debian-mirror-gitlab/app/finders/group_members_finder.rb

# frozen_string_literal: true

class GroupMembersFinder < UnionFinder
  RELATIONS = %i[direct inherited descendants shared_from_groups].freeze
  DEFAULT_RELATIONS = %i[direct inherited].freeze
  INVALID_RELATION_TYPE_ERROR_MSG = "is not a valid relation type. Valid relation types are #{RELATIONS.join(', ')}."

  RELATIONS_DESCRIPTIONS = {
    direct: 'Members in the group itself',
    inherited: "Members in the group's ancestor groups",
    descendants: "Members in the group's subgroups",
    shared_from_groups: "Invited group's members"
  }.freeze

  include CreatedAtFilter

  # Params can be any of the following:
  #   two_factor: string. 'enabled' or 'disabled' are returning different set of data, other values are not effective.
  #   sort:       string
  #   search:     string
  #   created_after: datetime
  #   created_before: datetime
  attr_reader :params

  def initialize(group, user = nil, params: {})
    @group = group
    @user = user
    @params = params
  end

  def execute(include_relations: DEFAULT_RELATIONS)
    groups = groups_by_relations(include_relations)
    shared_from_groups = if include_relations&.include?(:shared_from_groups)
                           Group.shared_into_ancestors(group).public_or_visible_to_user(user)
                         end

    members = all_group_members(groups, shared_from_groups).distinct_on_user_with_max_access_level

    filter_members(members)
  end

  private

  attr_reader :user, :group

  def groups_by_relations(include_relations)
    check_relation_arguments!(include_relations)

    related_groups = []

    related_groups << Group.by_id(group.id) if include_relations&.include?(:direct)
    related_groups << group.ancestors if include_relations&.include?(:inherited)
    related_groups << group.descendants if include_relations&.include?(:descendants)

    related_groups
  end

  def filter_members(members)
    members = members.search(params[:search]) if params[:search].present?
    members = members.sort_by_attribute(params[:sort]) if params[:sort].present?

    if params[:two_factor].present? && can_manage_members
      members = members.filter_by_2fa(params[:two_factor])
    end

    if params[:access_levels].present?
      members = members.by_access_level(params[:access_levels])
    end

    members = filter_by_user_type(members)
    members = apply_additional_filters(members)

    by_created_at(members)
  end

  def can_manage_members
    Ability.allowed?(user, :admin_group_member, group)
  end

  def group_members_list
    group.members
  end

  def all_group_members(groups, shared_from_groups)
    members_of_groups(groups, shared_from_groups).non_minimal_access
  end

  def members_of_groups(groups, shared_from_groups)
    if Feature.disabled?(:members_with_shared_group_access, @group.root_ancestor)
      groups << shared_from_groups unless shared_from_groups.nil?
      return GroupMember.non_request.of_groups(find_union(groups, Group))
    end

    members = GroupMember.non_request.of_groups(find_union(groups, Group))
    return members if shared_from_groups.nil?

    shared_members = GroupMember.non_request.of_groups(shared_from_groups)
    select_attributes = GroupMember.attribute_names
    members_shared_with_group_access = members_shared_with_group_access(shared_members, select_attributes)

    # `members` and `members_shared_with_group_access` should have even select values
    find_union([members.select(select_attributes), members_shared_with_group_access], GroupMember)
  end

  def members_shared_with_group_access(shared_members, select_attributes)
    group_group_link_table = GroupGroupLink.arel_table
    group_member_table = GroupMember.arel_table

    member_columns = select_attributes.map do |column_name|
      if column_name == 'access_level'
        args = [group_group_link_table[:group_access], group_member_table[:access_level]]
        smallest_value_arel(args, 'access_level')
      else
        group_member_table[column_name]
      end
    end

    # rubocop:disable CodeReuse/ActiveRecord
    shared_members
      .joins("LEFT OUTER JOIN group_group_links ON members.source_id = group_group_links.shared_with_group_id")
      .select(member_columns)
    # rubocop:enable CodeReuse/ActiveRecord
  end

  def smallest_value_arel(args, column_alias)
    Arel::Nodes::As.new(Arel::Nodes::NamedFunction.new('LEAST', args), Arel::Nodes::SqlLiteral.new(column_alias))
  end

  def check_relation_arguments!(include_relations)
    unless include_relations & RELATIONS == include_relations
      raise ArgumentError, "#{(include_relations - RELATIONS).first} #{INVALID_RELATION_TYPE_ERROR_MSG}"
    end
  end

  def filter_by_user_type(members)
    return members unless params[:user_type] && can_manage_members

    members.filter_by_user_type(params[:user_type])
  end

  def apply_additional_filters(members)
    # overridden in EE to include additional filtering conditions.
    members
  end
end

