debian-mirror-gitlab/app/services/members/destroy_service.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

178 lines
5.7 KiB
Ruby
Raw Normal View History

2018-11-18 11:00:15 +05:30
# frozen_string_literal: true
2016-08-24 12:49:21 +05:30
module Members
2018-03-27 19:54:05 +05:30
class DestroyService < Members::BaseService
2022-11-25 23:54:43 +05:30
include Gitlab::ExclusiveLeaseHelpers
2020-07-28 23:09:34 +05:30
def execute(member, skip_authorization: false, skip_subresources: false, unassign_issuables: false, destroy_bot: false)
2022-07-23 23:45:48 +05:30
unless skip_authorization
raise Gitlab::Access::AccessDeniedError unless authorized?(member, destroy_bot)
raise Gitlab::Access::AccessDeniedError if destroying_member_with_owner_access_level?(member) &&
cannot_revoke_owner_responsibilities_from_member_in_project?(member)
end
2016-08-24 12:49:21 +05:30
2019-01-03 12:48:30 +05:30
@skip_auth = skip_authorization
2023-03-17 16:20:25 +05:30
if a_group_owner?(member)
process_destroy_of_group_owner_member(member, skip_subresources, unassign_issuables)
else
destroy_member(member)
destroy_data_related_to_member(member, skip_subresources, unassign_issuables)
end
member
end
private
def process_destroy_of_group_owner_member(member, skip_subresources, unassign_issuables)
# Deleting 2 different group owners via the API in quick succession could lead to
# wrong results for the `last_owner?` check due to race conditions. To prevent this
# we wrap both the last_owner? check and the deletes of owners within a lock.
last_group_owner = true
2022-11-25 23:54:43 +05:30
2023-03-04 22:38:38 +05:30
in_lock("delete_members:#{member.source.class}:#{member.source.id}", sleep_sec: 0.1.seconds) do
2023-03-17 16:20:25 +05:30
break if member.source.last_owner?(member.user)
2022-11-25 23:54:43 +05:30
2023-03-17 16:20:25 +05:30
last_group_owner = false
destroy_member(member)
2022-11-25 23:54:43 +05:30
end
2019-01-03 12:48:30 +05:30
2023-03-17 16:20:25 +05:30
# deletion of related data does not have to be within the lock.
destroy_data_related_to_member(member, skip_subresources, unassign_issuables) unless last_group_owner
end
2016-11-03 12:29:30 +05:30
2023-03-17 16:20:25 +05:30
def destroy_member(member)
member.destroy
2022-11-25 23:54:43 +05:30
end
2016-11-03 12:29:30 +05:30
2023-03-17 16:20:25 +05:30
def destroy_data_related_to_member(member, skip_subresources, unassign_issuables)
member.user&.invalidate_cache_counts
delete_member_associations(member, skip_subresources, unassign_issuables)
end
def a_group_owner?(member)
member.is_a?(GroupMember) && member.owner?
end
2016-11-03 12:29:30 +05:30
2022-11-25 23:54:43 +05:30
def delete_member_associations(member, skip_subresources, unassign_issuables)
2018-03-27 19:54:05 +05:30
if member.request? && member.user != current_user
notification_service.decline_access_request(member)
end
2016-11-03 12:29:30 +05:30
2019-01-03 12:48:30 +05:30
delete_subresources(member) unless skip_subresources
2020-09-03 11:15:55 +05:30
delete_project_invitations_by(member) unless skip_subresources
2023-04-23 21:23:45 +05:30
resolve_access_request_todos(current_user, member)
2019-01-03 12:48:30 +05:30
enqueue_delete_todos(member)
2020-07-28 23:09:34 +05:30
enqueue_unassign_issuables(member) if unassign_issuables
2018-11-18 11:00:15 +05:30
2018-03-27 19:54:05 +05:30
after_execute(member: member)
2016-08-24 12:49:21 +05:30
end
2016-11-03 12:29:30 +05:30
2020-07-28 23:09:34 +05:30
def authorized?(member, destroy_bot)
return can_destroy_bot_member?(member) if destroy_bot
2023-01-13 00:05:48 +05:30
if member.request?
