Class: Admin::UsersController

Inherits:
ApplicationController show all
Includes:
RoutableActions, SortingHelper
Defined in:
app/controllers/admin/users_controller.rb

Constant Summary collapse

PAGINATION_WITH_COUNT_LIMIT =
1000

Constants included from Gitlab::EndpointAttributes

Gitlab::EndpointAttributes::DEFAULT_URGENCY

Constants included from Gitlab::Logging::CloudflareHelper

Gitlab::Logging::CloudflareHelper::CLOUDFLARE_CUSTOM_HEADERS

Constants included from Impersonation

Impersonation::SESSION_KEYS_TO_DELETE

Constants included from Gitlab::Experimentation::GroupTypes

Gitlab::Experimentation::GroupTypes::GROUP_CONTROL, Gitlab::Experimentation::GroupTypes::GROUP_EXPERIMENTAL

Constants included from EnforcesTwoFactorAuthentication

EnforcesTwoFactorAuthentication::MFA_HELP_PAGE

Constants included from Gitlab::NoCacheHeaders

Gitlab::NoCacheHeaders::DEFAULT_GITLAB_NO_CACHE_HEADERS

Instance Method Summary collapse

Methods included from SortingHelper

#admin_groups_sort_options_hash, #admin_users_sort_options, #audit_logs_sort_order_hash, #branches_sort_options_hash, #forks_reverse_sort_options_hash, #forks_sort_direction_button, #forks_sort_options_hash, #groups_sort_options_hash, #issuable_reverse_sort_order_hash, #issuable_sort_direction_button, #issuable_sort_option_overrides, #issuable_sort_option_title, #label_sort_options_hash, #milestones_sort_options_hash, #packages_reverse_sort_order_hash, #packages_sort_direction_button, #packages_sort_option_title, #packages_sort_options_hash, #project_sort_direction_button, #projects_reverse_sort_options_hash, #projects_sort_option_titles, #projects_sort_options_hash, #runners_sort_options_hash, #sort_direction_button, #sort_direction_icon, #sort_options_hash, #sortable_item, #starrers_sort_options_hash, #subgroups_sort_options_hash, #tags_sort_options_hash, #users_sort_options_hash

Methods included from SortingTitlesValuesHelper

#sort_title_closed_date, #sort_title_closed_earlier, #sort_title_closed_recently, #sort_title_contacted_date, #sort_title_created_date, #sort_title_downvotes, #sort_title_due_date, #sort_title_due_date_later, #sort_title_due_date_soon, #sort_title_expire_date, #sort_title_label_priority, #sort_title_largest_group, #sort_title_largest_repo, #sort_title_latest_activity, #sort_title_merged_date, #sort_title_merged_earlier, #sort_title_merged_recently, #sort_title_milestone, #sort_title_milestone_later, #sort_title_milestone_soon, #sort_title_most_stars, #sort_title_name, #sort_title_name_asc, #sort_title_name_desc, #sort_title_oldest_activity, #sort_title_oldest_created, #sort_title_oldest_last_activity, #sort_title_oldest_signin, #sort_title_oldest_starred, #sort_title_oldest_updated, #sort_title_popularity, #sort_title_priority, #sort_title_recently_created, #sort_title_recently_last_activity, #sort_title_recently_signin, #sort_title_recently_starred, #sort_title_recently_updated, #sort_title_relative_position, #sort_title_size, #sort_title_stars, #sort_title_start_date_later, #sort_title_start_date_soon, #sort_title_title, #sort_title_upvotes, #sort_value_closed_date, #sort_value_closed_earlier, #sort_value_closed_recently, #sort_value_contacted_date, #sort_value_created_date, #sort_value_downvotes, #sort_value_due_date, #sort_value_due_date_later, #sort_value_due_date_soon, #sort_value_expire_date, #sort_value_label_priority, #sort_value_largest_group, #sort_value_largest_repo, #sort_value_latest_activity, #sort_value_least_popular, #sort_value_merged_date, #sort_value_merged_earlier, #sort_value_merged_recently, #sort_value_milestone, #sort_value_milestone_later, #sort_value_milestone_soon, #sort_value_most_popular, #sort_value_name, #sort_value_name_desc, #sort_value_oldest_activity, #sort_value_oldest_created, #sort_value_oldest_last_activity, #sort_value_oldest_signin, #sort_value_oldest_updated, #sort_value_popularity, #sort_value_priority, #sort_value_recently_created, #sort_value_recently_last_activity, #sort_value_recently_signin, #sort_value_recently_updated, #sort_value_relative_position, #sort_value_size, #sort_value_stars_asc, #sort_value_stars_desc, #sort_value_start_date_later, #sort_value_start_date_soon, #sort_value_title, #sort_value_title_desc, #sort_value_upvotes

Methods included from RoutableActions

#ensure_canonical_path, #find_routable!, #not_found_actions, #perform_not_found_actions, #routable_authorized?

