Class: Admin::UsersController

Inherits:
ApplicationController show all
Includes:
RoutableActions
Defined in:
app/controllers/admin/users_controller.rb

Constant Summary

Constants inherited from ApplicationController

ApplicationController::DEFAULT_GITLAB_CACHE_CONTROL

Constants included from Gitlab::Logging::CloudflareHelper

Gitlab::Logging::CloudflareHelper::CLOUDFLARE_CUSTOM_HEADERS

Constants included from Gitlab::NoCacheHeaders

Gitlab::NoCacheHeaders::DEFAULT_GITLAB_NO_CACHE_HEADERS

Instance Method Summary collapse

Methods included from RoutableActions

#ensure_canonical_path, #find_routable!, #not_found_actions, #perform_not_found_actions, #routable_authorized?

Methods included from EnforcesAdminAuthentication

#authenticate_admin!, #storable_location?

Methods inherited from ApplicationController

#not_found, #redirect_back_or_default, #render, #route_not_found

Methods included from Gitlab::Utils::StrongMemoize

#clear_memoization, #strong_memoize, #strong_memoized?

Methods included from Gitlab::Logging::CloudflareHelper

#store_cloudflare_headers!, #valid_cloudflare_header?

Methods included from Impersonation

#current_user

Methods included from InitializesCurrentUserMode

#current_user_mode

Methods included from Gitlab::Experimentation::ControllerConcern

#experiment_enabled?, #experiment_tracking_category_and_group, #frontend_experimentation_tracking_data, #record_experiment_user, #set_experimentation_subject_id_cookie, #track_experiment_event

Methods included from SessionsHelper

#limit_session_time, #unconfirmed_email?

Methods included from SessionlessAuthentication

#authenticate_sessionless_user!, #sessionless_bypass_admin_mode!, #sessionless_sign_in, #sessionless_user?

Methods included from Gitlab::SearchContext::ControllerConcern

#search_context

Methods included from EnforcesTwoFactorAuthentication

#check_two_factor_requirement, #current_user_requires_two_factor?, #skip_two_factor?, #two_factor_authentication_reason, #two_factor_authentication_required?, #two_factor_grace_period, #two_factor_grace_period_expired?, #two_factor_skippable?, #two_factor_verifier

Methods included from WorkhorseHelper

#send_artifacts_entry, #send_git_archive, #send_git_blob, #send_git_diff, #send_git_patch, #set_workhorse_internal_api_content_type, #workhorse_set_content_type!

Methods included from SafeParamsHelper

#safe_params

Methods included from PageLayoutHelper

#blank_container, #container_class, #favicon, #fluid_layout, #header_title, #nav, #page_card_attributes, #page_card_meta_tags, #page_description, #page_image, #page_title, #search_context, #sidebar

Methods included from GitlabRoutingHelper

#approve_access_request_group_member_path, #approve_access_request_project_member_path, #artifacts_action_path, #commit_url, #commits_url, #edit_milestone_path, #edit_pipeline_schedule_path, #environment_delete_path, #environment_metrics_path, #environment_path, #expose_fast_artifacts_path, #fast_browse_project_job_artifacts_path, #fast_download_project_job_artifacts_path, #fast_keep_project_job_artifacts_path, #gitlab_dashboard_snippets_path, #gitlab_raw_snippet_blob_path, #gitlab_raw_snippet_blob_url, #gitlab_raw_snippet_path, #gitlab_raw_snippet_url, #gitlab_snippet_note_path, #gitlab_snippet_note_url, #gitlab_snippet_notes_path, #gitlab_snippet_notes_url, #gitlab_snippet_path, #gitlab_snippet_url, #gitlab_toggle_award_emoji_snippet_note_path, #gitlab_toggle_award_emoji_snippet_note_url, #gitlab_toggle_award_emoji_snippet_path, #gitlab_toggle_award_emoji_snippet_url, #group_member_path, #group_members_url, #issue_path, #issue_url, #leave_group_members_path, #leave_project_members_path, #merge_request_path, #merge_request_url, #pipeline_job_url, #pipeline_path, #pipeline_schedule_path, #pipeline_schedules_path, #pipeline_url, #play_pipeline_schedule_path, #preview_markdown_path, #project_commits_path, #project_member_path, #project_members_url, #project_ref_path, #project_tree_path, #request_access_group_members_path, #request_access_project_members_path, #resend_invite_group_member_path, #resend_invite_project_member_path, #take_ownership_pipeline_schedule_path, #toggle_award_emoji_personal_snippet_path, #toggle_award_emoji_project_project_snippet_path, #toggle_award_emoji_project_project_snippet_url, #toggle_subscription_path, #wiki_page_path, #wiki_path

Methods included from API::Helpers::RelatedResourcesHelpers

#expose_path, #expose_url, #issues_available?, #mrs_available?