GroupMembersFinder.prepend_mod_with('GroupMembersFinder')
New upstream version 11.4.9+dfsg 2018-12-05 23:21:45 +05:30			`# frozen_string_literal: true`

New upstream version 12.2.8 2019-10-12 21:52:04 +05:30			`class GroupMembersFinder < UnionFinder`
New upstream version 15.7.8+ds1 2023-03-04 22:38:38 +05:30			`RELATIONS = %i[direct inherited descendants shared_from_groups].freeze`
			`DEFAULT_RELATIONS = %i[direct inherited].freeze`
New upstream version 14.2.5+ds1 2021-10-27 15:23:28 +05:30			`INVALID_RELATION_TYPE_ERROR_MSG = "is not a valid relation type. Valid relation types are #{RELATIONS.join(', ')}."`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30
New upstream version 13.12.3+ds1 2021-06-08 01:23:25 +05:30			`RELATIONS_DESCRIPTIONS = {`
			`direct: 'Members in the group itself',`
			`inherited: "Members in the group's ancestor groups",`
New upstream version 14.7.4+ds1 2022-03-02 08:16:31 +05:30			`descendants: "Members in the group's subgroups",`
			`shared_from_groups: "Invited group's members"`
New upstream version 13.12.3+ds1 2021-06-08 01:23:25 +05:30			`}.freeze`

New upstream version 12.10.0 2020-04-22 19:07:51 +05:30			`include CreatedAtFilter`

New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`# Params can be any of the following:`
			`# two_factor: string. 'enabled' or 'disabled' are returning different set of data, other values are not effective.`
			`# sort: string`
			`# search: string`
New upstream version 12.10.0 2020-04-22 19:07:51 +05:30			`# created_after: datetime`
			`# created_before: datetime`
			`attr_reader :params`
New upstream version 12.8.6 2020-03-13 15:44:24 +05:30
New upstream version 12.10.0 2020-04-22 19:07:51 +05:30			`def initialize(group, user = nil, params: {})`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`@group = group`
New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`@user = user`
New upstream version 12.10.0 2020-04-22 19:07:51 +05:30			`@params = params`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`

New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`def execute(include_relations: DEFAULT_RELATIONS)`
New upstream version 13.11.2+ds1 2021-04-29 21:17:54 +05:30			`groups = groups_by_relations(include_relations)`
New upstream version 15.11.6+ds1 2023-06-20 00:43:36 +05:30			`shared_from_groups = if include_relations&.include?(:shared_from_groups)`
			`Group.shared_into_ancestors(group).public_or_visible_to_user(user)`
			`end`

			`members = all_group_members(groups, shared_from_groups).distinct_on_user_with_max_access_level`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 12.10.0 2020-04-22 19:07:51 +05:30			`filter_members(members)`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`
New upstream version 12.8.6 2020-03-13 15:44:24 +05:30
			`private`

			`attr_reader :user, :group`

New upstream version 13.11.2+ds1 2021-04-29 21:17:54 +05:30			`def groups_by_relations(include_relations)`
New upstream version 14.2.5+ds1 2021-10-27 15:23:28 +05:30			`check_relation_arguments!(include_relations)`

New upstream version 14.7.4+ds1 2022-03-02 08:16:31 +05:30			`related_groups = []`

			`related_groups << Group.by_id(group.id) if include_relations&.include?(:direct)`
			`related_groups << group.ancestors if include_relations&.include?(:inherited)`
			`related_groups << group.descendants if include_relations&.include?(:descendants)`

New upstream version 15.11.6+ds1 2023-06-20 00:43:36 +05:30			`related_groups`
New upstream version 13.11.2+ds1 2021-04-29 21:17:54 +05:30			`end`

New upstream version 12.10.0 2020-04-22 19:07:51 +05:30			`def filter_members(members)`
New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`members = members.search(params[:search]) if params[:search].present?`
			`members = members.sort_by_attribute(params[:sort]) if params[:sort].present?`

