2018-08-11 03:00:39 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2018-07-16 14:30:17 -04:00
|
|
|
module Todos
|
|
|
|
module Destroy
|
|
|
|
class EntityLeaveService < ::Todos::Destroy::BaseService
|
|
|
|
extend ::Gitlab::Utils::Override
|
|
|
|
|
2018-08-06 04:42:51 -04:00
|
|
|
attr_reader :user, :entity
|
2018-07-16 14:30:17 -04:00
|
|
|
|
|
|
|
def initialize(user_id, entity_id, entity_type)
|
|
|
|
unless %w(Group Project).include?(entity_type)
|
2021-05-04 11:10:36 -04:00
|
|
|
raise ArgumentError, "#{entity_type} is not an entity user can leave"
|
2018-07-16 14:30:17 -04:00
|
|
|
end
|
|
|
|
|
2020-10-12 14:08:31 -04:00
|
|
|
@user = UserFinder.new(user_id).find_by_id
|
|
|
|
@entity = entity_type.constantize.find_by(id: entity_id) # rubocop: disable CodeReuse/ActiveRecord
|
2018-07-16 14:30:17 -04:00
|
|
|
end
|
|
|
|
|
2018-08-06 04:42:51 -04:00
|
|
|
def execute
|
|
|
|
return unless entity && user
|
|
|
|
|
|
|
|
# if at least reporter, all entities including confidential issues can be accessed
|
2018-08-06 05:05:44 -04:00
|
|
|
return if user_has_reporter_access?
|
2018-08-06 04:42:51 -04:00
|
|
|
|
2020-12-07 16:10:08 -05:00
|
|
|
remove_confidential_resource_todos
|
2018-07-16 14:30:17 -04:00
|
|
|
|
|
|
|
if entity.private?
|
2018-08-06 04:42:51 -04:00
|
|
|
remove_project_todos
|
|
|
|
remove_group_todos
|
2018-07-16 14:30:17 -04:00
|
|
|
else
|
2018-08-06 04:42:51 -04:00
|
|
|
enqueue_private_features_worker
|
|
|
|
end
|
|
|
|
end
|
2018-07-27 05:28:17 -04:00
|
|
|
|
2018-08-06 04:42:51 -04:00
|
|
|
private
|
|
|
|
|
|
|
|
def enqueue_private_features_worker
|
2019-04-29 09:42:16 -04:00
|
|
|
projects.each do |project|
|
|
|
|
TodosDestroyer::PrivateFeaturesWorker.perform_async(project.id, user.id)
|
2018-07-16 14:30:17 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-12-07 16:10:08 -05:00
|
|
|
def remove_confidential_resource_todos
|
2020-10-12 14:08:31 -04:00
|
|
|
Todo
|
|
|
|
.for_target(confidential_issues.select(:id))
|
|
|
|
.for_type(Issue.name)
|
|
|
|
.for_user(user)
|
|
|
|
.delete_all
|
2018-08-06 04:42:51 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def remove_project_todos
|
2020-10-01 14:10:20 -04:00
|
|
|
# Issues are viewable by guests (even in private projects), so remove those todos
|
|
|
|
# from projects without guest access
|
2020-10-12 14:08:31 -04:00
|
|
|
Todo
|
|
|
|
.for_project(non_authorized_guest_projects)
|
|
|
|
.for_user(user)
|
2020-10-01 14:10:20 -04:00
|
|
|
.delete_all
|
|
|
|
|
|
|
|
# MRs require reporter access, so remove those todos that are not authorized
|
2020-10-12 14:08:31 -04:00
|
|
|
Todo
|
|
|
|
.for_project(non_authorized_reporter_projects)
|
|
|
|
.for_type(MergeRequest.name)
|
|
|
|
.for_user(user)
|
2020-10-01 14:10:20 -04:00
|
|
|
.delete_all
|
2018-08-06 04:42:51 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def remove_group_todos
|
2021-03-19 05:08:53 -04:00
|
|
|
return unless entity.is_a?(Namespace)
|
|
|
|
|
2020-10-12 14:08:31 -04:00
|
|
|
Todo
|
2021-03-19 05:08:53 -04:00
|
|
|
.for_group(non_authorized_non_public_groups)
|
2020-10-12 14:08:31 -04:00
|
|
|
.for_user(user)
|
|
|
|
.delete_all
|
2018-08-06 04:42:51 -04:00
|
|
|
end
|
|
|
|
|
2019-04-29 09:42:16 -04:00
|
|
|
def projects
|
2018-08-06 04:42:51 -04:00
|
|
|
condition = case entity
|
|
|
|
