# frozen_string_literal: true class IssuableBaseService < ::BaseProjectService private def self.constructor_container_arg(value) # TODO: Dynamically determining the type of a constructor arg based on the class is an antipattern, # but the root cause is that Epics::BaseService has some issues that inheritance may not be the # appropriate pattern. See more details in comments at the top of Epics::BaseService#initialize. # Follow on issue to address this: # https://gitlab.com/gitlab-org/gitlab/-/issues/328438 { project: value } end attr_accessor :params, :skip_milestone_email def initialize(project:, current_user: nil, params: {}) super @skip_milestone_email = @params.delete(:skip_milestone_email) end def can_admin_issuable?(issuable) ability_name = :"admin_#{issuable.to_ability_name}" can?(current_user, ability_name, issuable) end def can_set_issuable_metadata?(issuable) ability_name = :"set_#{issuable.to_ability_name}_metadata" can?(current_user, ability_name, issuable) end def filter_params(issuable) unless can_set_issuable_metadata?(issuable) params.delete(:milestone) params.delete(:milestone_id) params.delete(:labels) params.delete(:add_label_ids) params.delete(:add_labels) params.delete(:remove_label_ids) params.delete(:remove_labels) params.delete(:label_ids) params.delete(:assignee_ids) params.delete(:assignee_id) params.delete(:add_assignee_ids) params.delete(:remove_assignee_ids) params.delete(:due_date) params.delete(:canonical_issue_id) params.delete(:project) params.delete(:discussion_locked) end # confidential attribute is a special type of metadata and needs to be allowed to be set # by non-members on issues in public projects so that security issues can be reported as confidential. params.delete(:confidential) unless can?(current_user, :set_confidentiality, issuable) params.delete(:add_contacts) unless can?(current_user, :set_issue_crm_contacts, issuable) params.delete(:remove_contacts) unless can?(current_user, :set_issue_crm_contacts, issuable) filter_assignees(issuable) filter_milestone filter_labels filter_severity(issuable) filter_escalation_status(issuable) end def filter_assignees(issuable) filter_assignees_using_checks(issuable, :assignee_ids) filter_assignees_using_checks(issuable, :add_assignee_ids) filter_assignees_using_checks(issuable, :remove_assignee_ids) end def filter_assignees_using_checks(issuable, id_key) return if params[id_key].blank? unless issuable.allows_multiple_assignees? params[id_key] = params[id_key].first(1) end assignee_ids = params[id_key].select { |assignee_id| user_can_read?(issuable, assignee_id) } if params[id_key].map(&:to_s) == [IssuableFinder::Params::NONE] params[id_key] = [] elsif assignee_ids.any? params[id_key] = assignee_ids else params.delete(id_key) end end def user_can_read?(issuable, user_id) user = User.find_by_id(user_id) return false unless user ability_name = :"read_#{issuable.to_ability_name}" resource = issuable.persisted? ? issuable : project can?(user, ability_name, resource) end def filter_milestone milestone_id = params[:milestone_id] return unless milestone_id params[:milestone_id] = '' if milestone_id == IssuableFinder::Params::NONE groups = project.group&.self_and_ancestors&.select(:id) milestone = Milestone.for_projects_and_groups([project.id], groups).find_by_id(milestone_id) params[:milestone_id] = '' unless milestone end def filter_labels label_ids_to_filter(:add_label_ids, :add_labels, false) label_ids_to_filter(:remove_label_ids, :remove_labels, true) label_ids_to_filter(:label_ids, :labels, false) end def label_ids_to_filter(label_id_key, label_key, find_only) if params[label_id_key] params[label_id_key] = labels_service.filter_labels_ids_in_param(label_id_key) elsif params[label_key] params[label_id_key] = labels_service.find_or_create_by_titles(label_key, find_only: find_only).map(&:id) end params.delete(label_key) if params[label_key].nil? end def labels_service @labels_service ||= ::Labels::AvailableLabelsService.new(current_user, parent, params) end def filter_severity(issuable) severity = params.delete(:severity) return unless severity && issuable.supports_severity? return unless can_admin_issuable?(issuable) severity = IssuableSeverity::DEFAULT unless IssuableSeverity.severities.key?(severity) return if severity == issuable.severity params[:issuable_severity_attributes] = { severity: severity } end def filter_escalation_status(issuable) status_params = params.delete(:escalation_status) || {} status_params.permit! if status_params.respond_to?