Class: Member

Inherits:

ApplicationRecord

• Object
• ActiveRecord::Base
• ApplicationRecord
• Member

Includes:

AfterCommitQueue, EachBatch, Expirable, FromUnion, Gitlab::Access, Gitlab::Utils::StrongMemoize, Importable, Presentable, Sortable, UpdateHighestRole

Defined in:

app/models/member.rb

Direct Known Subclasses

GroupMember, ProjectMember

Constant Summary

Constants included from UpdateHighestRole

UpdateHighestRole::HIGHEST_ROLE_JOB_DELAY, UpdateHighestRole::HIGHEST_ROLE_LEASE_TIMEOUT

Constants included from Gitlab::Access

Gitlab::Access::AccessDeniedError, Gitlab::Access::DEVELOPER, Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS, Gitlab::Access::GUEST, Gitlab::Access::MAINTAINER, Gitlab::Access::MAINTAINER_PROJECT_ACCESS, Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS, Gitlab::Access::MINIMAL_ACCESS, Gitlab::Access::NO_ACCESS, Gitlab::Access::NO_ONE_PROJECT_ACCESS, Gitlab::Access::OWNER, Gitlab::Access::OWNER_SUBGROUP_ACCESS, Gitlab::Access::PROTECTION_DEV_CAN_MERGE, Gitlab::Access::PROTECTION_DEV_CAN_PUSH, Gitlab::Access::PROTECTION_FULL, Gitlab::Access::PROTECTION_NONE, Gitlab::Access::REPORTER

Constants included from Expirable

Expirable::DAYS_TO_EXPIRE

Instance Attribute Summary

• #raw_invite_token ⇒ Object

  Returns the value of attribute raw_invite_token.

Attributes included from Importable

#imported, #importing

Class Method Summary

• .access_for_user_ids(user_ids) ⇒ Object
• .access_levels ⇒ Object
• .add_user(source, user, access_level, existing_members: nil, current_user: nil, expires_at: nil, ldap: false) ⇒ Object
• .add_users(source, users, access_level, current_user: nil, expires_at: nil) ⇒ Object
• .filter_by_2fa(value) ⇒ Object
• .find_by_invite_token(raw_invite_token) ⇒ Object
• .left_join_users ⇒ Object
• .search(query) ⇒ Object
• .search_invite_email(query) ⇒ Object
• .set_member_attributes(member, access_level, current_user: nil, expires_at: nil, ldap: false) ⇒ Object

  Populates the attributes of a member.

• .sort_by_attribute(method) ⇒ Object

Instance Method Summary

• #accept_invite!(new_user) ⇒ Object
• #accept_request ⇒ Object
• #access_field ⇒ Object
• #create_notification_setting ⇒ Object
• #decline_invite! ⇒ Object
• #destroy_notification_setting ⇒ Object
• #generate_invite_token ⇒ Object
• #generate_invite_token! ⇒ Object
• #highest_group_member ⇒ Object

  Find the user's group member with a highest access level.

• #invite? ⇒ Boolean
• #invite_to_unknown_user? ⇒ Boolean
• #notifiable?(type, opts = {}) ⇒ Boolean

  rubocop: disable CodeReuse/ServiceClass.

• #notification_setting ⇒ Object
• #pending? ⇒ Boolean
• #real_source_type ⇒ Object
• #request? ⇒ Boolean
• #resend_invite ⇒ Object

Methods included from Gitlab::Utils::StrongMemoize

#clear_memoization, #strong_memoize, #strong_memoized?

Methods included from Presentable

#present

Methods included from Gitlab::Access

all_values, human_access, #human_access, #human_access_with_none, human_access_with_none, options, options_with_none, options_with_owner, #owner?, project_creation_level_name, project_creation_options, project_creation_string_options, project_creation_string_values, project_creation_values, protection_options, protection_values, subgroup_creation_options, subgroup_creation_string_options, subgroup_creation_string_values, subgroup_creation_values, sym_options, sym_options_with_owner

Methods included from Expirable

#expired?, #expires?, #expires_soon?