return can_destroy_member_access_request?(member) || can_withdraw_member_access_request?(member)
end
2020-07-28 23:09:34 +05:30
can_destroy_member?(member)
end
2019-01-03 12:48:30 +05:30
def delete_subresources(member)
return unless member.is_a?(GroupMember) && member.user && member.group
delete_project_members(member)
2019-10-12 21:52:04 +05:30
delete_subgroup_members(member)
2020-09-03 11:15:55 +05:30
delete_invited_members(member)
2019-01-03 12:48:30 +05:30
end
def delete_project_members(member)
groups = member.group.self_and_descendants
2020-09-03 11:15:55 +05:30
destroy_project_members(ProjectMember.in_namespaces(groups).with_user(member.user))
2019-01-03 12:48:30 +05:30
end
def delete_subgroup_members(member)
groups = member.group.descendants
2020-09-03 11:15:55 +05:30
destroy_group_members(GroupMember.of_groups(groups).with_user(member.user))
end
def delete_invited_members(member)
groups = member.group.self_and_descendants
destroy_group_members(GroupMember.of_groups(groups).not_accepted_invitations_by_user(member.user))
destroy_project_members(ProjectMember.in_namespaces(groups).not_accepted_invitations_by_user(member.user))
end
def destroy_project_members(members)
members.each do |project_member|
self.class.new(current_user).execute(project_member, skip_authorization: @skip_auth)
end
end
def destroy_group_members(members)
members.each do |group_member|
2019-01-03 12:48:30 +05:30
self.class.new(current_user).execute(group_member, skip_authorization: @skip_auth, skip_subresources: true)
end
end
2020-09-03 11:15:55 +05:30
def delete_project_invitations_by(member)
return unless member.is_a?(ProjectMember) && member.user && member.project
members_to_delete = member.project.members.not_accepted_invitations_by_user(member.user)
destroy_project_members(members_to_delete)
end
2019-01-03 12:48:30 +05:30
2016-11-03 12:29:30 +05:30
def can_destroy_member?(member)
2018-03-27 19:54:05 +05:30
can?(current_user, destroy_member_permission(member), member)
2018-03-17 18:26:18 +05:30
end
2020-07-28 23:09:34 +05:30
def can_destroy_bot_member?(member)
can?(current_user, destroy_bot_member_permission(member), member)
end
2023-01-13 00:05:48 +05:30
def can_destroy_member_access_request?(member)
can?(current_user, :admin_member_access_request, member.source)
end
def can_withdraw_member_access_request?(member)
can?(current_user, :withdraw_member_access_request, member)
end
2022-07-23 23:45:48 +05:30
def destroying_member_with_owner_access_level?(member)
member.owner?
end
2018-03-17 18:26:18 +05:30
def destroy_member_permission(member)
case member
when GroupMember
:destroy_group_member
when ProjectMember
:destroy_project_member
2018-03-27 19:54:05 +05:30
else
raise "Unknown member type: #{member}!"
2018-03-17 18:26:18 +05:30
end
2016-11-03 12:29:30 +05:30
end
2020-07-28 23:09:34 +05:30
def destroy_bot_member_permission(member)
raise "Unsupported bot member type: #{member}" unless member.is_a?(ProjectMember)
:destroy_project_bot_member
end
def enqueue_unassign_issuables(member)
source_type = member.is_a?(GroupMember) ? 'Group' : 'Project'
member.run_after_commit_or_now do
MembersDestroyer::UnassignIssuablesWorker.perform_async(member.user_id, member.source_id, source_type)
end
end
2016-08-24 12:49:21 +05:30
end
end
2019-12-04 20:38:33 +05:30
2021-06-08 01:23:25 +05:30
Members::DestroyService.prepend_mod_with('Members::DestroyService')