and team 2013-01-04 06:43:25 +00:00
Use `member` instead of `tm`. 2015-03-13 15:23:45 +00:00			`source_members.reject! do \|member\|`
Continue refactoring. Use repostory and team 2013-01-04 06:43:25 +00:00			`# Skip if user already present in team`
Correctly import invited members. 2015-04-10 13:26:53 +00:00			`!member.invite? && target_user_ids.include?(member.user_id)`
Continue refactoring. Use repostory and team 2013-01-04 06:43:25 +00:00			`end`

Use `member` instead of `tm`. 2015-03-13 15:23:45 +00:00			`source_members.map! do \|member\|`
			`new_member = member.dup`
			`new_member.id = nil`
			`new_member.source = target_project`
Track who created a group or project member. 2015-04-10 12:46:09 +00:00			`new_member.created_by = current_user`
Use `member` instead of `tm`. 2015-03-13 15:23:45 +00:00			`new_member`
Continue refactoring. Use repostory and team 2013-01-04 06:43:25 +00:00			`end`

Huge replace of old users_project and users_group references Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-09-14 16:32:51 +00:00			`ProjectMember.transaction do`
Use `member` instead of `tm`. 2015-03-13 15:23:45 +00:00			`source_members.each do \|member\|`
			`member.save`
Continue refactoring. Use repostory and team 2013-01-04 06:43:25 +00:00			`end`
			`end`

			`true`
			`rescue`
			`false`
			`end`
Add UsersGroup relation to be respected by abilities and Project#team 2013-06-17 11:17:32 +00:00
Improve performance of application for large teams This commit fixes a lot of sql queries to db for for groups and projects with big amount of members. Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-04 08:52:17 +00:00			`def guest?(user)`
Use `member` instead of `tm`. 2015-03-13 15:23:45 +00:00			`max_member_access(user.id) == Gitlab::Access::GUEST`
Improve performance of application for large teams This commit fixes a lot of sql queries to db for for groups and projects with big amount of members. Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-04 08:52:17 +00:00			`end`

			`def reporter?(user)`
Use `member` instead of `tm`. 2015-03-13 15:23:45 +00:00			`max_member_access(user.id) == Gitlab::Access::REPORTER`
Improve performance of application for large teams This commit fixes a lot of sql queries to db for for groups and projects with big amount of members. Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-04 08:52:17 +00:00			`end`

			`def developer?(user)`
Use `member` instead of `tm`. 2015-03-13 15:23:45 +00:00			`max_member_access(user.id) == Gitlab::Access::DEVELOPER`
Improve performance of application for large teams This commit fixes a lot of sql queries to db for for groups and projects with big amount of members. Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-04 08:52:17 +00:00			`end`

			`def master?(user)`
Use `member` instead of `tm`. 2015-03-13 15:23:45 +00:00			`max_member_access(user.id) == Gitlab::Access::MASTER`
Fix permission issue with highest access level for group If user was a member of both group and project and group access level was higher it was not respected and user got lowest project access level. Now it is fixed and user get highest access level Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-20 09:54:03 +00:00			`end`

Drop Project#authorized_for_user? in favor of ProjectTeam#member? Closes #23938 2016-11-18 17:15:47 +00:00			# Checks if `user` is authorized for this project, with at least the
			# `min_access_level` (if given).
			`def member?(user, min_access_level = Gitlab::Access::GUEST)`
			`return false unless user`

Eliminate N+1 queries in loading discussions.json endpoint In #37955,we see that the profile had a number of N+1 queries from repeated access to `cross_reference_not_visible_for?`. This was optimized in previous versions of GitLab by rendering all notes at once, counting the number of visible references, and then using that number to check whether a system note should be fully redacted. There was also another N+1 query calling `ProjectTeam#member?`, which did not take advantage of an optimization in prepare_notes_for_rendering that would preload the maximum access level per project. Closes #37955 2017-09-17 06:25:34 +00:00			`max_member_access(user.id) >= min_access_level`
Snippets: public/internal/private 2014-10-08 13:44:25 +00:00			`end`

UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 16:05:06 +00:00			`def human_max_access(user_id)`
WIP: refactor the first-contributor to Issuable this will remove the need make N queries (per-note) at the cost of having to mark notes with an attribute this opens up the possibility for other special roles for notes 2017-07-29 15:04:42 +00:00			`Gitlab::Access.human_access(max_member_access(user_id))`
UI and copywriting improvements + Move 'Edit Project/Group' out of membership-related partial + Show the access request buttons only to logged-in users + Put the request access buttons out of in a more visible button + Improve the copy in the #remove_member_message helper Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-02 16:05:06 +00:00			`end`

Optimize maximum user access level lookup in loading of notes NotesHelper#note_editable? and ProjectTeam#human_max_access currently take about 16% of the load time of an issue page. This MR preloads the maximum access level of users for all notes in issues and merge requests with several queries instead of one per user and caches the result in RequestStore. 2016-07-20 04:52:31 +00:00			`# Determine the maximum access level for a group of users in bulk.`
			`#`
Fix typo in comment 2016-07-27 00:07:51 +00:00			`# Returns a Hash mapping user ID -> maximum access level.`
Optimize maximum user access level lookup in loading of notes NotesHelper#note_editable? and ProjectTeam#human_max_access currently take about 16% of the load time of an issue page. This MR preloads the maximum access level of users for all notes in issues and merge requests with several queries instead of one per user and caches the result in RequestStore. 2016-07-20 04:52:31 +00:00			`def max_member_access_for_user_ids(user_ids)`
Resolve "Display member role per project" 2017-12-07 09:11:41 +00:00			`max_member_access_for_resource_ids(User, user_ids, project.id) do \|user_ids\|`
			`project.project_authorizations`
			`.where(user: user_ids)`
			`.group(:user_id)`
			`.maximum(:access_level)`
Only use RequestStore in ProjectTeam#max_member_access_for_user if it is active 2016-08-01 20:11:45 +00:00			`end`
Optimize maximum user access level lookup in loading of notes NotesHelper#note_editable? and ProjectTeam#human_max_access currently take about 16% of the load time of an issue page. This MR preloads the maximum access level of users for all notes in issues and merge requests with several queries instead of one per user and caches the result in RequestStore. 2016-07-20 04:52:31 +00:00			`end`

			`def max_member_access(user_id)`
Resolve "Display member role per project" 2017-12-07 09:11:41 +00:00			`max_member_access_for_user_ids([user_id])[user_id]`
Allow users to access project shared with their group Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-03-11 17:46:01 +00:00			`end`

Add request access for groups Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-04-18 16:53:32 +00:00			`private`
Allow users to access project shared with their group Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-03-11 17:46:01 +00:00
Add UsersGroup relation to be respected by abilities and Project#team 2013-06-17 11:17:32 +00:00			`def fetch_members(level = nil)`
Update ProjectTeam#fetch_members to use project authorizations 2016-11-21 14:26:12 +00:00			`members = project.authorized_users`
			`members = members.where(project_authorizations: { access_level: level }) if level`
Add UsersGroup relation to be respected by abilities and Project#team 2013-06-17 11:17:32 +00:00
Update ProjectTeam#fetch_members to use project authorizations 2016-11-21 14:26:12 +00:00			`members`
Add UsersGroup relation to be respected by abilities and Project#team 2013-06-17 11:17:32 +00:00			`end`
Project Team now supports a non-group projects 2013-06-17 12:38:19 +00:00
			`def group`
			`project.group`
			`end`
REpostiry, Team models 2013-01-03 19:09:18 +00:00			`end`