gitlab-org--gitlab-foss/app/services/members/destroy_service.rb

# frozen_string_literal: true

module Members
  class DestroyService < Members::BaseService
    def execute(member, skip_authorization: false, skip_subresources: false, unassign_issuables: false, destroy_bot: false)
      raise Gitlab::Access::AccessDeniedError unless skip_authorization || authorized?(member, destroy_bot)

      @skip_auth = skip_authorization

      return member if member.is_a?(GroupMember) && member.source.last_owner?(member.user)

      member.destroy

      member.user&.invalidate_cache_counts

      if member.request? && member.user != current_user
        notification_service.decline_access_request(member)
      end

      delete_subresources(member) unless skip_subresources
      delete_project_invitations_by(member) unless skip_subresources
      enqueue_delete_todos(member)
      enqueue_unassign_issuables(member) if unassign_issuables

      after_execute(member: member)

      member
    end

    private

    def authorized?(member, destroy_bot)
      return can_destroy_bot_member?(member) if destroy_bot

      can_destroy_member?(member)
    end

    def delete_subresources(member)
      return unless member.is_a?(GroupMember) && member.user && member.group

      delete_project_members(member)
      delete_subgroup_members(member)
      delete_invited_members(member)
    end

    def delete_project_members(member)
      groups = member.group.self_and_descendants

      destroy_project_members(ProjectMember.in_namespaces(groups).with_user(member.user))
    end

    def delete_subgroup_members(member)
      groups = member.group.descendants

      destroy_group_members(GroupMember.of_groups(groups).with_user(member.user))
    end

    def delete_invited_members(member)
      groups = member.group.self_and_descendants

      destroy_group_members(GroupMember.of_groups(groups).not_accepted_invitations_by_user(member.user))

      destroy_project_members(ProjectMember.in_namespaces(groups).not_accepted_invitations_by_user(member.user))
    end

    def destroy_project_members(members)
      members.each do |project_member|
        self.class.new(current_user).execute(project_member, skip_authorization: @skip_auth)
      end
    end

    def destroy_group_members(members)
      members.each do |group_member|
        self.class.new(current_user).execute(group_member, skip_authorization: @skip_auth, skip_subresources: true)
      end
    end

    def delete_project_invitations_by(member)
      return unless member.is_a?(ProjectMember) && member.user && member.project

      members_to_delete = member.project.members.not_accepted_invitations_by_user(member.user)
      destroy_project_members(members_to_delete)
    end

    def can_destroy_member?(member)
      can?(current_user, destroy_member_permission(member), member)
    end

    def can_destroy_bot_member?(member)
      can?(current_user, destroy_bot_member_permission(member), member)
    end

    def destroy_member_permission(member)
      case member
      when GroupMember
        :destroy_group_member
      when ProjectMember
        :destroy_project_member
      else
        raise "Unknown member type: #{member}!"
      end
    end

    def destroy_bot_member_permission(member)
      raise "Unsupported bot member type: #{member}" unless member.is_a?(ProjectMember)

      :destroy_project_bot_member
    end

    def enqueue_unassign_issuables(member)
      source_type = member.is_a?(GroupMember) ? 'Group' : 'Project'

      member.run_after_commit_or_now do
        MembersDestroyer::UnassignIssuablesWorker.perform_async(member.user_id, member.source_id, source_type)
      end
    end
  end
end

Members::DestroyService.prepend_mod_with('Members::DestroyService')
Enable more frozen string in app/services/*/.rb Partially addresses #47424. 2018-07-17 12:50:37 -04:00			`# frozen_string_literal: true`

New Members::DestroyService This is to ensure we don't send unwanted notifications when deleting a project. In other words, stop abusing AR callbacks and use services. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 08:06:55 -04:00			`module Members`
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 10:47:08 -04:00			`class DestroyService < Members::BaseService`
Add latest changes from gitlab-org/gitlab@master 2020-07-14 20:09:23 -04:00			`def execute(member, skip_authorization: false, skip_subresources: false, unassign_issuables: false, destroy_bot: false)`
			`raise Gitlab::Access::AccessDeniedError unless skip_authorization \|\| authorized?(member, destroy_bot)`
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 13:31:17 -04:00
Add subresources removal to member destroy service 2018-11-16 10:09:32 -05:00			`@skip_auth = skip_authorization`

Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 09:10:22 -05:00			`return member if member.is_a?(GroupMember) && member.source.last_owner?(member.user)`

Don't delete todos or unassign issues and MRs when a user leaves a project 2018-03-07 14:54:28 -05:00			`member.destroy`
Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 09:10:22 -05:00
Don't delete todos or unassign issues and MRs when a user leaves a project 2018-03-07 14:54:28 -05:00			`member.user&.invalidate_cache_counts`
Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 09:10:22 -05:00
			`if member.request? && member.user != current_user`
			`notification_service.decline_access_request(member)`
			`end`
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 13:31:17 -04:00
Add subresources removal to member destroy service 2018-11-16 10:09:32 -05:00			`delete_subresources(member) unless skip_subresources`
Add latest changes from gitlab-org/gitlab@master 2020-09-02 11:10:54 -04:00			`delete_project_invitations_by(member) unless skip_subresources`
Delete confidential issue todos for guests Fix leaking information of confidential issues on TODOs when user is downgraded to guest access. 2018-12-11 13:15:10 -05:00			`enqueue_delete_todos(member)`
Add latest changes from gitlab-org/gitlab@master 2020-06-23 11:08:41 -04:00			`enqueue_unassign_issuables(member) if unassign_issuables`
Delete todos when users loses target read permissions 2018-07-16 14:30:17 -04:00
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 10:47:08 -04:00			`after_execute(member: member)`
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 13:31:17 -04:00
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 10:47:08 -04:00			`member`
New Members::DestroyService This is to ensure we don't send unwanted notifications when deleting a project. In other words, stop abusing AR callbacks and use services. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 08:06:55 -04:00			`end`
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 13:31:17 -04:00
			`private`

Add latest changes from gitlab-org/gitlab@master 2020-07-14 20:09:23 -04:00			`def authorized?(member, destroy_bot)`
			`return can_destroy_bot_member?(member) if destroy_bot`

			`can_destroy_member?(member)`
			`end`

Add subresources removal to member destroy service 2018-11-16 10:09:32 -05:00			`def delete_subresources(member)`
			`return unless member.is_a?(GroupMember) && member.user && member.group`

			`delete_project_members(member)`
Remove code related to object hierarchy in MySQL These are not required because MySQL is not supported anymore 2019-07-24 05:20:54 -04:00			`delete_subgroup_members(member)`
Add latest changes from gitlab-org/gitlab@master 2020-09-02 11:10:54 -04:00			`delete_invited_members(member)`
Add subresources removal to member destroy service 2018-11-16 10:09:32 -05:00			`end`

			`def delete_project_members(member)`
			`groups = member.group.self_and_descendants`

Add latest changes from gitlab-org/gitlab@master 2020-09-02 11:10:54 -04:00			`destroy_project_members(ProjectMember.in_namespaces(groups).with_user(member.user))`
Add subresources removal to member destroy service 2018-11-16 10:09:32 -05:00			`end`

			`def delete_subgroup_members(member)`
			`groups = member.group.descendants`

Add latest changes from gitlab-org/gitlab@master 2020-09-02 11:10:54 -04:00			`destroy_group_members(GroupMember.of_groups(groups).with_user(member.user))`
			`end`

			`def delete_invited_members(member)`
			`groups = member.group.self_and_descendants`

			`destroy_group_members(GroupMember.of_groups(groups).not_accepted_invitations_by_user(member.user))`

			`destroy_project_members(ProjectMember.in_namespaces(groups).not_accepted_invitations_by_user(member.user))`
			`end`

			`def destroy_project_members(members)`
			`members.each do \|project_member\|`
			`self.class.new(current_user).execute(project_member, skip_authorization: @skip_auth)`
			`end`
			`end`

