debian-mirror-gitlab/app/services/members/creator_service.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

272 lines
7.5 KiB
Ruby
Raw Normal View History

2021-09-30 23:02:18 +05:30
# frozen_string_literal: true
module Members
# This class serves as more of an app-wide way we add/create members
# All roads to add members should take this path.
class CreatorService
class << self
def parsed_access_level(access_level)
access_levels.fetch(access_level) { access_level.to_i }
end
def access_levels
2022-06-21 17:19:12 +05:30
Gitlab::Access.sym_options_with_owner
2021-09-30 23:02:18 +05:30
end
2022-07-23 23:45:48 +05:30
2022-08-13 15:12:31 +05:30
def add_members( # rubocop:disable Metrics/ParameterLists
2022-07-23 23:45:48 +05:30
source,
2022-08-13 15:12:31 +05:30
invitees,
2022-07-23 23:45:48 +05:30
access_level,
current_user: nil,
expires_at: nil,
tasks_to_be_done: [],
tasks_project_id: nil,
ldap: nil,
blocking_refresh: nil
)
2022-08-13 15:12:31 +05:30
return [] unless invitees.present?
2022-07-23 23:45:48 +05:30
# If this user is attempting to manage Owner members and doesn't have permission, do not allow
return [] if managing_owners?(current_user, access_level) && cannot_manage_owners?(source, current_user)
2022-08-13 15:12:31 +05:30
emails, users, existing_members = parse_users_list(source, invitees)
2022-07-23 23:45:48 +05:30
Member.transaction do
2022-08-13 15:12:31 +05:30
common_arguments = {
source: source,
access_level: access_level,
existing_members: existing_members,
current_user: current_user,
expires_at: expires_at,
tasks_to_be_done: tasks_to_be_done,
tasks_project_id: tasks_project_id,
ldap: ldap,
blocking_refresh: blocking_refresh
}
members = emails.map do |email|
new(invitee: email, builder: InviteMemberBuilder, **common_arguments).execute
2022-07-23 23:45:48 +05:30
end
2022-08-13 15:12:31 +05:30
members += users.map do |user|
new(invitee: user, **common_arguments).execute
end
members
2022-07-23 23:45:48 +05:30
end
end
2022-08-13 15:12:31 +05:30
def add_member( # rubocop:disable Metrics/ParameterLists
2022-07-23 23:45:48 +05:30
source,
2022-08-13 15:12:31 +05:30
invitee,
2022-07-23 23:45:48 +05:30
access_level,
current_user: nil,
expires_at: nil,
ldap: nil,
blocking_refresh: nil
)
2022-08-13 15:12:31 +05:30
add_members(source,
[invitee],
2022-07-23 23:45:48 +05:30
access_level,
current_user: current_user,
expires_at: expires_at,
ldap: ldap,
blocking_refresh: blocking_refresh).first
end
private
def managing_owners?(current_user, access_level)
current_user && Gitlab::Access.sym_options_with_owner[access_level] == Gitlab::Access::OWNER
end
def parse_users_list(source, list)
emails = []
user_ids = []
users = []
existing_members = {}
list.each do |item|
case item
when User
users << item
when Integer
user_ids << item
when /\A\d+\Z/
user_ids << item.to_i
when Devise.email_regexp
emails << item
end
end
# the below will automatically discard invalid user_ids
users.concat(User.id_in(user_ids)) if user_ids.present?
# de-duplicate just in case as there is no controlling if user records and ids are sent multiple times
users.uniq!
users_by_emails = source.users_by_emails(emails) # preloads our request store for all emails
# in case emails belong to a user that is being invited by user or user_id, remove them from
# emails and let users/user_ids handle it.
parsed_emails = emails.select do |email|
user = users_by_emails[email]
!user || (users.exclude?(user) && user_ids.exclude?(user.id))
end
if users.present? || users_by_emails.present?
