Module: HasUserType

Extended by:

ActiveSupport::Concern

Included in:

User

Defined in:

app/models/concerns/has_user_type.rb

Constant Summary

USER_TYPES =

{
  human: 0,
  support_bot: 1,
  alert_bot: 2,
  visual_review_bot: 3,
  service_user: 4,
  ghost: 5,
  project_bot: 6,
  # 7: Deprecated migration_bot type (removed)
  security_bot: 8,
  automation_bot: 9,
  security_policy_bot: 10,
  admin_bot: 11,
  service_account: 13,
  # 14: Deprecated llm_bot type (removed)
  placeholder: 15,
  duo_code_review_bot: 16,
  import_user: 17
}.with_indifferent_access.freeze

BOT_USER_TYPES =

%w[
  alert_bot
  project_bot
  support_bot
  visual_review_bot
  security_bot
  automation_bot
  security_policy_bot
  admin_bot
  service_account
  duo_code_review_bot
].freeze

NON_INTERNAL_USER_TYPES =

service_account allows instance/namespaces to configure a user for external integrations/automations service_user is an internal, gitlab-com-specific user type for integrations like suggested reviewers Changes to these types might have billing implications, docs.gitlab.com/ee/subscriptions/gitlab_com/#billable-users

%w[human project_bot service_user service_account].freeze

INTERNAL_USER_TYPES =

(USER_TYPES.keys - NON_INTERNAL_USER_TYPES).freeze

Instance Method Summary

• #bot? ⇒ Boolean
• #internal? ⇒ Boolean
• #redacted_name(viewing_user) ⇒ Object
• #resource_bot_owners_and_maintainers ⇒ Object
• #resource_bot_resource ⇒ Object

Instance Method Details

#bot? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/concerns/has_user_type.rb', line 67

def bot?
  BOT_USER_TYPES.include?(user_type)
end

#internal? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/concerns/has_user_type.rb', line 71

def internal?
  INTERNAL_USER_TYPES.include?(user_type)
end

#redacted_name(viewing_user) ⇒ Object

# File 'app/models/concerns/has_user_type.rb', line 75

def redacted_name(viewing_user)
  return self.name unless self.project_bot?

  cache_key = "redacted_name:#{self.class}:#{self.id}:#{viewing_user&.id}"

  Gitlab::SafeRequestStore.fetch(cache_key) do
    if (self.groups.any? && viewing_user&.can?(:read_group, self.groups.first)) ||
        viewing_user&.can?(:read_project, self.projects.first)
      self.name
    else
      # If the requester does not have permission to read the project bot name,
      # the API returns an arbitrary string. UI changes will be addressed in a follow up issue:
      # https://gitlab.com/gitlab-org/gitlab/-/issues/346058
      '****'
    end
  end
end

#resource_bot_owners_and_maintainers ⇒ Object

# File 'app/models/concerns/has_user_type.rb', line 99

def resource_bot_owners_and_maintainers
  return [] unless project_bot?

  resource = resource_bot_resource
  return [] unless resource

  return resource.owners_and_maintainers if resource.is_a?(Project)

  resource
    .owners
    .allow_cross_joins_across_databases(url: "https://gitlab.com/gitlab-org/gitlab/-/issues/436658")
end

#resource_bot_resource ⇒ Object

# File 'app/models/concerns/has_user_type.rb', line 93

def resource_bot_resource
  return unless project_bot?

  projects&.first || groups&.first
end