Methods included from Gitlab::NoCacheHeaders

#no_cache_headers

Methods included from Gitlab::GonHelper

#add_gon_variables, #default_avatar_url, #push_frontend_feature_flag

Methods included from WebpackHelper

#webpack_bundle_tag, #webpack_controller_bundle_tags, #webpack_entrypoint_paths, #webpack_public_host, #webpack_public_path

Methods included from StartupCssHelper

#use_startup_css?

Instance Method Details

#activateObject 


61
62
63
64
65
66
 
# File 'app/controllers/admin/users_controller.rb', line 61

def activate
  return redirect_back_or_admin_user(notice: _("Error occurred. A blocked user must be unblocked to be activated")) if user.blocked?

  user.activate
  redirect_back_or_admin_user(notice: _("Successfully activated"))
end

#blockObject 


77
78
79
80
81
82
83
84
85
 
# File 'app/controllers/admin/users_controller.rb', line 77

def block
  result = Users::BlockService.new(current_user).execute(user)

  if result[:status] = :success
    redirect_back_or_admin_user(notice: _("Successfully blocked"))
  else
    redirect_back_or_admin_user(alert: _("Error occurred. User was not blocked"))
  end
end

#confirmObject 


105
106
107
108
109
110
111
 
# File 'app/controllers/admin/users_controller.rb', line 105

def confirm
  if update_user { |user| user.confirm }
    redirect_back_or_admin_user(notice: _("Successfully confirmed"))
  else
    redirect_back_or_admin_user(alert: _("Error occurred. User was not confirmed"))
  end
end

#createObject 


124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
 
# File 'app/controllers/admin/users_controller.rb', line 124

def create
  opts = {
    reset_password: true,
    skip_confirmation: true
  }

  @user = Users::CreateService.new(current_user, user_params.merge(opts)).execute

  respond_to do |format|
    if @user.persisted?
      format.html { redirect_to [:admin, @user], notice: _('User was successfully created.') }
      format.json { render json: @user, status: :created, location: @user }
    else
      format.html { render "new" }
      format.json { render json: @user.errors, status: :unprocessable_entity }
    end
  end
end

#deactivateObject 


68
69
70
71
72
73
74
75
 
# File 'app/controllers/admin/users_controller.rb', line 68

def deactivate
  return redirect_back_or_admin_user(notice: _("Error occurred. A blocked user cannot be deactivated")) if user.blocked?
  return redirect_back_or_admin_user(notice: _("Successfully deactivated")) if user.deactivated?
  return redirect_back_or_admin_user(notice: _("The user you are trying to deactivate has been active in the past %{minimum_inactive_days} days and cannot be deactivated") % { minimum_inactive_days: ::User::MINIMUM_INACTIVE_DAYS }) unless user.can_be_deactivated?

  user.deactivate
  redirect_back_or_admin_user(notice: _("Successfully deactivated"))
end

#destroyObject 


175
176
177
178
179
180
181
182
 
# File 'app/controllers/admin/users_controller.rb', line 175

def destroy
  user.delete_async(deleted_by: current_user, params: params.permit(:hard_delete))

  respond_to do |format|
    format.html { redirect_to admin_users_path, status: :found, notice: _("The user is being deleted.") }
    format.json { head :ok }
  end
end

#disable_two_factorObject 


113
114
115
116
117
118
119
120
121
122
 
# File 'app/controllers/admin/users_controller.rb', line 113

def disable_two_factor
  result = TwoFactor::DestroyService.new(current_user, user: user).execute

  if result[:status] == :success
    redirect_to admin_user_path(user),
      notice: _('Two-factor authentication has been disabled for this user')
  else
    redirect_to admin_user_path(user), alert: result[:message]
  end
end