(:permit!) result = ::IncidentManagement::IssuableEscalationStatuses::PrepareUpdateService.new( issuable, current_user, status_params ).execute return unless result.success? && result[:escalation_status].present? params[:incident_management_issuable_escalation_status_attributes] = result[:escalation_status] end def process_label_ids(attributes, existing_label_ids: nil, extra_label_ids: []) label_ids = attributes.delete(:label_ids) add_label_ids = attributes.delete(:add_label_ids) remove_label_ids = attributes.delete(:remove_label_ids) new_label_ids = label_ids || existing_label_ids || [] new_label_ids |= extra_label_ids new_label_ids |= add_label_ids if add_label_ids new_label_ids -= remove_label_ids if remove_label_ids new_label_ids.uniq end def process_assignee_ids(attributes, existing_assignee_ids: nil, extra_assignee_ids: []) process = Issuable::ProcessAssignees.new(assignee_ids: attributes.delete(:assignee_ids), add_assignee_ids: attributes.delete(:add_assignee_ids), remove_assignee_ids: attributes.delete(:remove_assignee_ids), existing_assignee_ids: existing_assignee_ids, extra_assignee_ids: extra_assignee_ids) process.execute end def handle_quick_actions(issuable) merge_quick_actions_into_params!(issuable) end def merge_quick_actions_into_params!(issuable, only: nil) original_description = params.fetch(:description, issuable.description) description, command_params = QuickActions::InterpretService.new(project, current_user, quick_action_options) .execute(original_description, issuable, only: only) # Avoid a description already set on an issuable to be overwritten by a nil params[:description] = description if description && description != original_description params.merge!(command_params) end def quick_action_options {} end def create(issuable, skip_system_notes: false) handle_quick_actions(issuable) filter_params(issuable) params.delete(:state_event) params[:author] ||= current_user params[:label_ids] = process_label_ids(params, extra_label_ids: issuable.label_ids.to_a) if issuable.respond_to?(:assignee_ids) params[:assignee_ids] = process_assignee_ids(params, extra_assignee_ids: issuable.assignee_ids.to_a) end params.delete(:remove_contacts) add_crm_contact_emails = params.delete(:add_contacts) issuable.assign_attributes(allowed_create_params(params)) before_create(issuable) issuable_saved = issuable.with_transaction_returning_status do transaction_create(issuable) end if issuable_saved create_system_notes(issuable, is_update: false) unless skip_system_notes handle_changes(issuable, { params: params }) after_create(issuable) set_crm_contacts(issuable, add_crm_contact_emails) execute_hooks(issuable) users_to_invalidate = issuable.allows_reviewers? ? issuable.assignees | issuable.reviewers : issuable.assignees invalidate_cache_counts(issuable, users: users_to_invalidate) issuable.update_project_counter_caches end issuable end def set_crm_contacts(issuable, add_crm_contact_emails, remove_crm_contact_emails = []) return unless add_crm_contact_emails.present? || remove_crm_contact_emails.present? ::Issues::SetCrmContactsService.new(project: project, current_user: current_user, params: { add_emails: add_crm_contact_emails, remove_emails: remove_crm_contact_emails }).execute(issuable) end def before_create(issuable) # To be overridden by subclasses end def after_create(issuable) # To be overridden by subclasses end def before_update(issuable, skip_spam_check: false) # To be overridden by subclasses end def prepare_update_params(issuable) # To be overridden by subclasses end def after_update(issuable, old_associations) handle_description_updated(issuable) handle_label_changes(issuable, old_associations[:labels]) end def handle_description_updated(issuable) return unless issuable.previous_changes.include?('description') GraphqlTriggers.issuable_description_updated(issuable) end def update(issuable) prepare_update_params(issuable) handle_quick_actions(issuable) filter_params(issuable) change_additional_attributes(issuable) old_associations = associations_before_update(issuable) assign_requested_labels(issuable) assign_requested_assignees(issuable) assign_requested_crm_contacts(issuable) widget_params = filter_widget_params if issuable.changed? || params.present? || widget_params.present? issuable.assign_attributes(allowed_update_params(params)) if issuable.description_changed? issuable.assign_attributes(last_edited_at: Time.current, last_edited_by: current_user) end before_update(issuable) # Do not touch when saving the issuable if only changes position within a list. We should call # this method at this point to capture all possible changes. should_touch = update_timestamp?