cb8a425ba4
There is a race condition in DestroyGroupService now that projects are deleted asynchronously: 1. User attempts to delete group 2. DestroyGroupService iterates through all projects and schedules a Sidekiq job to delete each Project 3. DestroyGroupService destroys the Group, leaving all its projects without a namespace 4. Projects::DestroyService runs later but the can?(current_user, :remove_project) is `false` because the user no longer has permission to destroy projects with no namespace. 5. This leaves the project in pending_delete state with no namespace/group. Projects without a namespace or group also adds another problem: it's not possible to destroy the container registry tags, since container_registry_path_with_namespace is the wrong value. The fix is to destroy the group asynchronously and to run execute directly on Projects::DestroyService. Closes #17893
31 lines
969 B
Ruby
31 lines
969 B
Ruby
class DeleteUserService
|
|
attr_accessor :current_user
|
|
|
|
def initialize(current_user)
|
|
@current_user = current_user
|
|
end
|
|
|
|
def execute(user, options = {})
|
|
if !options[:delete_solo_owned_groups] && user.solo_owned_groups.present?
|
|
user.errors[:base] << 'You must transfer ownership or delete groups before you can remove user'
|
|
return user
|
|
end
|
|
|
|
user.solo_owned_groups.each do |group|
|
|
DestroyGroupService.new(group, current_user).execute
|
|
end
|
|
|
|
user.personal_projects.each do |project|
|
|
# Skip repository removal because we remove directory with namespace
|
|
# that contain all this repositories
|
|
::Projects::DestroyService.new(project, current_user, skip_repo: true).async_execute
|
|
end
|
|
|
|
# Destroy the namespace after destroying the user since certain methods may depend on the namespace existing
|
|
namespace = user.namespace
|
|
user_data = user.destroy
|
|
namespace.really_destroy!
|
|
|
|
user_data
|
|
end
|
|
end
|