Methods included from EnforcesAdminAuthentication

#authenticate_admin!, #storable_location?

Methods inherited from ApplicationController

endpoint_id_for_action, #feature_category, #not_found, #redirect_back_or_default, #render, #route_not_found, #urgency

Methods included from CheckRateLimit

#check_rate_limit!

Methods included from FlocOptOut

#floc_enabled?, #set_floc_opt_out_header

Methods included from Gitlab::Utils::StrongMemoize

#clear_memoization, #strong_memoize, #strong_memoized?

Methods included from Gitlab::Logging::CloudflareHelper

#store_cloudflare_headers!, #valid_cloudflare_header?

Methods included from Impersonation

#current_user

Methods included from InitializesCurrentUserMode

#current_user_mode

Methods included from Gitlab::Experimentation::ControllerConcern

#experiment_enabled?, #experiment_tracking_category_and_group, #frontend_experimentation_tracking_data, #push_frontend_experiment, #record_experiment_conversion_event, #record_experiment_group, #record_experiment_user, #set_experimentation_subject_id_cookie, #track_experiment_event

Methods included from Gitlab::Tracking::Helpers

#dnt_enabled?, #trackable_html_request?

Methods included from SessionsHelper

#ensure_authenticated_session_time, #limit_session_time, #recently_confirmed_com?, #set_session_time, #unconfirmed_email?

Methods included from SessionlessAuthentication

#authenticate_sessionless_user!, #request_authenticator, #sessionless_bypass_admin_mode!, #sessionless_sign_in, #sessionless_user?

Methods included from Gitlab::SearchContext::ControllerConcern

#search_context

Methods included from EnforcesTwoFactorAuthentication

#check_two_factor_requirement, #current_user_requires_two_factor?, #skip_two_factor?, #two_factor_authentication_reason, #two_factor_authentication_required?, #two_factor_grace_period, #two_factor_grace_period_expired?, #two_factor_skippable?, #two_factor_verifier

Methods included from WorkhorseHelper

#content_disposition_for_blob, #send_artifacts_entry, #send_dependency, #send_git_archive, #send_git_blob, #send_git_diff, #send_git_patch, #set_workhorse_internal_api_content_type, #workhorse_set_content_type!

Methods included from SafeParamsHelper

#safe_params

Methods included from PageLayoutHelper

#blank_container, #container_class, #favicon, #fluid_layout, #header_title, #nav, #page_canonical_link, #page_card_attributes, #page_card_meta_tags, #page_description, #page_image, #page_itemtype, #page_title, #search_context, #sidebar, #user_status_properties

Methods included from Routing::PseudonymizationHelper

#masked_page_url

Methods included from Routing::GraphqlHelper

#graphql_etag_pipeline_path, #graphql_etag_pipeline_sha_path, #graphql_etag_project_on_demand_scan_counts_path

Methods included from Routing::WikiHelper

#wiki_page_path, #wiki_path

Methods included from Routing::SnippetsHelper

#gitlab_dashboard_snippets_path, #gitlab_raw_snippet_blob_path, #gitlab_raw_snippet_blob_url, #gitlab_raw_snippet_path, #gitlab_raw_snippet_url, #gitlab_snippet_note_path, #gitlab_snippet_note_url, #gitlab_snippet_notes_path, #gitlab_snippet_notes_url, #gitlab_snippet_path, #gitlab_snippet_url, #gitlab_toggle_award_emoji_snippet_note_path, #gitlab_toggle_award_emoji_snippet_note_url, #gitlab_toggle_award_emoji_snippet_path, #gitlab_toggle_award_emoji_snippet_url, #preview_markdown_path, #toggle_award_emoji_personal_snippet_path, #toggle_award_emoji_project_project_snippet_path, #toggle_award_emoji_project_project_snippet_url

Methods included from Routing::PipelineSchedulesHelper

#edit_pipeline_schedule_path, #pipeline_schedule_path, #pipeline_schedules_path, #play_pipeline_schedule_path, #take_ownership_pipeline_schedule_path

Methods included from Routing::ArtifactsHelper

#artifacts_action_path, #expose_fast_artifacts_path, #fast_browse_project_job_artifacts_path, #fast_download_project_job_artifacts_path, #fast_keep_project_job_artifacts_path