(issuable) issuable.updated_by = current_user if should_touch # We have to perform this check before saving the issuable as Rails resets # the changed fields upon calling #save. update_project_counters = issuable.project && update_project_counter_caches?(issuable) ensure_milestone_available(issuable) issuable_saved = issuable.with_transaction_returning_status do transaction_update(issuable, { save_with_touch: should_touch }) end if issuable_saved create_system_notes( issuable, old_labels: old_associations[:labels], old_milestone: old_associations[:milestone] ) handle_changes(issuable, old_associations: old_associations, params: params) new_assignees = issuable.assignees.to_a affected_assignees = (old_associations[:assignees] + new_assignees) - (old_associations[:assignees] & new_assignees) invalidate_cache_counts(issuable, users: affected_assignees.compact) after_update(issuable, old_associations) issuable.create_new_cross_references!(current_user) execute_hooks( issuable, 'update', old_associations: old_associations ) issuable.update_project_counter_caches if update_project_counters end end issuable end def transaction_update(issuable, opts = {}) touch = opts[:save_with_touch] || false issuable.save(touch: touch) end def transaction_create(issuable) issuable.save end def update_task(issuable) filter_params(issuable) if issuable.changed? || params.present? issuable.assign_attributes(params.merge(updated_by: current_user, last_edited_at: Time.current, last_edited_by: current_user)) before_update(issuable, skip_spam_check: true) if issuable.with_transaction_returning_status { issuable.save } create_system_notes(issuable, old_labels: nil) handle_task_changes(issuable) invalidate_cache_counts(issuable, users: issuable.assignees.to_a) # not passing old_associations here to keep `update_task` as fast as possible after_update(issuable, {}) execute_hooks(issuable, 'update', old_associations: nil) if issuable.is_a?(MergeRequest) Gitlab::UsageDataCounters::MergeRequestActivityUniqueCounter .track_task_item_status_changed(user: current_user) end end end issuable end # Handle the `update_task` event sent from UI. Attempts to update a specific # line in the markdown and cached html, bypassing any unnecessary updates or checks. def update_task_event(issuable) update_task_params = params.delete(:update_task) return unless update_task_params tasklist_toggler = TaskListToggleService.new(issuable.description, issuable.description_html, line_source: update_task_params[:line_source], line_number: update_task_params[:line_number].to_i, toggle_as_checked: update_task_params[:checked]) unless tasklist_toggler.execute # if we make it here, the data is much newer than we thought it was - fail fast raise ActiveRecord::StaleObjectError end # by updating the description_html field at the same time, # the markdown cache won't be considered invalid params[:description] = tasklist_toggler.updated_markdown params[:description_html] = tasklist_toggler.updated_markdown_html # since we're updating a very specific line, we don't care whether # the `lock_version` sent from the FE is the same or not. Just # make sure the data hasn't changed since we queried it params[:lock_version] = issuable.lock_version update_task(issuable) end def change_additional_attributes(issuable) change_state(issuable) change_subscription(issuable) change_todo(issuable) toggle_award(issuable) end def change_state(issuable) case params.delete(:state_event) when 'reopen' service_class = reopen_service when 'close' service_class = close_service end if service_class service_class.new(**service_class.constructor_container_arg(project), current_user: current_user).execute(issuable) end end def change_subscription(issuable) case params.delete(:subscription_event) when 'subscribe' issuable.subscribe(current_user, project) when 'unsubscribe' issuable.unsubscribe(current_user, project) end end # rubocop: disable CodeReuse/ActiveRecord def change_todo(issuable) case params.delete(:todo_event) when 'add' todo_service.mark_todo(issuable, current_user) when 'done' todo = TodosFinder.new(current_user).find_by(target: issuable) todo_service.resolve_todo(todo, current_user) if todo end end # rubocop: enable CodeReuse/ActiveRecord def assign_requested_labels(issuable) label_ids = process_label_ids(params, existing_label_ids: issuable.label_ids) return unless ids_changing?