65 lines
2 KiB
Ruby
65 lines
2 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
module Users
|
|
class DeactivateService < BaseService
|
|
def initialize(current_user, skip_authorization: false)
|
|
@current_user = current_user
|
|
@skip_authorization = skip_authorization
|
|
end
|
|
|
|
def execute(user)
|
|
unless allowed?
|
|
return ::ServiceResponse.error(message: _('You are not authorized to perform this action'),
|
|
reason: :forbidden)
|
|
end
|
|
|
|
if user.blocked?
|
|
return ::ServiceResponse.error(message: _('Error occurred. A blocked user cannot be deactivated'),
|
|
reason: :forbidden)
|
|
end
|
|
|
|
if user.internal?
|
|
return ::ServiceResponse.error(message: _('Internal users cannot be deactivated'),
|
|
reason: :forbidden)
|
|
end
|
|
|
|
return ::ServiceResponse.success(message: _('User has already been deactivated')) if user.deactivated?
|
|
|
|
unless user.can_be_deactivated?
|
|
message = _(
|
|
'The user you are trying to deactivate has been active in the past %{minimum_inactive_days} days ' \
|
|
'and cannot be deactivated')
|
|
|
|
deactivation_error_message = format(message,
|
|
minimum_inactive_days: Gitlab::CurrentSettings.deactivate_dormant_users_period)
|
|
return ::ServiceResponse.error(message: deactivation_error_message, reason: :forbidden)
|
|
end
|
|
|
|
unless user.deactivate
|
|
return ::ServiceResponse.error(message: user.errors.full_messages.to_sentence,
|
|
reason: :bad_request)
|
|
end
|
|
|
|
log_event(user)
|
|
|
|
::ServiceResponse.success
|
|
end
|
|
|
|
private
|
|
|
|
attr_reader :current_user
|
|
|
|
def allowed?
|
|
return true if @skip_authorization
|
|
|
|
can?(current_user, :admin_all_resources)
|
|
end
|
|
|
|
def log_event(user)
|
|
Gitlab::AppLogger.info(message: 'User deactivated', user: user.username.to_s, email: user.email.to_s,
|
|
deactivated_by: current_user.username.to_s, ip_address: current_user.current_sign_in_ip.to_s)
|
|
end
|
|
end
|
|
end
|
|
|
|
Users::DeactivateService.prepend_mod_with('Users::DeactivateService')
|