2018-12-05 23:21:45 +05:30
# frozen_string_literal: true
2014-09-02 18:07:02 +05:30
class Admin :: UsersController < Admin :: ApplicationController
2019-07-07 11:18:12 +05:30
include RoutableActions
2015-09-11 14:41:01 +05:30
before_action :user , except : [ :index , :new , :create ]
2019-02-15 15:39:39 +05:30
before_action :check_impersonation_availability , only : :impersonate
2020-10-04 03:57:07 +05:30
before_action :ensure_destroy_prerequisites_met , only : [ :destroy ]
2021-01-03 14:25:43 +05:30
before_action :check_admin_approval_feature_available! , only : [ :approve ]
feature_category :users
2014-09-02 18:07:02 +05:30
def index
2019-07-07 11:18:12 +05:30
@users = User . filter_items ( params [ :filter ] ) . order_name_asc
2017-08-17 22:00:37 +05:30
@users = @users . search_with_secondary_emails ( params [ :search_query ] ) if params [ :search_query ] . present?
2021-01-03 14:25:43 +05:30
@users = @users . includes ( :authorized_projects ) # rubocop: disable CodeReuse/ActiveRecord
2018-05-09 12:01:36 +05:30
@users = @users . sort_by_attribute ( @sort = params [ :sort ] )
2015-04-26 12:48:37 +05:30
@users = @users . page ( params [ :page ] )
2014-09-02 18:07:02 +05:30
end
def show
2015-09-11 14:41:01 +05:30
end
def projects
2014-09-02 18:07:02 +05:30
@personal_projects = user . personal_projects
@joined_projects = user . projects . joined ( @user )
2015-09-11 14:41:01 +05:30
end
def keys
2018-03-17 18:26:18 +05:30
@keys = user . keys . order_id_desc
2014-09-02 18:07:02 +05:30
end
def new
@user = User . new
end
def edit
user
end
2016-06-02 11:05:42 +05:30
def impersonate
2017-08-17 22:00:37 +05:30
if can? ( user , :log_in )
2016-06-02 11:05:42 +05:30
session [ :impersonator_id ] = current_user . id
warden . set_user ( user , scope : :user )
2019-10-12 21:52:04 +05:30
log_impersonation_event
2016-06-02 11:05:42 +05:30
2019-07-07 11:18:12 +05:30
flash [ :alert ] = _ ( " You are now impersonating %{username} " ) % { username : user . username }
2016-06-02 11:05:42 +05:30
redirect_to root_path
2017-08-17 22:00:37 +05:30
else
flash [ :alert ] =
if user . blocked?
2019-07-07 11:18:12 +05:30
_ ( " You cannot impersonate a blocked user " )
2017-08-17 22:00:37 +05:30
elsif user . internal?
2019-07-07 11:18:12 +05:30
_ ( " You cannot impersonate an internal user " )
2017-08-17 22:00:37 +05:30
else
2019-07-07 11:18:12 +05:30
_ ( " You cannot impersonate a user who cannot log in " )
2017-08-17 22:00:37 +05:30
end
redirect_to admin_user_path ( user )
2016-06-02 11:05:42 +05:30
end
end
2021-01-03 14:25:43 +05:30
def approve
result = Users :: ApproveService . new ( current_user ) . execute ( user )
if result [ :status ] == :success
redirect_back_or_admin_user ( notice : _ ( " Successfully approved " ) )
else
redirect_back_or_admin_user ( alert : result [ :message ] )
end
end
2019-12-21 20:55:43 +05:30
def activate
return redirect_back_or_admin_user ( notice : _ ( " Error occurred. A blocked user must be unblocked to be activated " ) ) if user . blocked?
user . activate
redirect_back_or_admin_user ( notice : _ ( " Successfully activated " ) )
end
def deactivate
return redirect_back_or_admin_user ( notice : _ ( " Error occurred. A blocked user cannot be deactivated " ) ) if user . blocked?
return redirect_back_or_admin_user ( notice : _ ( " Successfully deactivated " ) ) if user . deactivated?
2021-01-03 14:25:43 +05:30
return redirect_back_or_admin_user ( notice : _ ( " Internal users cannot be deactivated " ) ) if user . internal?
2019-12-21 20:55:43 +05:30
return redirect_back_or_admin_user ( notice : _ ( " The user you are trying to deactivate has been active in the past %{minimum_inactive_days} days and cannot be deactivated " ) % { minimum_inactive_days : :: User :: MINIMUM_INACTIVE_DAYS } ) unless user . can_be_deactivated?
user . deactivate
redirect_back_or_admin_user ( notice : _ ( " Successfully deactivated " ) )
end
2014-09-02 18:07:02 +05:30
def block
2020-03-13 15:44:24 +05:30
result = Users :: BlockService . new ( current_user ) . execute ( user )
2021-01-03 14:25:43 +05:30
if result [ :status ] == :success
2019-07-07 11:18:12 +05:30
redirect_back_or_admin_user ( notice : _ ( " Successfully blocked " ) )
2014-09-02 18:07:02 +05:30
else
2019-07-07 11:18:12 +05:30
redirect_back_or_admin_user ( alert : _ ( " Error occurred. User was not blocked " ) )
2014-09-02 18:07:02 +05:30
end
end
def unblock
2016-01-19 16:12:03 +05:30
if user . ldap_blocked?