(issuable.label_ids, label_ids) params[:label_ids] = label_ids issuable.touch end def assign_requested_crm_contacts(issuable) add_crm_contact_emails = params.delete(:add_contacts) remove_crm_contact_emails = params.delete(:remove_contacts) set_crm_contacts(issuable, add_crm_contact_emails, remove_crm_contact_emails) end def assign_requested_assignees(issuable) return if issuable.is_a?(Epic) assignee_ids = process_assignee_ids(params, existing_assignee_ids: issuable.assignee_ids) if ids_changing?(issuable.assignee_ids, assignee_ids) params[:assignee_ids] = assignee_ids issuable.touch end end # Arrays of ids are used, but we should really use sets of ids, so # let's have an helper to properly check if some ids are changing def ids_changing?(old_array, new_array) old_array.sort != new_array.sort end def toggle_award(issuable) award = params.delete(:emoji_award) AwardEmojis::ToggleService.new(issuable, award, current_user).execute if award end def create_system_notes(issuable, **options) Issuable::CommonSystemNotesService.new(project: project, current_user: current_user).execute(issuable, **options) end def associations_before_update(issuable) associations = { labels: issuable.labels.to_a, mentioned_users: issuable.mentioned_users(current_user).to_a, assignees: issuable.assignees.to_a, milestone: issuable.try(:milestone) } associations[:total_time_spent] = issuable.total_time_spent if issuable.respond_to?(:total_time_spent) associations[:time_change] = issuable.time_change if issuable.respond_to?(:time_change) associations[:description] = issuable.description associations[:reviewers] = issuable.reviewers.to_a if issuable.allows_reviewers? associations[:severity] = issuable.severity if issuable.supports_severity? if issuable.supports_escalation? && issuable.escalation_status associations[:escalation_status] = issuable.escalation_status.status_name end associations end def handle_move_between_ids(issuable_position) return unless params[:move_between_ids] before_id, after_id = params.delete(:move_between_ids) positioning_scope = issuable_position.class.relative_positioning_query_base(issuable_position) issuable_before = issuable_for_positioning(before_id, positioning_scope) issuable_after = issuable_for_positioning(after_id, positioning_scope) raise ActiveRecord::RecordNotFound unless issuable_before || issuable_after issuable_position.move_between(issuable_before, issuable_after) end def has_changes?(issuable, old_labels: [], old_assignees: [], old_reviewers: []) valid_attrs = [:title, :description, :assignee_ids, :reviewer_ids, :milestone_id, :target_branch] attrs_changed = valid_attrs.any? do |attr| issuable.previous_changes.include?(attr.to_s) end labels_changed = issuable.labels != old_labels assignees_changed = issuable.assignees != old_assignees reviewers_changed = issuable.reviewers != old_reviewers if issuable.allows_reviewers? attrs_changed || labels_changed || assignees_changed || reviewers_changed end def has_label_changes?(issuable, old_labels) return false if old_labels.nil? Set.new(issuable.labels) != Set.new(old_labels) end def invalidate_cache_counts(issuable, users: []) users.each do |user| user.public_send("invalidate_#{issuable.noteable_target_type_name}_cache_counts") # rubocop:disable GitlabSecurity/PublicSend end end # override if needed def handle_label_changes(issuable, old_labels) return false unless has_label_changes?(issuable, old_labels) # reset to preserve the label sort order (title ASC) issuable.labels.reset GraphqlTriggers.issuable_labels_updated(issuable) # return true here to avoid checking for label changes in sub classes true end # override if needed def handle_changes(issuable, options) end # override if needed def handle_task_changes(issuable) end # override if needed def execute_hooks(issuable, action = 'open', params = {}) end def update_project_counter_caches?(issuable) issuable.state_id_changed? end def parent project end # we need to check this because milestone from milestone_id param is displayed on "new" page # where private project milestone could leak without this check def ensure_milestone_available(issuable) return unless issuable.supports_milestone? && issuable.milestone_id.present? issuable.milestone_id = nil unless issuable.milestone_available? end def update_timestamp?(issuable) issuable.changes.keys != ["relative_position"] end def allowed_create_params(params) params end def allowed_update_params(params) params end def update_issuable_sla(issuable) return unless issuable_sla = issuable.issuable_sla issuable_sla.update(issuable_closed: issuable.closed?) end def filter_widget_params params.delete(:widget_params) end end IssuableBaseService.prepend_mod_with('IssuableBaseService')