Methods included from AfterCommitQueue

#run_after_commit, #run_after_commit_or_now

Methods inherited from ApplicationRecord

at_most, id_in, id_not_in, iid_in, pluck_primary_key, primary_key_in, safe_ensure_unique, safe_find_or_create_by, safe_find_or_create_by!, underscore, without_order

Instance Attribute Details

#raw_invite_token ⇒ Object

Returns the value of attribute raw_invite_token

# File 'app/models/member.rb', line 15

def raw_invite_token
  @raw_invite_token
end

Class Method Details

.access_for_user_ids(user_ids) ⇒ Object

# File 'app/models/member.rb', line 163

def access_for_user_ids(user_ids)
  where(user_id: user_ids).has_access.pluck(:user_id, :access_level).to_h
end

.access_levels ⇒ Object

# File 'app/models/member.rb', line 236

def access_levels
  Gitlab::Access.sym_options
end

.add_user(source, user, access_level, existing_members: nil, current_user: nil, expires_at: nil, ldap: false) ⇒ Object

# File 'app/models/member.rb', line 172

def add_user(source, user, access_level, existing_members: nil, current_user: nil, expires_at: nil, ldap: false)
  # rubocop: disable CodeReuse/ServiceClass
  # `user` can be either a User object, User ID or an email to be invited
  member = retrieve_member(source, user, existing_members)
  access_level = retrieve_access_level(access_level)

  return member unless can_update_member?(current_user, member)

  set_member_attributes(
    member,
    access_level,
    current_user: current_user,
    expires_at: expires_at,
    ldap: ldap
  )

  if member.request?
    ::Members::ApproveAccessRequestService.new(
      current_user,
      access_level: access_level
    ).execute(
      member,
      skip_authorization: ldap,
      skip_log_audit_event: ldap
    )
  else
    member.save
  end

  member
  # rubocop: enable CodeReuse/ServiceClass
end

.add_users(source, users, access_level, current_user: nil, expires_at: nil) ⇒ Object

# File 'app/models/member.rb', line 217

def add_users(source, users, access_level, current_user: nil, expires_at: nil)
  return [] unless users.present?

  emails, users, existing_members = parse_users_list(source, users)

  self.transaction do
    (emails + users).map! do |user|
      add_user(
        source,
        user,
        access_level,
        existing_members: existing_members,
        current_user: current_user,
        expires_at: expires_at
      )
    end
  end
end

.filter_by_2fa(value) ⇒ Object

# File 'app/models/member.rb', line 128

def filter_by_2fa(value)
  case value
  when 'enabled'
    left_join_users.merge(User.with_two_factor)
  when 'disabled'
    left_join_users.merge(User.without_two_factor)
  else
    all
  end
end

.find_by_invite_token(raw_invite_token) ⇒ Object

# File 'app/models/member.rb', line 167

def find_by_invite_token(raw_invite_token)
  invite_token = Devise.token_generator.digest(self, :invite_token, raw_invite_token)
  find_by(invite_token: invite_token)
end

.left_join_users ⇒ Object

# File 'app/models/member.rb', line 152

def left_join_users
  users = User.arel_table
  members = Member.arel_table

  member_users = members.join(users, Arel::Nodes::OuterJoin)
                         .on(members[:user_id].eq(users[:id]))
                         .join_sources

  joins(member_users)
end

.search(query) ⇒ Object

# File 'app/models/member.rb', line 120

def search(query)
  joins(:user).merge(User.search(query))
end

.search_invite_email(query) ⇒ Object

# File 'app/models/member.rb', line 124

def search_invite_email(query)
  invite.where(['invite_email ILIKE ?', "%#{query}%"])
end

.set_member_attributes(member, access_level, current_user: nil, expires_at: nil, ldap: false) ⇒ Object

Populates the attributes of a member.

This logic resides in a separate method so that EE can extend this logic, without having to patch the `add_user` method directly.