Methods included from Routing::MembersHelper

#source_members_url

Methods included from Routing::Groups::MembersHelper

#approve_access_request_group_member_path, #group_member_path, #group_members_url, #leave_group_members_path, #request_access_group_members_path, #resend_invite_group_member_path

Methods included from Routing::Projects::MembersHelper

#approve_access_request_project_member_path, #leave_project_members_path, #project_member_path, #project_members_url, #request_access_project_members_path, #resend_invite_project_member_path

Methods included from Routing::ProjectsHelper

#commit_url, #commits_url, #edit_milestone_path, #environment_delete_path, #environment_path, #issue_path, #issue_url, #merge_request_path, #merge_request_url, #pipeline_job_url, #pipeline_path, #pipeline_url, #project_commits_path, #project_ref_path, #project_tree_path, #release_url, #toggle_subscription_path

Methods included from API::Helpers::RelatedResourcesHelpers

#expose_path, #expose_url, #issues_available?, #mrs_available?

Methods included from ApplicationSettingsHelper

#all_protocols_enabled?, #allowed_protocols_present?, #deprecated_attributes, #enabled_protocol, #enabled_protocol_button, #expanded_by_default?, #external_authorization_client_certificate_help_text, #external_authorization_client_key_help_text, #external_authorization_client_pass_help_text, #external_authorization_client_url_help_text, #external_authorization_description, #external_authorization_service_attributes, #external_authorization_timeout_help_text, #external_authorization_url_help_text, #http_enabled?, #import_sources_checkboxes, #instance_clusters_enabled?, #integration_expanded?, #key_restriction_options_for_select, #kroki_available_formats, #oauth_providers_checkboxes, #omnibus_protected_paths_throttle?, #pending_user_count, #registration_features_can_be_prompted?, #repository_storages_options_json, #restricted_level_checkboxes, #self_monitoring_project_data, #sidekiq_job_limiter_mode_help_text, #sidekiq_job_limiter_modes_for_select, #signup_enabled?, #ssh_enabled?, #storage_weights, #user_oauth_applications?, #valid_runner_registrars, #visible_attributes

Methods included from ProjectsHelper

#able_to_see_issues?, #able_to_see_merge_requests?, #any_projects?, #author_content_tag, #autodeploy_flash_notice, #can_admin_project_member?, #can_change_visibility_level?, #can_disable_emails?, #delete_confirm_phrase, #directory?, #error_tracking_setting_project_json, #explore_projects_tab?, #external_classification_label_help_message, #fork_button_disabled_tooltip, #grafana_integration_enabled?, #grafana_integration_masked_token, #grafana_integration_url, #import_from_bitbucket_message, #import_from_gitlab_message, #last_push_event, #link_to_autodeploy_doc, #link_to_member, #link_to_member_avatar, #link_to_project, #load_pipeline_status, #membership_locked?, #metrics_dashboard_timezone, #metrics_external_dashboard_url, #no_password_message, #project_can_be_shared?, #project_classes, #project_incident_management_setting, #project_license_name, #project_list_cache_key, #project_permissions_panel_data, #project_search_tabs?, #project_title, #push_to_create_project_command, #remove_fork_project_confirm_json, #remove_fork_project_description_message, #remove_fork_project_warning_message, #remove_project_message, #share_project_description, #show_auto_devops_implicitly_enabled_banner?, #show_issue_count?, #show_merge_request_count?, #show_no_password_message?, #show_no_ssh_key_message?, #show_projects?, #show_terraform_banner?, #show_xcode_link?, #transfer_project_message, #visible_fork_source, #xcode_uri_to_repo

Methods included from Gitlab::NoCacheHeaders

#no_cache_headers

Methods included from Gitlab::GonHelper

#add_gon_variables, #default_avatar_url, #push_force_frontend_feature_flag, #push_frontend_feature_flag, #push_to_gon_attributes

Methods included from WebpackHelper

#prefetch_link_tag, #webpack_bundle_tag, #webpack_controller_bundle_tags, #webpack_entrypoint_paths, #webpack_preload_asset_tag, #webpack_public_host, #webpack_public_path

Instance Method Details

#activateObject


97
98
99
100
101
102
# File 'app/controllers/admin/users_controller.rb', line 97

def activate
  return redirect_back_or_admin_user(notice: _("Error occurred. A blocked user must be unblocked to be activated")) if user.blocked?

  user.activate
  redirect_back_or_admin_user(notice: _("Successfully activated"))
end

#approveObject


77
78
79
80
81
82
83
84
85
# File 'app/controllers/admin/users_controller.rb', line 77

def approve
  result = Users::ApproveService.new(current_user).execute(user)

  if result[:status] == :success
    redirect_back_or_admin_user(notice: _("Successfully approved"))
  else
    redirect_back_or_admin_user(alert: result[:message])
  end
end

