debian-mirror-gitlab/app/services/todos/destroy/entity_leave_service.rb

147 lines
4.4 KiB
Ruby
Raw Normal View History

2018-11-20 20:47:30 +05:30
# frozen_string_literal: true
2018-11-18 11:00:15 +05:30
module Todos
module Destroy
class EntityLeaveService < ::Todos::Destroy::BaseService
extend ::Gitlab::Utils::Override
attr_reader :user, :entity
def initialize(user_id, entity_id, entity_type)
unless %w(Group Project).include?(entity_type)
2021-06-08 01:23:25 +05:30
raise ArgumentError, "#{entity_type} is not an entity user can leave"
2018-11-18 11:00:15 +05:30
end
2021-01-03 14:25:43 +05:30
@user = UserFinder.new(user_id).find_by_id
@entity = entity_type.constantize.find_by(id: entity_id) # rubocop: disable CodeReuse/ActiveRecord
2018-11-18 11:00:15 +05:30
end
def execute
return unless entity && user
# if at least reporter, all entities including confidential issues can be accessed
return if user_has_reporter_access?
2020-12-08 15:28:05 +05:30
remove_confidential_resource_todos
2018-11-18 11:00:15 +05:30
if entity.private?
remove_project_todos
remove_group_todos
else
enqueue_private_features_worker
end
end
private
def enqueue_private_features_worker
2019-07-31 22:56:46 +05:30
projects.each do |project|
TodosDestroyer::PrivateFeaturesWorker.perform_async(project.id, user.id)
2018-11-18 11:00:15 +05:30
end
end
2020-12-08 15:28:05 +05:30
def remove_confidential_resource_todos
2021-01-03 14:25:43 +05:30
Todo
.for_target(confidential_issues.select(:id))
.for_type(Issue.name)
.for_user(user)
.delete_all
2018-11-18 11:00:15 +05:30
end
def remove_project_todos
2020-10-04 03:57:07 +05:30
# Issues are viewable by guests (even in private projects), so remove those todos
# from projects without guest access
2021-01-03 14:25:43 +05:30
Todo
.for_project(non_authorized_guest_projects)
.for_user(user)
2020-10-04 03:57:07 +05:30
.delete_all
# MRs require reporter access, so remove those todos that are not authorized
2021-01-03 14:25:43 +05:30
Todo
.for_project(non_authorized_reporter_projects)
.for_type(MergeRequest.name)
.for_user(user)
2020-10-04 03:57:07 +05:30
.delete_all
2018-11-18 11:00:15 +05:30
end
def remove_group_todos
2021-04-29 21:17:54 +05:30
return unless entity.is_a?(Namespace)
2021-01-03 14:25:43 +05:30
Todo
2021-04-29 21:17:54 +05:30
.for_group(non_authorized_non_public_groups)
2021-01-03 14:25:43 +05:30
.for_user(user)
.delete_all
2018-11-18 11:00:15 +05:30
end
2019-07-31 22:56:46 +05:30
def projects
2018-11-18 11:00:15 +05:30
condition = case entity
when Project
{ id: entity.id }
when Namespace
2020-10-04 03:57:07 +05:30
{ namespace_id: non_authorized_reporter_groups }
2018-11-18 11:00:15 +05:30
end
2021-01-03 14:25:43 +05:30
Project.where(condition) # rubocop: disable CodeReuse/ActiveRecord
2018-11-18 11:00:15 +05:30
end
2020-10-04 03:57:07 +05:30
def authorized_reporter_projects
user.authorized_projects(Gitlab::Access::REPORTER).select(:id)
end
def authorized_guest_projects
user.authorized_projects(Gitlab::Access::GUEST).select(:id)
end
def non_authorized_reporter_projects
2021-01-03 14:25:43 +05:30
projects.id_not_in(authorized_reporter_projects)
2020-10-04 03:57:07 +05:30
end
def non_authorized_guest_projects
2021-01-03 14:25:43 +05:30
projects.id_not_in(authorized_guest_projects)
2020-10-04 03:57:07 +05:30
end
def authorized_reporter_groups
GroupsFinder.new(user, min_access_level: Gitlab::Access::REPORTER).execute.select(:id)
2018-11-18 11:00:15 +05:30
end
2021-04-29 21:17:54 +05:30
# since the entity is a private group, we can assume all subgroups are also
# private. We can therefore limit GroupsFinder with `all_available: false`.
# Otherwise it tries to include all public groups. This generates an expensive
# SQL queries: https://gitlab.com/gitlab-org/gitlab/-/issues/325133
# rubocop: disable CodeReuse/ActiveRecord
def non_authorized_non_public_groups
2018-11-18 11:00:15 +05:30
return [] unless entity.is_a?(Namespace)
2021-04-29 21:17:54 +05:30
return [] unless entity.private?
2018-11-18 11:00:15 +05:30
entity.self_and_descendants.select(:id)
2021-04-29 21:17:54 +05:30
.id_not_in(GroupsFinder.new(user, all_available: false).execute.select(:id).reorder(nil))
2018-11-18 11:00:15 +05:30
end
2021-04-29 21:17:54 +05:30
# rubocop: enable CodeReuse/ActiveRecord
2018-11-18 11:00:15 +05:30
2020-10-04 03:57:07 +05:30
def non_authorized_reporter_groups
2018-11-18 11:00:15 +05:30
entity.self_and_descendants.select(:id)
2021-01-03 14:25:43 +05:30
.id_not_in(authorized_reporter_groups)
2018-11-18 11:00:15 +05:30
end
def user_has_reporter_access?
return unless entity.is_a?(Namespace)
entity.member?(User.find(user.id), Gitlab::Access::REPORTER)
end
def confidential_issues
2021-01-03 14:25:43 +05:30
assigned_ids = IssueAssignee.select(:issue_id).for_assignee(user)
2018-11-18 11:00:15 +05:30
2021-01-03 14:25:43 +05:30
Issue
.in_projects(projects)
.confidential_only
.not_in_projects(authorized_reporter_projects)
.not_authored_by(user)
.id_not_in(assigned_ids)
2018-11-18 11:00:15 +05:30
end
end
end
end
2020-12-08 15:28:05 +05:30
2021-06-08 01:23:25 +05:30
Todos::Destroy::EntityLeaveService.prepend_mod_with('Todos::Destroy::EntityLeaveService')