# File 'app/models/member.rb', line 209

def set_member_attributes(member, access_level, current_user: nil, expires_at: nil, ldap: false)
  member.attributes = {
    created_by: member.created_by || current_user,
    access_level: access_level,
    expires_at: expires_at
  }
end

.sort_by_attribute(method) ⇒ Object

# File 'app/models/member.rb', line 139

def sort_by_attribute(method)
  case method.to_s
  when 'access_level_asc' then reorder(access_level: :asc)
  when 'access_level_desc' then reorder(access_level: :desc)
  when 'recent_sign_in' then order_recent_sign_in
  when 'oldest_sign_in' then order_oldest_sign_in
  when 'last_joined' then order_created_desc
  when 'oldest_joined' then order_created_asc
  else
    order_by(method)
  end
end

Instance Method Details

#accept_invite!(new_user) ⇒ Object

# File 'app/models/member.rb', line 330

def accept_invite!(new_user)
  return false unless invite?

  self.invite_token = nil
  self.invite_accepted_at = Time.current.utc

  self.user = new_user

  saved = self.save

  after_accept_invite if saved

  saved
end

#accept_request ⇒ Object

# File 'app/models/member.rb', line 321

def accept_request
  return false unless request?

  updated = self.update(requested_at: nil)
  after_accept_request if updated

  updated
end

#access_field ⇒ Object

# File 'app/models/member.rb', line 305

def access_field
  access_level
end

#create_notification_setting ⇒ Object

# File 'app/models/member.rb', line 373

def create_notification_setting
  user.notification_settings.find_or_create_for(source)
end

#decline_invite! ⇒ Object

# File 'app/models/member.rb', line 345

def decline_invite!
  return false unless invite?

  destroyed = self.destroy

  after_decline_invite if destroyed

  destroyed
end

#destroy_notification_setting ⇒ Object

# File 'app/models/member.rb', line 377

def destroy_notification_setting
  notification_setting&.destroy
end

#generate_invite_token ⇒ Object

# File 'app/models/member.rb', line 355

def generate_invite_token
  raw, enc = Devise.token_generator.generate(self.class, :invite_token)
  @raw_invite_token = raw
  self.invite_token = enc
end

#generate_invite_token! ⇒ Object

# File 'app/models/member.rb', line 361

def generate_invite_token!
  generate_invite_token && save(validate: false)
end

#highest_group_member ⇒ Object

Find the user's group member with a highest access level

# File 'app/models/member.rb', line 395

def highest_group_member
  strong_memoize(:highest_group_member) do
    next unless user_id && source&.ancestors&.any?

    GroupMember.where(source: source.ancestors, user_id: user_id).order(:access_level).last
  end
end

#invite? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/member.rb', line 309

def invite?
  self.invite_token.present?
end

#invite_to_unknown_user? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/member.rb', line 403

def invite_to_unknown_user?
  invite? && user_id.nil?
end

#notifiable?(type, opts = {}) ⇒ Boolean

rubocop: disable CodeReuse/ServiceClass

Returns:

• (Boolean)

# File 'app/models/member.rb', line 386

def notifiable?(type, opts = {})
  # always notify when there isn't a user yet
  return true if user.blank?

  NotificationRecipients::BuildService.notifiable?(user, type, notifiable_options.merge(opts))
end

#notification_setting ⇒ Object

# File 'app/models/member.rb', line 381

def notification_setting
  @notification_setting ||= user&.notification_settings_for(source)
end

#pending? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/member.rb', line 317

def pending?
  invite? || request?
end

#real_source_type ⇒ Object

# File 'app/models/member.rb', line 301

def real_source_type
  source_type
end

#request? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/member.rb', line 313

def request?
  requested_at.present?
end

#resend_invite ⇒ Object

# File 'app/models/member.rb', line 365

def resend_invite
  return unless invite?

  generate_invite_token! unless @raw_invite_token

  send_invite
end