#banObject


134
135
136
137
138
139
140
141
142
# File 'app/controllers/admin/users_controller.rb', line 134

def ban
  result = Users::BanService.new(current_user).execute(user)

  if result[:status] == :success
    redirect_back_or_admin_user(notice: _("Successfully banned"))
  else
    redirect_back_or_admin_user(alert: _("Error occurred. User was not banned"))
  end
end

#blockObject


114
115
116
117
118
119
120
121
122
# File 'app/controllers/admin/users_controller.rb', line 114

def block
  result = Users::BlockService.new(current_user).execute(user)

  if result[:status] == :success
    redirect_back_or_admin_user(notice: _("Successfully blocked"))
  else
    redirect_back_or_admin_user(alert: _("Error occurred. User was not blocked"))
  end
end

#confirmObject


162
163
164
165
166
167
168
# File 'app/controllers/admin/users_controller.rb', line 162

def confirm
  if update_user { |user| user.force_confirm }
    redirect_back_or_admin_user(notice: _("Successfully confirmed"))
  else
    redirect_back_or_admin_user(alert: _("Error occurred. User was not confirmed"))
  end
end

#createObject


181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
# File 'app/controllers/admin/users_controller.rb', line 181

def create
  opts = {
    reset_password: true,
    skip_confirmation: true
  }

  @user = Users::CreateService.new(current_user, user_params.merge(opts)).execute

  respond_to do |format|
    if @user.persisted?
      format.html { redirect_to [:admin, @user], notice: _('User was successfully created.') }
      format.json { render json: @user, status: :created, location: @user }
    else
      format.html { render "new" }
      format.json { render json: @user.errors, status: :unprocessable_entity }
    end
  end
end

#deactivateObject


104
105
106
107
108
109
110
111
112
# File 'app/controllers/admin/users_controller.rb', line 104

def deactivate
  return redirect_back_or_admin_user(notice: _("Error occurred. A blocked user cannot be deactivated")) if user.blocked?
  return redirect_back_or_admin_user(notice: _("Successfully deactivated")) if user.deactivated?
  return redirect_back_or_admin_user(notice: _("Internal users cannot be deactivated")) if user.internal?
  return redirect_back_or_admin_user(notice: _("The user you are trying to deactivate has been active in the past %{minimum_inactive_days} days and cannot be deactivated") % { minimum_inactive_days: ::User::MINIMUM_INACTIVE_DAYS }) unless user.can_be_deactivated?

  user.deactivate
  redirect_back_or_admin_user(notice: _("Successfully deactivated"))
end

#destroyObject


235
236
237
238
239
240
241
242
# File 'app/controllers/admin/users_controller.rb', line 235

def destroy
  user.delete_async(deleted_by: current_user, params: destroy_params)

  respond_to do |format|
    format.html { redirect_to admin_users_path, status: :found, notice: _("The user is being deleted.") }
    format.json { head :ok }
  end
end

#disable_two_factorObject


170
171
172
173
174
175
176
177
178
179
# File 'app/controllers/admin/users_controller.rb', line 170

def disable_two_factor
  result = TwoFactor::DestroyService.new(current_user, user: user).execute

  if result[:status] == :success
    redirect_to admin_user_path(user),
      notice: _('Two-factor authentication has been disabled for this user')
  else
    redirect_to admin_user_path(user), alert: result[:message]
  end
end

#editObject


45
46
47
# File 'app/controllers/admin/users_controller.rb', line 45

def edit
  user
end

#impersonateObject


49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# File 'app/controllers/admin/users_controller.rb', line 49

def impersonate
  if can?(user, :log_in) && !impersonation_in_progress?
    session[:impersonator_id] = current_user.id

    warden.set_user(user, scope: :user)
    clear_access_token_session_keys!

    log_impersonation_event

    flash[:alert] = _("You are now impersonating %{username}") % { username: user.username }

    redirect_to root_path
  else
    flash[:alert] =
      if impersonation_in_progress?
        _("You are already impersonating another user")
      elsif user.blocked?
        _("You cannot impersonate a blocked user")
      elsif user.internal?
        _("You cannot impersonate an internal user")
      else
        _("You cannot impersonate a user who cannot log in")
      end

    redirect_to admin_user_path(user)
  end
end

#indexObject


16
17
18
19
20
21
22
23
24
25
26
# File 'app/controllers/admin/users_controller.rb', line 16

def index
  return redirect_to admin_cohorts_path if params[:tab] == 'cohorts'