2019-07-07 11:18:12 +05:30
redirect_back_or_admin_user ( alert : _ ( " This user cannot be unlocked manually from GitLab " ) )
2017-09-10 17:25:29 +05:30
elsif update_user { | user | user . activate }
2019-07-07 11:18:12 +05:30
redirect_back_or_admin_user ( notice : _ ( " Successfully unblocked " ) )
2014-09-02 18:07:02 +05:30
else
2019-07-07 11:18:12 +05:30
redirect_back_or_admin_user ( alert : _ ( " Error occurred. User was not unblocked " ) )
2014-09-02 18:07:02 +05:30
end
end
2015-09-11 14:41:01 +05:30
def unlock
2017-09-10 17:25:29 +05:30
if update_user { | user | user . unlock_access! }
2019-07-07 11:18:12 +05:30
redirect_back_or_admin_user ( alert : _ ( " Successfully unlocked " ) )
2015-09-11 14:41:01 +05:30
else
2019-07-07 11:18:12 +05:30
redirect_back_or_admin_user ( alert : _ ( " Error occurred. User was not unlocked " ) )
2015-09-11 14:41:01 +05:30
end
end
def confirm
2017-09-10 17:25:29 +05:30
if update_user { | user | user . confirm }
2019-07-07 11:18:12 +05:30
redirect_back_or_admin_user ( notice : _ ( " Successfully confirmed " ) )
2015-09-11 14:41:01 +05:30
else
2019-07-07 11:18:12 +05:30
redirect_back_or_admin_user ( alert : _ ( " Error occurred. User was not confirmed " ) )
2015-09-11 14:41:01 +05:30
end
end
def disable_two_factor
2020-11-24 15:15:51 +05:30
result = TwoFactor :: DestroyService . new ( current_user , user : user ) . execute
2017-09-10 17:25:29 +05:30
2020-11-24 15:15:51 +05:30
if result [ :status ] == :success
redirect_to admin_user_path ( user ) ,
notice : _ ( 'Two-factor authentication has been disabled for this user' )
else
redirect_to admin_user_path ( user ) , alert : result [ :message ]
end
2015-09-11 14:41:01 +05:30
end
2014-09-02 18:07:02 +05:30
def create
opts = {
2017-08-17 22:00:37 +05:30
reset_password : true ,
skip_confirmation : true
2014-09-02 18:07:02 +05:30
}
2017-08-17 22:00:37 +05:30
@user = Users :: CreateService . new ( current_user , user_params . merge ( opts ) ) . execute
2014-09-02 18:07:02 +05:30
respond_to do | format |
2017-08-17 22:00:37 +05:30
if @user . persisted?
2019-07-07 11:18:12 +05:30
format . html { redirect_to [ :admin , @user ] , notice : _ ( 'User was successfully created.' ) }
2014-09-02 18:07:02 +05:30
format . json { render json : @user , status : :created , location : @user }
else
format . html { render " new " }
format . json { render json : @user . errors , status : :unprocessable_entity }
end
end
end
def update
user_params_with_pass = user_params . dup
if params [ :user ] [ :password ] . present?
2018-03-17 18:26:18 +05:30
password_params = {
2014-09-02 18:07:02 +05:30
password : params [ :user ] [ :password ] ,
2018-03-17 18:26:18 +05:30
password_confirmation : params [ :user ] [ :password_confirmation ]
}
2020-11-24 15:15:51 +05:30
password_params [ :password_expires_at ] = Time . current if admin_making_changes_for_another_user?
2018-03-17 18:26:18 +05:30
user_params_with_pass . merge! ( password_params )
2014-09-02 18:07:02 +05:30
end
respond_to do | format |
2018-03-17 18:26:18 +05:30
result = Users :: UpdateService . new ( current_user , user_params_with_pass . merge ( user : user ) ) . execute do | user |
2017-09-10 17:25:29 +05:30
user . skip_reconfirmation!
2020-11-24 15:15:51 +05:30
user . send_only_admin_changed_your_password_notification! if admin_making_changes_for_another_user?