			`def destroy_group_members(members)`
			`members.each do \|group_member\|`
Add subresources removal to member destroy service 2018-11-16 10:09:32 -05:00			`self.class.new(current_user).execute(group_member, skip_authorization: @skip_auth, skip_subresources: true)`
			`end`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-09-02 11:10:54 -04:00
			`def delete_project_invitations_by(member)`
			`return unless member.is_a?(ProjectMember) && member.user && member.project`

			`members_to_delete = member.project.members.not_accepted_invitations_by_user(member.user)`
			`destroy_project_members(members_to_delete)`
			`end`
Add subresources removal to member destroy service 2018-11-16 10:09:32 -05:00
Invert method's naming Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-09-16 07:37:21 -04:00			`def can_destroy_member?(member)`
Improve Member services Signed-off-by: Rémy Coutable <remy@rymai.me> 2018-02-16 09:10:22 -05:00			`can?(current_user, destroy_member_permission(member), member)`
Refactor member view by using presenter - Create MemberPresenter alongside with GroupMemberPresenter and ProjectMemberPresenter - Make Member model Presentable - Move action_member_permission from MembersHelper into the MemberPresenter - Added rspec using double, separate specs for GroupMemberPresenter and ProjectMemberPresenter Fixes #28004. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-03-02 01:01:02 -05:00			`end`

Add latest changes from gitlab-org/gitlab@master 2020-07-14 20:09:23 -04:00			`def can_destroy_bot_member?(member)`
			`can?(current_user, destroy_bot_member_permission(member), member)`
			`end`

Refactor member view by using presenter - Create MemberPresenter alongside with GroupMemberPresenter and ProjectMemberPresenter - Make Member model Presentable - Move action_member_permission from MembersHelper into the MemberPresenter - Added rspec using double, separate specs for GroupMemberPresenter and ProjectMemberPresenter Fixes #28004. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-03-02 01:01:02 -05:00			`def destroy_member_permission(member)`
			`case member`
			`when GroupMember`
			`:destroy_group_member`
			`when ProjectMember`
			`:destroy_project_member`
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 10:47:08 -04:00			`else`
			`raise "Unknown member type: #{member}!"`
Refactor member view by using presenter - Create MemberPresenter alongside with GroupMemberPresenter and ProjectMemberPresenter - Make Member model Presentable - Move action_member_permission from MembersHelper into the MemberPresenter - Added rspec using double, separate specs for GroupMemberPresenter and ProjectMemberPresenter Fixes #28004. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-03-02 01:01:02 -05:00			`end`
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 13:31:17 -04:00			`end`
Add latest changes from gitlab-org/gitlab@master 2020-06-23 11:08:41 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-07-14 20:09:23 -04:00			`def destroy_bot_member_permission(member)`
			`raise "Unsupported bot member type: #{member}" unless member.is_a?(ProjectMember)`

			`:destroy_project_bot_member`
			`end`

Add latest changes from gitlab-org/gitlab@master 2020-06-23 11:08:41 -04:00			`def enqueue_unassign_issuables(member)`
			`source_type = member.is_a?(GroupMember) ? 'Group' : 'Project'`

Add latest changes from gitlab-org/gitlab@master 2020-07-13 08:09:18 -04:00			`member.run_after_commit_or_now do`
Add latest changes from gitlab-org/gitlab@master 2020-07-10 14:09:45 -04:00			`MembersDestroyer::UnassignIssuablesWorker.perform_async(member.user_id, member.source_id, source_type)`
Add latest changes from gitlab-org/gitlab@master 2020-06-23 11:08:41 -04:00			`end`
			`end`
New Members::DestroyService This is to ensure we don't send unwanted notifications when deleting a project. In other words, stop abusing AR callbacks and use services. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 08:06:55 -04:00			`end`
			`end`
Add latest changes from gitlab-org/gitlab@master 2019-09-13 09:26:31 -04:00
Add latest changes from gitlab-org/gitlab@master 2021-05-11 17:10:21 -04:00			`Members::DestroyService.prepend_mod_with('Members::DestroyService')`