New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`if params[:two_factor].present? && can_manage_members`
New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`members = members.filter_by_2fa(params[:two_factor])`
			`end`

New upstream version 15.0.4+ds1 2022-07-16 23:28:13 +05:30			`if params[:access_levels].present?`
			`members = members.by_access_level(params[:access_levels])`
			`end`

New upstream version 15.10.7+ds1 2023-05-27 22:25:52 +05:30			`members = filter_by_user_type(members)`
New upstream version 14.9.4+ds1 2022-05-07 20:08:51 +05:30			`members = apply_additional_filters(members)`

New upstream version 12.10.0 2020-04-22 19:07:51 +05:30			`by_created_at(members)`
New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`end`

			`def can_manage_members`
			`Ability.allowed?(user, :admin_group_member, group)`
			`end`
New upstream version 13.5.5 2021-01-03 14:25:43 +05:30
			`def group_members_list`
			`group.members`
			`end`

New upstream version 15.11.6+ds1 2023-06-20 00:43:36 +05:30			`def all_group_members(groups, shared_from_groups)`
			`members_of_groups(groups, shared_from_groups).non_minimal_access`
			`end`

			`def members_of_groups(groups, shared_from_groups)`
			`if Feature.disabled?(:members_with_shared_group_access, @group.root_ancestor)`
			`groups << shared_from_groups unless shared_from_groups.nil?`
			`return GroupMember.non_request.of_groups(find_union(groups, Group))`
			`end`

			`members = GroupMember.non_request.of_groups(find_union(groups, Group))`
			`return members if shared_from_groups.nil?`

			`shared_members = GroupMember.non_request.of_groups(shared_from_groups)`
			`select_attributes = GroupMember.attribute_names`
			`members_shared_with_group_access = members_shared_with_group_access(shared_members, select_attributes)`

			# `members` and `members_shared_with_group_access` should have even select values
			`find_union([members.select(select_attributes), members_shared_with_group_access], GroupMember)`
			`end`

			`def members_shared_with_group_access(shared_members, select_attributes)`
			`group_group_link_table = GroupGroupLink.arel_table`
			`group_member_table = GroupMember.arel_table`

			`member_columns = select_attributes.map do \|column_name\|`
			`if column_name == 'access_level'`
			`args = [group_group_link_table[:group_access], group_member_table[:access_level]]`
			`smallest_value_arel(args, 'access_level')`
			`else`
			`group_member_table[column_name]`
			`end`
			`end`

			`# rubocop:disable CodeReuse/ActiveRecord`
			`shared_members`
			`.joins("LEFT OUTER JOIN group_group_links ON members.source_id = group_group_links.shared_with_group_id")`
			`.select(member_columns)`
			`# rubocop:enable CodeReuse/ActiveRecord`
New upstream version 13.5.5 2021-01-03 14:25:43 +05:30			`end`

New upstream version 15.11.6+ds1 2023-06-20 00:43:36 +05:30			`def smallest_value_arel(args, column_alias)`
			`Arel::Nodes::As.new(Arel::Nodes::NamedFunction.new('LEAST', args), Arel::Nodes::SqlLiteral.new(column_alias))`
New upstream version 13.5.5 2021-01-03 14:25:43 +05:30			`end`
New upstream version 14.2.5+ds1 2021-10-27 15:23:28 +05:30
			`def check_relation_arguments!(include_relations)`
			`unless include_relations & RELATIONS == include_relations`
			`raise ArgumentError, "#{(include_relations - RELATIONS).first} #{INVALID_RELATION_TYPE_ERROR_MSG}"`
			`end`
			`end`
New upstream version 14.9.4+ds1 2022-05-07 20:08:51 +05:30
New upstream version 15.10.7+ds1 2023-05-27 22:25:52 +05:30			`def filter_by_user_type(members)`
			`return members unless params[:user_type] && can_manage_members`

			`members.filter_by_user_type(params[:user_type])`
			`end`

New upstream version 14.9.4+ds1 2022-05-07 20:08:51 +05:30			`def apply_additional_filters(members)`
			`# overridden in EE to include additional filtering conditions.`
			`members`
			`end`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
New upstream version 13.12.3+ds1 2021-06-08 01:23:25 +05:30			`GroupMembersFinder.prepend_mod_with('GroupMembersFinder')`