2017-09-10 17:25:29 +05:30
end
if result [ :status ] == :success
2019-07-07 11:18:12 +05:30
format . html { redirect_to [ :admin , user ] , notice : _ ( 'User was successfully updated.' ) }
2014-09-02 18:07:02 +05:30
format . json { head :ok }
else
# restore username to keep form action url.
user . username = params [ :id ]
format . html { render " edit " }
2021-01-03 14:25:43 +05:30
format . json { render json : [ result [ :message ] ] , status : :internal_server_error }
2014-09-02 18:07:02 +05:30
end
end
end
def destroy
2020-10-04 03:57:07 +05:30
user . delete_async ( deleted_by : current_user , params : destroy_params )
2014-09-02 18:07:02 +05:30
respond_to do | format |
2019-12-26 22:10:19 +05:30
format . html { redirect_to admin_users_path , status : :found , notice : _ ( " The user is being deleted. " ) }
2014-09-02 18:07:02 +05:30
format . json { head :ok }
end
end
def remove_email
email = user . emails . find ( params [ :email_id ] )
2018-03-17 18:26:18 +05:30
success = Emails :: DestroyService . new ( current_user , user : user ) . execute ( email )
2015-04-26 12:48:37 +05:30
2014-09-02 18:07:02 +05:30
respond_to do | format |
2017-09-10 17:25:29 +05:30
if success
2019-07-07 11:18:12 +05:30
format . html { redirect_back_or_admin_user ( notice : _ ( 'Successfully removed email.' ) ) }
2017-09-10 17:25:29 +05:30
format . json { head :ok }
else
2019-07-07 11:18:12 +05:30
format . html { redirect_back_or_admin_user ( alert : _ ( 'There was an error removing the e-mail.' ) ) }
format . json { render json : _ ( 'There was an error removing the e-mail.' ) , status : :bad_request }
2017-09-10 17:25:29 +05:30
end
2014-09-02 18:07:02 +05:30
end
end
protected
2020-11-24 15:15:51 +05:30
def admin_making_changes_for_another_user?
user != current_user
2018-03-17 18:26:18 +05:30
end
2020-10-04 03:57:07 +05:30
def destroy_params
params . permit ( :hard_delete )
end
def ensure_destroy_prerequisites_met
return if hard_delete?
if user . solo_owned_groups . present?
message = s_ ( 'AdminUsers|You must transfer ownership or delete the groups owned by this user before you can delete their account' )
redirect_to admin_user_path ( user ) , status : :see_other , alert : message
end
end
def hard_delete?
destroy_params [ :hard_delete ]
end
2014-09-02 18:07:02 +05:30
def user
2019-07-07 11:18:12 +05:30
@user || = find_routable! ( User , params [ :id ] )
end
def build_canonical_path ( user )
url_for ( safe_params . merge ( id : user . to_param ) )
2014-09-02 18:07:02 +05:30
end
2015-10-24 18:46:33 +05:30
def redirect_back_or_admin_user ( options = { } )
redirect_back_or_default ( default : default_route , options : options )
end
def default_route
[ :admin , @user ]
end
2017-08-17 22:00:37 +05:30
def user_params
2018-11-08 19:23:39 +05:30
params . require ( :user ) . permit ( allowed_user_params )
2017-08-17 22:00:37 +05:30
end
2018-11-08 19:23:39 +05:30
def allowed_user_params
2017-08-17 22:00:37 +05:30
[
:access_level ,
:avatar ,
:bio ,
:can_create_group ,
:color_scheme_id ,
:email ,
:extern_uid ,
:external ,
:force_random_password ,
:hide_no_password ,
:hide_no_ssh_key ,
:key_id ,
:linkedin ,
:name ,
:password_expires_at ,
:projects_limit ,
:provider ,
:remember_me ,
:skype ,
2018-03-17 18:26:18 +05:30
:theme_id ,
2017-08-17 22:00:37 +05:30
:twitter ,
:username ,
2020-06-23 00:09:42 +05:30
:website_url ,
:note
2017-08-17 22:00:37 +05:30
]
end
2017-09-10 17:25:29 +05:30
def update_user ( & block )
2018-03-17 18:26:18 +05:30
result = Users :: UpdateService . new ( current_user , user : user ) . execute ( & block )
2017-09-10 17:25:29 +05:30
result [ :status ] == :success
end
2019-02-15 15:39:39 +05:30
def check_impersonation_availability
access_denied! unless Gitlab . config . gitlab . impersonation_enabled
end
2019-10-12 21:52:04 +05:30
def log_impersonation_event
Gitlab :: AppLogger . info ( _ ( " User %{current_user_username} has started impersonating %{username} " ) % { current_user_username : current_user . username , username : user . username } )
end
2021-01-03 14:25:43 +05:30
def check_admin_approval_feature_available!
access_denied! unless Feature . enabled? ( :admin_approval_for_new_user_signups , default_enabled : true )
end
2014-09-02 18:07:02 +05:30
end
2019-12-04 20:38:33 +05:30
Admin :: UsersController . prepend_if_ee ( 'EE::Admin::UsersController' )