#editObject 


32
33
34
 
# File 'app/controllers/admin/users_controller.rb', line 32

def edit
  user
end

#impersonateObject 


36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 
# File 'app/controllers/admin/users_controller.rb', line 36

def impersonate
  if can?(user, :log_in)
    session[:impersonator_id] = current_user.id

    warden.set_user(user, scope: :user)

    log_impersonation_event

    flash[:alert] = _("You are now impersonating %{username}") % { username: user.username }

    redirect_to root_path
  else
    flash[:alert] =
      if user.blocked?
        _("You cannot impersonate a blocked user")
      elsif user.internal?
        _("You cannot impersonate an internal user")
      else
        _("You cannot impersonate a user who cannot log in")
      end

    redirect_to admin_user_path(user)
  end
end

#indexObject 


9
10
11
12
13
14
 
# File 'app/controllers/admin/users_controller.rb', line 9

def index
  @users = User.filter_items(params[:filter]).order_name_asc
  @users = @users.search_with_secondary_emails(params[:search_query]) if params[:search_query].present?
  @users = @users.sort_by_attribute(@sort = params[:sort])
  @users = @users.page(params[:page])
end

#keysObject 


24
25
26
 
# File 'app/controllers/admin/users_controller.rb', line 24

def keys
  @keys = user.keys.order_id_desc
end

#newObject 


28
29
30
 
# File 'app/controllers/admin/users_controller.rb', line 28

def new
  @user = User.new
end

#projectsObject 


19
20
21
22
 
# File 'app/controllers/admin/users_controller.rb', line 19

def projects
  @personal_projects = user.personal_projects
  @joined_projects = user.projects.joined(@user)
end

#remove_emailObject 


184
185
186
187
188
189
190
191
192
193
194
195
196
197
 
# File 'app/controllers/admin/users_controller.rb', line 184

def remove_email
  email = user.emails.find(params[:email_id])
  success = Emails::DestroyService.new(current_user, user: user).execute(email)

  respond_to do |format|
    if success
      format.html { redirect_back_or_admin_user(notice: _('Successfully removed email.')) }
      format.json { head :ok }
    else
      format.html { redirect_back_or_admin_user(alert: _('There was an error removing the e-mail.')) }
      format.json { render json: _('There was an error removing the e-mail.'), status: :bad_request }
    end
  end
end

#showObject 


16
17
 
# File 'app/controllers/admin/users_controller.rb', line 16

def show
end

#unblockObject 


87
88
89
90
91
92
93
94
95
 
# File 'app/controllers/admin/users_controller.rb', line 87

def unblock
  if user.ldap_blocked?
    redirect_back_or_admin_user(alert: _("This user cannot be unlocked manually from GitLab"))
  elsif update_user { |user| user.activate }
    redirect_back_or_admin_user(notice: _("Successfully unblocked"))
  else
    redirect_back_or_admin_user(alert: _("Error occurred. User was not unblocked"))
  end
end

#unlockObject 


97
98
99
100
101
102
103
 
# File 'app/controllers/admin/users_controller.rb', line 97

def unlock
  if update_user { |user| user.unlock_access! }
    redirect_back_or_admin_user(alert: _("Successfully unlocked"))
  else
    redirect_back_or_admin_user(alert: _("Error occurred. User was not unlocked"))
  end
end

#updateObject 


143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
 
# File 'app/controllers/admin/users_controller.rb', line 143

def update
  user_params_with_pass = user_params.dup

  if params[:user][:password].present?
    password_params = {
      password: params[:user][:password],
      password_confirmation: params[:user][:password_confirmation]
    }

    password_params[:password_expires_at] = Time.current if admin_making_changes_for_another_user?

    user_params_with_pass.merge!(password_params)
  end

  respond_to do |format|
    result = Users::UpdateService.new(current_user, user_params_with_pass.merge(user: user)).execute do |user|
      user.skip_reconfirmation!
      user.send_only_admin_changed_your_password_notification! if admin_making_changes_for_another_user?
    end

    if result[:status] == :success
      format.html { redirect_to [:admin, user], notice: _('User was successfully updated.') }
      format.json { head :ok }
    else
      # restore username to keep form action url.
      user.username = params[:id]
      format.html { render "edit" }
      format.json { render json: [result[:message]], status: result[:status] }
    end
  end
end