when Project
|
|
|
|
{ id: entity.id }
|
|
|
|
when Namespace
|
2020-10-01 14:10:20 -04:00
|
|
|
{ namespace_id: non_authorized_reporter_groups }
|
2018-08-06 04:42:51 -04:00
|
|
|
end
|
|
|
|
|
2020-10-12 14:08:31 -04:00
|
|
|
Project.where(condition) # rubocop: disable CodeReuse/ActiveRecord
|
2018-08-02 10:16:58 -04:00
|
|
|
end
|
|
|
|
|
2020-10-01 14:10:20 -04:00
|
|
|
def authorized_reporter_projects
|
|
|
|
user.authorized_projects(Gitlab::Access::REPORTER).select(:id)
|
|
|
|
end
|
|
|
|
|
|
|
|
def authorized_guest_projects
|
|
|
|
user.authorized_projects(Gitlab::Access::GUEST).select(:id)
|
|
|
|
end
|
|
|
|
|
|
|
|
def non_authorized_reporter_projects
|
2020-10-12 14:08:31 -04:00
|
|
|
projects.id_not_in(authorized_reporter_projects)
|
2020-10-01 14:10:20 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def non_authorized_guest_projects
|
2020-10-12 14:08:31 -04:00
|
|
|
projects.id_not_in(authorized_guest_projects)
|
2020-10-01 14:10:20 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def authorized_reporter_groups
|
|
|
|
GroupsFinder.new(user, min_access_level: Gitlab::Access::REPORTER).execute.select(:id)
|
2018-07-16 14:30:17 -04:00
|
|
|
end
|
|
|
|
|
2021-03-19 05:08:53 -04:00
|
|
|
# since the entity is a private group, we can assume all subgroups are also
|
|
|
|
# private. We can therefore limit GroupsFinder with `all_available: false`.
|
|
|
|
# Otherwise it tries to include all public groups. This generates an expensive
|
|
|
|
# SQL queries: https://gitlab.com/gitlab-org/gitlab/-/issues/325133
|
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
|
|
|
def non_authorized_non_public_groups
|
2018-08-06 04:42:51 -04:00
|
|
|
return [] unless entity.is_a?(Namespace)
|
2021-03-19 05:08:53 -04:00
|
|
|
return [] unless entity.private?
|
2018-08-06 04:42:51 -04:00
|
|
|
|
|
|
|
entity.self_and_descendants.select(:id)
|
2021-03-19 05:08:53 -04:00
|
|
|
.id_not_in(GroupsFinder.new(user, all_available: false).execute.select(:id).reorder(nil))
|
2018-08-06 04:42:51 -04:00
|
|
|
end
|
2021-03-19 05:08:53 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2018-08-06 04:42:51 -04:00
|
|
|
|
2020-10-01 14:10:20 -04:00
|
|
|
def non_authorized_reporter_groups
|
2018-08-06 04:42:51 -04:00
|
|
|
entity.self_and_descendants.select(:id)
|
2020-10-12 14:08:31 -04:00
|
|
|
.id_not_in(authorized_reporter_groups)
|
2018-08-06 04:42:51 -04:00
|
|
|
end
|
|
|
|
|
2018-08-06 05:05:44 -04:00
|
|
|
def user_has_reporter_access?
|
2018-08-06 04:42:51 -04:00
|
|
|
return unless entity.is_a?(Namespace)
|
|
|
|
|
|
|
|
entity.member?(User.find(user.id), Gitlab::Access::REPORTER)
|
2018-07-16 14:30:17 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def confidential_issues
|
2020-10-12 14:08:31 -04:00
|
|
|
assigned_ids = IssueAssignee.select(:issue_id).for_assignee(user)
|
2018-07-26 10:53:50 -04:00
|
|
|
|
2020-10-12 14:08:31 -04:00
|
|
|
Issue
|
|
|
|
.in_projects(projects)
|
|
|
|
.confidential_only
|
|
|
|
.not_in_projects(authorized_reporter_projects)
|
|
|
|
.not_authored_by(user)
|
|
|
|
.id_not_in(assigned_ids)
|
2018-07-16 14:30:17 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2020-12-07 16:10:08 -05:00
|
|
|
|
2021-05-11 17:10:21 -04:00
|
|
|
Todos::Destroy::EntityLeaveService.prepend_mod_with('Todos::Destroy::EntityLeaveService')
|