debian-mirror-gitlab/app/services/resource_access_tokens/revoke_service.rb

# frozen_string_literal: true

module ResourceAccessTokens
  class RevokeService < BaseService
    include Gitlab::Utils::StrongMemoize

    RevokeAccessTokenError = Class.new(RuntimeError)

    def initialize(current_user, resource, access_token)
      @current_user = current_user
      @access_token = access_token
      @bot_user = access_token.user
      @resource = resource
    end

    def execute
      return error("#{current_user.name} cannot delete #{bot_user.name}") unless can_destroy_bot_member?
      return error("Failed to find bot user") unless find_member

      access_token.revoke!

      destroy_bot_user

      log_event

      success("Access token #{access_token.name} has been revoked and the bot user has been scheduled for deletion.")
    rescue StandardError => error
      log_error("Failed to revoke access token for #{bot_user.name}: #{error.message}")
      error(error.message)
    end

    private

    attr_reader :current_user, :access_token, :bot_user, :resource

    def destroy_bot_user
      DeleteUserWorker.perform_async(current_user.id, bot_user.id, skip_authorization: true)
    end

    def can_destroy_bot_member?
      if resource.is_a?(Project)
        can?(current_user, :admin_project_member, @resource)
      elsif resource.is_a?(Group)
        can?(current_user, :admin_group_member, @resource)
      else
        false
      end
    end

    def find_member
      strong_memoize(:member) do
        if resource.is_a?(Project)
          resource.project_member(bot_user)
        elsif resource.is_a?(Group)
          resource.group_member(bot_user)
        else
          false
        end
      end
    end

    def log_event
      ::Gitlab::AppLogger.info "PROJECT ACCESS TOKEN REVOCATION: revoked_by: #{current_user.username}, project_id: #{resource.id}, token_user: #{access_token.user.name}, token_id: #{access_token.id}"
    end

    def error(message)
      ServiceResponse.error(message: message)
    end

    def success(message)
      ServiceResponse.success(message: message)
    end
  end
end

ResourceAccessTokens::RevokeService.prepend_if_ee('EE::ResourceAccessTokens::RevokeService')
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`# frozen_string_literal: true`

			`module ResourceAccessTokens`
			`class RevokeService < BaseService`
			`include Gitlab::Utils::StrongMemoize`

			`RevokeAccessTokenError = Class.new(RuntimeError)`

			`def initialize(current_user, resource, access_token)`
			`@current_user = current_user`
			`@access_token = access_token`
			`@bot_user = access_token.user`
			`@resource = resource`
			`end`

			`def execute`
New upstream version 13.5.5 2021-01-03 14:25:43 +05:30			`return error("#{current_user.name} cannot delete #{bot_user.name}") unless can_destroy_bot_member?`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`return error("Failed to find bot user") unless find_member`

New upstream version 13.5.5 2021-01-03 14:25:43 +05:30			`access_token.revoke!`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30
New upstream version 13.5.5 2021-01-03 14:25:43 +05:30			`destroy_bot_user`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30			`log_event`

New upstream version 13.5.5 2021-01-03 14:25:43 +05:30			`success("Access token #{access_token.name} has been revoked and the bot user has been scheduled for deletion.")`
			`rescue StandardError => error`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`log_error("Failed to revoke access token for #{bot_user.name}: #{error.message}")`
			`error(error.message)`
			`end`

			`private`

			`attr_reader :current_user, :access_token, :bot_user, :resource`

New upstream version 13.5.5 2021-01-03 14:25:43 +05:30			`def destroy_bot_user`
			`DeleteUserWorker.perform_async(current_user.id, bot_user.id, skip_authorization: true)`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`end`

New upstream version 13.5.5 2021-01-03 14:25:43 +05:30			`def can_destroy_bot_member?`
			`if resource.is_a?(Project)`
			`can?(current_user, :admin_project_member, @resource)`
			`elsif resource.is_a?(Group)`
			`can?(current_user, :admin_group_member, @resource)`
			`else`
			`false`
			`end`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`end`

			`def find_member`
			`strong_memoize(:member) do`
			`if resource.is_a?(Project)`
			`resource.project_member(bot_user)`
			`elsif resource.is_a?(Group)`
			`resource.group_member(bot_user)`
			`else`
			`false`
			`end`
			`end`
			`end`

New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30			`def log_event`
			`::Gitlab::AppLogger.info "PROJECT ACCESS TOKEN REVOCATION: revoked_by: #{current_user.username}, project_id: #{resource.id}, token_user: #{access_token.user.name}, token_id: #{access_token.id}"`
			`end`

New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`def error(message)`
			`ServiceResponse.error(message: message)`
			`end`

			`def success(message)`
			`ServiceResponse.success(message: message)`
			`end`
			`end`
			`end`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30
			`ResourceAccessTokens::RevokeService.prepend_if_ee('EE::ResourceAccessTokens::RevokeService')`