# helps not have to perform another query per user id to see if the member exists later on when fetching
existing_members = source.members_and_requesters.with_user(users + users_by_emails.values).index_by(&:user_id)
end
[parsed_emails, users, existing_members]
end
2021-09-30 23:02:18 +05:30
end
2022-08-13 15:12:31 +05:30
def initialize(invitee:, builder: StandardMemberBuilder, **args)
@invitee = invitee
@builder = builder
2021-09-30 23:02:18 +05:30
@args = args
2022-08-13 15:12:31 +05:30
@access_level = self.class.parsed_access_level(args[:access_level])
2021-09-30 23:02:18 +05:30
end
2022-07-23 23:45:48 +05:30
private_class_method :new
2021-09-30 23:02:18 +05:30
def execute
find_or_build_member
2022-06-21 17:19:12 +05:30
commit_member
2022-07-23 23:45:48 +05:30
after_commit_tasks
2021-09-30 23:02:18 +05:30
member
end
private
2022-06-21 17:19:12 +05:30
delegate :new_record?, to: :member
2022-08-13 15:12:31 +05:30
attr_reader :invitee, :access_level, :member, :args, :builder
2021-09-30 23:02:18 +05:30
2022-06-21 17:19:12 +05:30
def assign_member_attributes
2021-09-30 23:02:18 +05:30
member.attributes = member_attributes
2022-06-21 17:19:12 +05:30
end
2021-09-30 23:02:18 +05:30
2022-06-21 17:19:12 +05:30
def commit_member
if can_commit_member?
assign_member_attributes
commit_changes
2021-09-30 23:02:18 +05:30
else
2022-06-21 17:19:12 +05:30
add_commit_error
2021-09-30 23:02:18 +05:30
end
end
2022-06-21 17:19:12 +05:30
def can_commit_member?
2021-09-30 23:02:18 +05:30
# There is no current user for bulk actions, in which case anything is allowed
2022-06-21 17:19:12 +05:30
return true if skip_authorization?
if new_record?
can_create_new_member?
else
can_update_existing_member?
end
end
def can_create_new_member?
raise NotImplementedError
end
def can_update_existing_member?
raise NotImplementedError
2021-09-30 23:02:18 +05:30
end
# Populates the attributes of a member.
#
# This logic resides in a separate method so that EE can extend this logic,
2022-08-13 15:12:31 +05:30
# without having to patch the `add_members` method directly.
2021-09-30 23:02:18 +05:30
def member_attributes
{
created_by: member.created_by || current_user,
access_level: access_level,
expires_at: args[:expires_at]
}
end
2022-06-21 17:19:12 +05:30
def commit_changes
if member.request?
approve_request
2022-08-13 15:12:31 +05:30
elsif member.changed?
2022-07-16 23:28:13 +05:30
# Calling #save triggers callbacks even if there is no change on object.
# This previously caused an incident due to the hard to predict
# behaviour caused by the large number of callbacks.
# See https://gitlab.com/gitlab-com/gl-infra/production/-/issues/6351
# and https://gitlab.com/gitlab-org/gitlab/-/merge_requests/80920#note_911569038
# for details.
2022-08-13 15:12:31 +05:30
member.save
2022-06-21 17:19:12 +05:30
end
end
2022-07-23 23:45:48 +05:30
def after_commit_tasks
create_member_task
end
2021-12-11 22:18:48 +05:30
def create_member_task
return unless member.persisted?
return if member_task_attributes.value?(nil)
2022-04-04 11:22:00 +05:30
return if member.member_task.present?
2021-12-11 22:18:48 +05:30
member.create_member_task(member_task_attributes)
end
def member_task_attributes
{
tasks_to_be_done: args[:tasks_to_be_done],
project_id: args[:tasks_project_id]
}
end
2021-09-30 23:02:18 +05:30
def approve_request
::Members::ApproveAccessRequestService.new(current_user,
access_level: access_level)
.execute(
member,
skip_authorization: ldap,
skip_log_audit_event: ldap
)
end
def current_user
args[:current_user]
end
2022-06-21 17:19:12 +05:30
def skip_authorization?
!current_user
end
def add_commit_error
msg = if new_record?
_('not authorized to create member')
else
_('not authorized to update member')
end
member.errors.add(:base, msg)
end
2021-09-30 23:02:18 +05:30
def find_or_build_member
2022-08-13 15:12:31 +05:30
@member = builder.new(source, invitee, existing_members).execute
2022-06-21 17:19:12 +05:30
@member.blocking_refresh = args[:blocking_refresh]
2021-09-30 23:02:18 +05:30
end
def ldap
args[:ldap] || false
end
2022-07-23 23:45:48 +05:30
2022-08-13 15:12:31 +05:30
def source
args[:source]
end
2022-07-23 23:45:48 +05:30
def existing_members
args[:existing_members] || {}
end
2021-09-30 23:02:18 +05:30
end
end
Members::CreatorService.prepend_mod_with('Members::CreatorService')