Class: Members::InvitedPrivateGroupAccessibilityAssigner

Inherits:

Object

Object
Members::InvitedPrivateGroupAccessibilityAssigner

show all

Includes:: Gitlab::Allowable, Gitlab::Utils::StrongMemoize

Defined in:: app/models/members/members/invited_private_group_accessibility_assigner.rb

Overview

We allow the current user to see the invited private group when the current user is a member of the shared group to allow better collaboration between the two groups even though the current user is not a member of the invited group. We don’t allow the current user to see the source of membership i.e. the group name, path, and other group info as it’s sensitive information if the current user is not an owner of the group or at least maintainer of the project. This class deals with setting is_source_accessible_to_current_user which is used to hide or show the source of memberships as per the above cases.

Instance Method Summary collapse

#execute ⇒ Object
#initialize(members, source:, current_user:) ⇒ InvitedPrivateGroupAccessibilityAssigner constructor

A new instance of InvitedPrivateGroupAccessibilityAssigner.

Methods included from Gitlab::Allowable

#can?, #can_all?, #can_any?

Constructor Details

#initialize(members, source:, current_user:) ⇒ `InvitedPrivateGroupAccessibilityAssigner`

Returns a new instance of InvitedPrivateGroupAccessibilityAssigner.

# File 'app/models/members/members/invited_private_group_accessibility_assigner.rb', line 14

def initialize(members, source:, current_user:)
  @members = if members.is_a?(ActiveRecord::Base)
               Array.wrap(members)
             else
               members.to_a
             end

  @source = source
  @current_user = current_user
end

Instance Method Details

#execute ⇒ `Object`

# File 'app/models/members/members/invited_private_group_accessibility_assigner.rb', line 25

def execute
  # We don't need to calculate the access level of the current user in the invited groups if:
  #
  # 1. The current user can admin members then the user should be able to see the source of all memberships
  #    to enable management of group/project memberships.
  # 2. There are no members invited from a private group.
  return if can_manage_group_link? || private_invited_group_members.nil?

  private_invited_group_members.each do |member|
    member.is_source_accessible_to_current_user = authorized_groups.include?(member.source)
  end
end