  @users = User.filter_items(params[:filter]).order_name_asc
  @users = @users.search(params[:search_query], with_private_emails: true) if params[:search_query].present?
  @users = users_with_included_associations(@users)
  @sort = params[:sort].presence || sort_value_name
  @users = @users.sort_by_attribute(@sort)
  @users = @users.page(params[:page])
  @users = @users.without_count if paginate_without_count?
end

#keysObject


37
38
39
# File 'app/controllers/admin/users_controller.rb', line 37

def keys
  @keys = user.keys.order_id_desc
end

#newObject


41
42
43
# File 'app/controllers/admin/users_controller.rb', line 41

def new
  @user = User.new
end

#projectsObject

rubocop: disable CodeReuse/ActiveRecord


32
33
34
35
# File 'app/controllers/admin/users_controller.rb', line 32

def projects
  @personal_projects = user.personal_projects.includes(:topics)
  @joined_projects = user.projects.joined(@user).includes(:topics)
end

#rejectObject


87
88
89
90
91
92
93
94
95
# File 'app/controllers/admin/users_controller.rb', line 87

def reject
  result = Users::RejectService.new(current_user).execute(user)

  if result[:status] == :success
    redirect_to admin_users_path, status: :found, notice: _("You've rejected %{user}" % { user: user.name })
  else
    redirect_back_or_admin_user(alert: result[:message])
  end
end

#remove_emailObject


244
245
246
247
248
249
250
251
252
253
254
255
256
257
# File 'app/controllers/admin/users_controller.rb', line 244

def remove_email
  email = user.emails.find(params[:email_id])
  success = Emails::DestroyService.new(current_user, user: user).execute(email)

  respond_to do |format|
    if success
      format.html { redirect_back_or_admin_user(notice: _('Successfully removed email.')) }
      format.json { head :ok }
    else
      format.html { redirect_back_or_admin_user(alert: _('There was an error removing the e-mail.')) }
      format.json { render json: _('There was an error removing the e-mail.'), status: :bad_request }
    end
  end
end

#showObject


28
29
# File 'app/controllers/admin/users_controller.rb', line 28

def show
end

#unbanObject


144
145
146
147
148
149
150
151
152
# File 'app/controllers/admin/users_controller.rb', line 144

def unban
  result = Users::UnbanService.new(current_user).execute(user)

  if result[:status] == :success
    redirect_back_or_admin_user(notice: _("Successfully unbanned"))
  else
    redirect_back_or_admin_user(alert: _("Error occurred. User was not unbanned"))
  end
end

#unblockObject


124
125
126
127
128
129
130
131
132
# File 'app/controllers/admin/users_controller.rb', line 124

def unblock
  if user.ldap_blocked?
    redirect_back_or_admin_user(alert: _("This user cannot be unlocked manually from GitLab"))
  elsif update_user { |user| user.activate }
    redirect_back_or_admin_user(notice: _("Successfully unblocked"))
  else
    redirect_back_or_admin_user(alert: _("Error occurred. User was not unblocked"))
  end
end

#unlockObject


154
155
156
157
158
159
160
# File 'app/controllers/admin/users_controller.rb', line 154

def unlock
  if update_user { |user| user.unlock_access! }
    redirect_back_or_admin_user(notice: _("Successfully unlocked"))
  else
    redirect_back_or_admin_user(alert: _("Error occurred. User was not unlocked"))
  end
end

#updateObject


200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
# File 'app/controllers/admin/users_controller.rb', line 200

def update
  user_params_with_pass = user_params.dup

  if params[:user][:password].present?
    password_params = {
      password: params[:user][:password],
      password_confirmation: params[:user][:password_confirmation]
    }

    password_params[:password_expires_at] = Time.current if admin_making_changes_for_another_user?

    user_params_with_pass.merge!(password_params)
  end

  cc_validation_params = process_credit_card_validation_params(user_params_with_pass.delete(:credit_card_validation_attributes))
  user_params_with_pass.merge!(cc_validation_params)

  respond_to do |format|
    result = Users::UpdateService.new(current_user, user_params_with_pass.merge(user: user)).execute do |user|
      user.skip_reconfirmation!
      user.send_only_admin_changed_your_password_notification! if admin_making_changes_for_another_user?
    end

    if result[:status] == :success
      format.html { redirect_to [:admin, user], notice: _('User was successfully updated.') }
      format.json { head :ok }
    else
      # restore username to keep form action url.
      user.username = params[:id]
      format.html { render "edit" }
      format.json { render json: [result[:message]], status: :internal_server_error }
    end
  end
end